|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sat Apr 04, 2015 10:06 am Post subject: |
|
|
This
[findit+4]:
or other
[[[findit+xx]+xx]+xx]:
Doesn't work with CE version 6.4 and below. Wait for CE6.5 or download CE6.4+ (custom builds) or compile CE source yourself.
This bug is fixed in SVN.
EDIT:
Lua fix for you:
Code: | [ENABLE]
aobscan(findit,xx xx xx)
LuaCall( unregisterSymbol('BasePTR'); registerSymbol('BasePTR',string.format('%X',readQword("findit+4"))) )
[DISABLE]
unregistersymbol(BasePTR) |
_________________
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sat Apr 04, 2015 12:55 pm Post subject: |
|
|
Obviously you have to attach CE to game process first. And be sure your array of bytes are correct.
Then, just ignore that error. It only appears while editing script.
EDIT:
If you still want help. Post a screenshot of instructions from which you want to retrieve address.
_________________
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Sun Apr 12, 2015 4:56 pm Post subject: |
|
|
Because you didn't post any screenshot, I assume you found a place with RIP-relative addressing.
For example, you attached to 64bit target and found code which access basePtr:
Code: | mov eax,[800171C8] // it access basePtr
(bytes: 8B 05 xa xb xc xd)
mov [rbp-20],ecx // it is the next instruction |
And this opcode is coded with 6 bytes instead of 7 bytes or 11 bytes.
If you found RIP-relative addressing, retrieving basePtr becomes more complicated. We have to take dword and address of next instruction, and add them together:
An example:
aobscan(findit,8B 05 xa xb xc xd 89 4D E0 ....................)
our dword is at findit+2 and next instruction is at findit+6
Full script:
(I made few tests, it still needs more)
Code: | [ENABLE]
{$lua}
function RIPrelative(addr,i,j,symbol)
if addr==' 00000000' then return end
addr=tonumber(addr,16)
i=addr+tonumber(i,16); j=addr+tonumber(j,16)
local absoluteAddress = (readInteger(i)+j)
unregisterSymbol(symbol)
registerSymbol(symbol,absoluteAddress)
end
{$asm}
aobscan(findit,8B 05 x x x x 89 ....................)
LuaCall( RIPrelative('findit', '2', '6', 'ptr') )
[DISABLE]
unregistersymbol(ptr) |
_________________
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|