| View previous topic :: View next topic |
| Author |
Message |
The0neThe0nly
Expert Cheater
 Reputation: 0
Joined: 08 Dec 2009
Posts: 119
Location: In a box
|
 Posted: Fri Jun 13, 2014 11:55 pm Post subject: Help using "Open File" in Cheat Engine |
 |
|
So, as the title suggests, I am using the "Open File" button in Cheat Engine to edit memory in a dll that my game uses. I am navigating to a specific function and I am replacing part of the code with a jump to a code cave within the dll. In the code cave, I am writing my own assembly code. At first, this was all working fine. But, I decided I wanted to add another portion of code that accessed an address in the main game. The game's addresses change every time the game is restarted, so I couldn't use a static address. Then, I decided to try and find out when a certain thread passed my function and had an address that is in the main game module (Look at the snippet below).
| Code: | cmp [ebx],74736E49
jne originalcode
mov byte ptr [ebx+0024E4C9],0C |
However, when I try doing this I get access violations because sometimes the code I am accessing is unmapped. So, ruling out that method, how should I reach this address in the main game module from a dll using open file?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25864
Location: The netherlands
|
| Posted: Sat Jun 14, 2014 4:06 am Post subject: |
|
|
A trick to get the current eip:
After this eax contains the address of pop eax
You can use that in further calculations (e.g. subtract the address of pop eax in the file from it and you have the difference which you can add to all file address specific accesses)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
The0neThe0nly
Expert Cheater
Reputation: 0
Joined: 08 Dec 2009
Posts: 119
Location: In a box
|
| Posted: Sat Jun 14, 2014 4:02 pm Post subject: |
|
|
| Dark Byte wrote: | A trick to get the current eip:
After this eax contains the address of pop eax
You can use that in further calculations (e.g. subtract the address of pop eax in the file from it and you have the difference which you can add to all file address specific accesses) |
I've tried something like this, but the game's addresses change every time it starts so I cannot subtract eax by a certain amount and get the same result each time.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25864
Location: The netherlands
|
| Posted: Sat Jun 14, 2014 4:51 pm Post subject: |
|
|
That's the thing. Because the address changes the result of the calculation changes.
That result can be used to calculate the correct address
Example:
File location of pop ebx=10000
File location of the address you wish is at 20456
First run pop ebx is at 2010000
2010000-10000=2000000
The address is at 2020456
Second run po ebx is at 3010000
3010000-10000=3000000
The address is at 3020456
This won't work if the address you're interested in is in an external module
In that case hope the dll exports an api you could use like getModuleHandle or loadlibrary, or if it contains a pointer to that module somewhere
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
The0neThe0nly
Expert Cheater
Reputation: 0
Joined: 08 Dec 2009
Posts: 119
Location: In a box
|
| Posted: Sat Jun 14, 2014 6:43 pm Post subject: |
|
|
| Dark Byte wrote: | That's the thing. Because the address changes the result of the calculation changes.
That result can be used to calculate the correct address
Example:
File location of pop ebx=10000
File location of the address you wish is at 20456
First run pop ebx is at 2010000
2010000-10000=2000000
The address is at 2020456
Second run po ebx is at 3010000
3010000-10000=3000000
The address is at 3020456
This won't work if the address you're interested in is in an external module
In that case hope the dll exports an api you could use like getModuleHandle or loadlibrary, or if it contains a pointer to that module somewhere |
But I'm trying to access a game's address, which changes every time. The game's address is not in the file I'm editing. For example:
First run:
game.exe = 20000000
address I'm trying to access: game.exe+F80
dllimediting.dll = 30000000
dllimediting.dll-10000000+F80 = address I'm trying to access
Second run:
game.exe = 10000000
address I'm trying to access: game.exe+F80
dllimediting.dll = 30000000
Using the same method as above, it would return:
dllimediting.dll-10000000+F80 = not the address I'm trying to access (20000F80).
So how would I access game.exe+F80 if I can't access it in open file and I can't predict what to subtract?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25864
Location: The netherlands
|
| Posted: Sat Jun 14, 2014 7:50 pm Post subject: |
|
|
Check the dll import table for an api you can use. E.g. getModuleHandle or loadlibrary, andt then call them to find the base of the module you're interested in
Perhaps the dll gets an address to the game's module which you can use
Otherwise you're out of luck
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
