| View previous topic :: View next topic |
| Author |
Message |
SwaggaJackin'
Master Cheater
 Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
 Posted: Sat Feb 25, 2012 11:42 am Post subject: Break and trace |
 |
|
I'm trying to figure out what causes a subtraction of health, so I'm setting a breakpoint when the game recognizes when the button is pressed.
I want to set a breakpoint there, and trace until it reaches the instruction that subtracts the health....how do I set this condition in the break and trace?
Or should I be using a better functionality of cheat engine to find this?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 473
Joined: 09 May 2003
Posts: 25911
Location: The netherlands
|
| Posted: Sat Feb 25, 2012 1:09 pm Post subject: |
|
|
Do a break and trace at the buttonpress code, and set as stop condition where (EIP == addressthatdecreaseshealth) and set the count really high.
or instead of EIP==addressthatdecreaseshealth you could try (readInteger(addressofhealth) ~= 100) if health was 100 (slower as every instruction requires a memoryread call)
As for an alternate method, the question should be: Why do you think break and trace will accomplish what you want to do? What are you trying to do in the first place?
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
SwaggaJackin'
Master Cheater
Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
| Posted: Sat Feb 25, 2012 2:08 pm Post subject: |
|
|
I'm trying to determine what causes hit collision. My usual method of doing this is performing the action that doesn't hit an enemy and recording it through a trace and doing the same action again this time hitting an enemy and then comparing the two trace logs to see when it jumped to the enemies health and it decreased.
That's really all I'm trying to accomplish, set the EIP to the address of the health subtraction and the count to 999,999 and the game never reached the instruction, let alone advanced a frame v_v. From button press to the life being drained should roughly be about 5-6 frames.
Any suggestions?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 473
Joined: 09 May 2003
Posts: 25911
Location: The netherlands
|
| Posted: Sat Feb 25, 2012 2:21 pm Post subject: |
|
|
you could try checking the stack to see the rough path taken when losing health
Alternatively, try the beta of 6.2 and ultimap if your system supports it.
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
abystus
Expert Cheater
 Reputation: 1
Joined: 09 Dec 2010
Posts: 140
|
| Posted: Sun Feb 26, 2012 2:44 am Post subject: |
|
|
The best way I've found with the current implementation is to set a break on the subtraction of health, then to step until you hit a ret (bringing you back to the calling procedure (JMP checks may be above the call). Additionally you can play with the JMPs above the subtraction (within the called procedure) to see if the checks are being performed there.
The normal type of "trace" we are both familiar with is not really possible on pc due to it drastically slowing down the system when recording the trace. Hopefully this method is beneficial to you (this is how I was able to find my "Hit Anywhere" type code for Plants vs Zombies).
|
|
| Back to top |
|
|
SwaggaJackin'
Master Cheater
Reputation: 2
Joined: 06 Nov 2009
Posts: 312
|
| Posted: Sun Feb 26, 2012 6:07 am Post subject: |
|
|
| Abystus wrote: | The best way I've found with the current implementation is to set a break on the subtraction of health, then to step until you hit a ret (bringing you back to the calling procedure (JMP checks may be above the call). Additionally you can play with the JMPs above the subtraction (within the called procedure) to see if the checks are being performed there.
The normal type of "trace" we are both familiar with is not really possible on pc due to it drastically slowing down the system when recording the trace. Hopefully this method is beneficial to you (this is how I was able to find my "Hit Anywhere" type code for Plants vs Zombies). |
Ya this is exactly what I've been doing but it is quite a pain to trace because the "if hit" check seems to occur far before the health is subtracted and I've been using IDA to help go as far back as I can, noping or removing jumps to determine if that changes anything when they should be hit, quite tedious.
It'd be great to be able to trace and only select registers you want to log to speed up the trace, because in reality I only need to see one register or flag at a time and if I need to see another I could just retrace and select that register/flag.
I'd Also like to be able to trace straight to a log file rather than look at a tree view, as I'm sure the tree view causes quite a bit of slowdown being populated, especially during long traces.
BTW, Ultimap blue screens for me. Using an I5 2500K, win x64, 16GB ram with DBVM enabled (DBVM works fine).
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 473
Joined: 09 May 2003
Posts: 25911
Location: The netherlands
|
| Posted: Tue Feb 28, 2012 7:16 am Post subject: |
|
|
Could you configure your windows version so it generates at least a kerneldump on bsod and send that memory.dmp file to me?
Also, does it crash when you press start, or when you use one of the filter options?
And where you using the kernelmode debugger at the same time?
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
