 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
starterkit
How do I cheat?
![]() Reputation: 0
Joined: 18 Sep 2013
Posts: 6
|
 Posted: Wed Sep 18, 2013 6:36 pm Post subject: Is this pointing at itself? |
 |
|
I search for my current gold and get one result: 18B0EC7C
I add it to the table, right click it, select 'find what writes to this address' and spend some gold.
The opcodes box has a single set of instructions:
00405996 - 89 13 - mov [ebx],edx
EAX=00000001
EBX=18B0EC7C
ECX=18B0EC6C
EDX=00000FB3
ESI=0D98B92C
EDI=00000004
ESP=0012D830
EBP=0012D880
EIP=00405998
Click the more info tab and I get:
00405994 - mov edx,[esi]
>>00405996 - mov [ebx],edx
0040998 - mov edx,[esi+04]
004099b - mov [ebx+04],edx
copy memory
The value of the pointer needed to find this address is probably 18B0EC7C
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25804
Location: The netherlands
|
| Posted: Wed Sep 18, 2013 6:44 pm Post subject: |
|
|
This is normal, the value between brackets should be the address you used "find what accesses/writes" on
also,
can also be read as:
| Code: |
mov [ebx+00000000000000], edx
|
So, scan for an address that holds the 4 byte value 18B0EC7C
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
starterkit
How do I cheat?
![]() Reputation: 0
Joined: 18 Sep 2013
Posts: 6
|
| Posted: Wed Sep 18, 2013 11:46 pm Post subject: |
|
|
I got zero results for 18B0EC7C.
I restarted and tried from the beginning again and got zilch again. Then I reset everything and tried again and got nothing again. So, I tried again using 'find what accesses this address' instead of writes to and I got two opcodes instead of one. Both of which said I was looking for 184C0FB8 which returned zero results.
A pointer scan of 184C0FB8 using the default settings returned 180218157 results. I reset the game, re-found my gold, and rescanned the pointer scan results for the new address. Zero pointers.
Having bashed my head against the same wall for a while now I decided to try looking for a different value:
| Code: |
The following opcodes accessed 0CF51E70
00405994 - 8B 16 - mov edx,[esi]
0040598D - 8B 03 - mov eax,[ebx]
0040598F - E8 FCEAFFFF - call APP._GetExceptDLLinfo+3437
00405994 - 8B 16 - mov edx,[esi] <<
00405996 - 89 13 - mov [ebx],edx
00405998 - 8B 56 04 - mov edx,[esi+04]
EAX=00000001
EBX=151805E0
ECX=0012D3F4
EDX=00000061
ESI=0CF51E70
EDI=00000004
ESP=0012D384
EBP=0012D3DC
EIP=00405996
|
A hex search for 0CF51E70 returns nothing.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25804
Location: The netherlands
|
| Posted: Thu Sep 19, 2013 3:59 am Post subject: |
|
|
Look in the disassembler around there. Perhaps you can find out how esi gets it's value (eg perhaps an earlier LEA, or MOV ollowed by ADD)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
starterkit
How do I cheat?
![]() Reputation: 0
Joined: 18 Sep 2013
Posts: 6
|
| Posted: Thu Sep 19, 2013 7:10 pm Post subject: |
|
|
I couldn't find any leas or movs followed by adds.
Looking around in the disassembler my desired value is always stored as:
| Code: |
[04 00 00 00 ?? ?? ?? ??]
[?? ?? ?? ?? ?? ?? ?? ??]
[03 00 00 00 00 00 00 00]
[XX XX XX XX XX XX XX XX]
[04 00 00 00 00 00 00 00]
|
Where the Xs represent the value I want and the question marks represent random gibberish that doesn't point to anything, returns no results when searched for as an address, and makes nonsense in the disassembler like:
| Code: |
lock pushfd
cmp cl,[esp+ecx]
fcom qword ptr [ebp+5AB8F317]
and [eax],al
|
Also I found a second set of values that are always equal to whatever my desired value was or should have been previously. For example if I freeze my health at 100 and take 10 damage this second value will still be 100 until I do anything. Then it will be 90 until I do something again at which point it becomes 100.
I get a different set of opcodes from it that look a little broken but have a lea:
| Code: |
00564333 - 66 89 07 - mov [edi],ax
0056432B - F7 C2 FCFFFFFF - test edx,FFFFFFFC
00564331 - 74 5D - je APP._GetExceptDLLinfo+163337
00564333 - 66 89 07 - mov [edi],ax <<
00564336 - 8D 4C 17 FC - lea ecx,[edi+edx-04]
0056433A - 66 89 47 02 - mov [edi+02],ax
EAX=00000000
EBX=2E22E4F0
ECX=00000000
EDX=0000000C
ESI=2E22E4E0
EDI=2E22E4F0
ESP=0012DA64
EBP=0012DA68
EIP=00564336
|
| Code: |
00564345 - 89 07 - mov [edi],eax
00564340 - C1 EA 03 - shr edx,03
00564343 - 74 43 - je APP._GetExceptDLLinfo+16332F
00564345 - 89 07 - mov [edi],eax <<
00564347 - 89 47 04 - mov [edi+04],eax
0056434A - 4A - dec edx
EAX=00000000
EBX=2E22E4F0
ECX=2E22E4F8
EDX=00000001
ESI=2E22E4E0
EDI=2E22E4F0
ESP=0012DA64
EBP=0012DA68
EIP=00564347
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
