 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
stampy
How do I cheat?
![]() Reputation: 0
Joined: 04 Nov 2014
Posts: 2
|
 Posted: Tue Nov 04, 2014 8:29 pm Post subject: Creating a breakpoint when a register is a certain value |
 |
|
I'm trying to create a breakpoint when a register is changed to a certain value so that I can see what instruction changes it. Doing a trace freezes the game so I cannot cause the instruction to occur while a trace is running (although I may not be doing the trace correctly).
Background:
The game I'm modifying is pokemon leaf green on the vba emulator (using it to learn more about memory structures etc). I'm looking for the amount of money a player has in the game, but I believe it is encrypted somehow. There is a time however, where the value is stored in a 2 byte value, which is when a certain menu is brought up, although this is only for display. I found out what writes to this address, but from here I'm stuck, as the code looks like this:
| Code: |
00428E30 - 81 E5 FC7F0000 - and ebp,00007FFC
00428E36 - A1 548F5A00 - mov eax,[VisualBoyAdvance.CxImageJPG::`vftable'+18254]
00428E3B - 89 5C 05 00 - mov [ebp+eax+00],ebx
00428E3F - EB 0F - jmp 00428E50
00428E41 - 81 E5 FCFF0300 - and ebp,0003FFFC
00428E47 - A1 508F5A00 - mov eax,[VisualBoyAdvance.CxImageJPG::`vftable'+18250]
00428E4C - 89 5C 05 00 - mov [ebp+eax+00],ebx
00428E50 - 83 C4 0C - add esp,0C
00428E53 - 5B - pop ebx
00428E54 - 5D - pop ebp
|
This function is entered through address 00428E30 and the instruction that modifies the display value for money is mov [ebp+eax+00],ebx but the function just jumps over this part and I cant find another entry that points to it. The previous ebp kinda obfuscated through the and operation so I cant figure out how to use that. So basically what I'm trying to find is where ebx is set to the value that is moved into the display.
Sorry for the long spiel.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25806
Location: The netherlands
|
| Posted: Tue Nov 04, 2014 9:03 pm Post subject: |
|
|
After setting a breakpoint (any breakpoint, including find what writes and break/trace) you can set a break condition. usually by rightclicking the instruction, else in view->breakpoint list and rightclick it there
In there fill in a lua syntax condition that will determine if it should break or not.
e.g: (EBX+EAX+0)==0xaddress
Anyhow, before you continue I recommend giving up if this is meant to learn how to reverse a game.
The reason for that is that you aren't debugging the game, but the emulator. It's like debugging the windows kernel when you're trying to find what writes health the first step of the cheat engine tutorial
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
stampy
How do I cheat?
![]() Reputation: 0
Joined: 04 Nov 2014
Posts: 2
|
| Posted: Tue Nov 04, 2014 9:13 pm Post subject: |
|
|
Thanks for the advice and quick reply!
I'm not sure if I understand you correctly, but I'm trying to put a break at an unknown instruction. Basically a global break condition. I'm reading your reply as placing the break condition in the instructions that write to the display value, not read the true value.
I might move on to something a bit simpler regardless.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
