Cheat Engine

[justa_dude]

Hello again folks,

I feel like I'm making good progress in learning to use the Cheat Engine - thanks to everyone for the help along the way.

In a game I'm working on, I've located the one-byte variable that holds the number of projectiles the player has with 100% certainty. There appear to be only two places in the entire game that modify this variable - one when an item is expended and one when it is replenished. Unfortunately, attempting to make any changes to the code that modifies these values crashes the game instantly and silently. What could be causing this?

For what it's worth, the code in question looks like this:
subtracting - 31 77 04 - xor [edi+04],esi
adding - 89 56 04 - mov [esi+04],edx

I can't nop the code (three bytes per line), and I can't even replace it with identical code.

The game in question is running upwards of a dozen threads, and some of them are accessing this same variable (if not the same code) pretty much constantly. Is this a factor?

Also, the majority of the other interesting values I've found for the game are manipulated by code in other modules (whose names, tbh, I don't recognize). These bits come from the main program's executable. Is it possible that the main executable is protected by some sort of constantly running checksum or something that would prevent me from morphing its code? The game is the same one that CE couldn't open for me prior to 5.6.1 - is there a connection? I'm really stumped!

Thanks in advance,
adude

edit - postscript
ps: although I have located the value, I can't change or freeze it directly. Doing so properly updates the display and modifies how many I can purchase/etc, but somehow the value I'm setting and the one in the game eventually go out of sync or something and the game crashes. I.e., if I can carry a max of five projectiles and I currently have one, but use CE to set the value to five: the game shows me carrying five projectiles, I can't buy any more because I'm at max, the first two I throw seem to work properly but the game crashes when I attempt to throw the third (the first one I acquired by cheating).

Not sure if this added info is relevant, but there it is.

[XaLeX]

About the opcodes, if it crashes even if you replace the code with IDENTICAL data, it's not the data itself that alerts the game, but the actions CE performs to change it, i suppose. try playing around with the options of ce like "try to prevent detection of the debugger", even if i'm not sure how it exactly works.

[Dark Byte]

is your identical code really identical ?
e.g same bytes ?

anyhow, it could be a integrity check, add the address of the code to the addresslist and then use find out what accesses that address
if after a few minutes the list has an entry, it has an integrity check
If not, it's something else (e.g crashing the game since the instruction wasn't really the same one, or you added some extra code and didn't save the eflag register)

[justa_dude]

@XaLeX: That sounds like a good thing to try, thanks! I'll check those options out.

@DarkByte: What a great way to check for an integrity check! I must admit that the thought never crossed my mind. I gave it a try and for the line that reduces the projectile count, at least, there do not seem to be any unexpected accesses.

After playing around a bit more, I see that I did not in fact attempt to replace it with identical code. Doing so does not, in fact, cause a crash - my bad. Jumping to a code cave that executes the same code does crash. I'm pretty sure that the default code the injection template produces is sound, yet injecting it causes an instant crash. Replacing the code with NOPs, regardless of how I try to put them there, also causes a crash.

Is there any way to get CE to describe how the process it is debugging exits? It didn't occur to me until I wrote some sloppy assembly that overflowed the stack that CE is trapping the normal OS error messages for overflow errors, gpfs, etc. A program that silently and instantly crashes is tough to troubleshoot.

Thanks,
adude