 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
eTo
Newbie cheater
![]() Reputation: 0
Joined: 23 Sep 2011
Posts: 10
|
 Posted: Thu Aug 08, 2013 8:56 pm Post subject: Strange memory address while while debugging? |
 |
|
I'm trying to figure out one curious opcode and how to handle him.
While i was checking what writes to health address i got result as:
| Code: | | mov [esi+Avernum.exe+995598],ax |
esi=00000000(at least for player, didn't check for enemies yet)
Now this code decreases health of character and enemies, so i tried to use data structures to look around there... but when i try to use "Avernum.exe+995598" in data disection offset 0000 is detected as pointer... but i know that this is solid health address and it has 2 byte value. Giving direct(? i mean D95598) gives same result, stile cant see value in data disection that i know is there, so i cant really look around to find way to distinguish between player and enemy. Only thin i can think of, is comparing "esi+Avernum.exe+995598" which should equal to D95598 address that i see in addresses, but something is not right:
| Code: | newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp esi+Avernum.exe+995598,D95598
jne originalcode
mov ax,[esi+Avernum.exe+995598]
mov [esi+Avernum.exe+995598],ax
jmp exit
originalcode:
mov [esi+Avernum.exe+995598],ax
jmp exit
exit:
jmp returnhere
"Avernum.exe"+5231C:
jmp newmem
nop
nop
returnhere: |
this results in error that line with cmp can't not be compiled.
So now i have few questions about this issue.
How to handle such events?
Is there way to automatically (can script find it) get actual address that is represented by esi+Avernum.exe+995598 that can be used as comparision to constant address of health? (D95598 was green as i found it)
Is it possible for health address to change? I imagine it would if 'Avernum.exe" would change value...
Is there way to get data structures to work properly?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25832
Location: The netherlands
|
| Posted: Fri Aug 09, 2013 2:38 am Post subject: |
|
|
You can also just freeze d95598 since it looks like health is in a static address
Anyhow, Avernum.exe+995598 is the same as d95598
Esi+ Avernum.exe+995598=esi+d95598
So, in your code you only need to check if esi is 0 or not
Also, the script you posted, even if it worked, wouldn't do anything
If you let data dissect guess the value types for you it will sometimes get it wrong, since it's just guessing. Especially since it will never recognize 2 byte types. Just set the type yourself to a 2 byte value
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
eTo
Newbie cheater
![]() Reputation: 0
Joined: 23 Sep 2011
Posts: 10
|
| Posted: Fri Aug 09, 2013 6:46 am Post subject: |
|
|
Yep, freezing would be easy, but since scripts>freezing values i try to makes them just to get more experience, since i'm not best at writing assembler code/using CE.
Thx for help, now i have better idea how to treat "*.exe+offset" bits and have code that works 
| Code: |
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp esi,00000000
je god
//originalcode:
mov [esi+Avernum.exe+995598],ax
jmp exit
god:
mov ax,[esi+Avernum.exe+995598]
mov [esi+Avernum.exe+995598],ax
jmp exit
exit:
jmp returnhere |
I know, i should take max hp value which is at Avernum.exe+995596, but that still works somehow as godmode.
Them i guess i need to try dissect that data by hand, since if hp and max hp uses 2 byte type, then more data might use them... but at least most (i think) of character data is 636 bytes.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Aug 09, 2013 3:27 pm Post subject: |
|
|
doing this
mov ax,[esi+Avernum.exe+995598]
and then this
mov [esi+Avernum.exe+995598],ax
Doesn't change health value. You can just ignore those two
| Code: | newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp esi,00000000
je god
originalcode:
mov [esi+Avernum.exe+995598],ax
jmp exit
god:
// mov ax,[esi+Avernum.exe+995598]
// mov [esi+Avernum.exe+995598],ax
jmp exit
exit:
jmp returnhere |
To simplify it more
| Code: | newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp esi,00000000
jne originalcode
jmp returnhere
originalcode:
mov [esi+Avernum.exe+995598],ax
jmp returnhere |
Or, you can use this:
| Code: | newmem: //this is allocated memory, you have read,write,execute access
//place your code here
cmp esi,00000000
je god
originalcode:
mov [esi+Avernum.exe+995598],ax
jmp returnhere
god:
mov ax,[esi+Avernum.exe+995596] // get max hp
mov [esi+Avernum.exe+995598],ax // set current hp to max hp
jmp returnhere
|
_________________
|
|
| Back to top |
|
|
eTo
Newbie cheater
![]() Reputation: 0
Joined: 23 Sep 2011
Posts: 10
|
| Posted: Fri Aug 09, 2013 10:05 pm Post subject: |
|
|
Good to know that those two lines didn't do anything, thx for clearing that up with simpler solution 
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
