| View previous topic :: View next topic |
| Author |
Message |
Astaroth4256
Advanced Cheater
![]() Reputation: 0
Joined: 25 May 2014
Posts: 59
|
 Posted: Thu Jul 07, 2016 8:35 am Post subject: Can't understand this opcode |
 |
|
My experience with disassembler is still quite low and I met this obstacle which I can't understand.
I found a pointer to the address of the selected entity in game, I'll call it 17600CE4. It is the only address that changes if I change my target in game (and it's the correct one - always points to the right stuff). Now I want to set the target to something else so I change the value of 17600CE4 to an address of another entity in game, but as soon as the value is changed an opcode is called and the address is set back to whatever it was before and the target changes for a fraction of a second.
| Code: |
006CB9E3 - 83 A7 10020000 00 - and dword ptr [edi+00000210],00
006CB9EA - 83 A7 14020000 00 - and dword ptr [edi+00000214],00
006CB9F1 - 89 9F 34020000 - mov [edi+00000234],ebx <<
006CB9F7 - E9 181FDEFF - jmp "-.pthread_mutex_init"+74BE4
006CB9FC - E8 3FB3E1FF - call "-.pthread_mutex_lock"+224F0
EAX=00000000
EBX=17AB9588
ECX=0018E570
EDX=0018E4EC
ESI=00000003
EDI=17600AB0
ESP=0018E520
EBP=0018E57C
EIP=006CB9F7
|
This opcode is the only one that writes to my 17600CE4 and it is called if I change target in game or try to change 17600CE4's value in cheat engine.
I tried looking for a different address that would point to my target but 17600CE4 is the only one that changes when I change my target so I guess this is the only way.
edi+00000210 is a pointer to apparently nothing related to this issue and edi+00000214 is always zero. edi+00000234 is what I'm trying to change.
EBX is address of the targeted entity.
So my question is how do I find where ebx comes from, or is there a different way of changing my target in game?
Edit:
Replaced the game's name with - in the opcode. My bad |
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4722
|
| Posted: Thu Jul 07, 2016 9:39 am Post subject: |
|
|
| Astaroth4256 wrote: | | how do I find where ebx comes from |
Scroll up. If you get past the start of a subroutine, break and trace the instruction mov [edi+00000234],ebx, step over all other calls to get to the caller, and break and trace it into the subroutine that instruction is a part of.
| Astaroth4256 wrote: | | is there a different way of changing my target in game |
Memory Viewer -> Tools -> Auto Assemble; Template -> AoB injection. Change EBX to whatever you want before you execute that instruction. This is safe assuming that instruction doesn't access multiple addresses (right click in disassembler -> "Find out what addresses this instruction accesses").
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Astaroth4256
Advanced Cheater
![]() Reputation: 0
Joined: 25 May 2014
Posts: 59
|
| Posted: Tue Jul 12, 2016 5:15 pm Post subject: |
|
|
So I dug through the assembly code related to the address I found, learned some assembler and looked up some "tutorials" and I realized that a better way to do this would be telling the game that I have clicked this entity and so it should be set as my target, but I couldn't find anything that would teach me how to call the "I clicked this entity" function so now I'm quite stuck here at this point.
I can do the dll injection part, I can (probably) find the "I clicked this entity" function after hours of digging, but how would I call it with specified parameters? Please don't go too rough on me, I'm still just a noob trying to learn. |
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4722
|
| Posted: Tue Jul 12, 2016 5:25 pm Post subject: |
|
|
Look up "Ultimap". There are several YouTube tutorials on it that also show how to call functions.
Note that selecting a unit could be as simple as changing some value within the structure of the unit. There might be an array of pointers to selected units somewhere. Try individually selecting units and doing changed/unchanged value scans (4-byte).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Tue Jul 12, 2016 5:34 pm Post subject: |
|
|
You already found the "I clicked this entity" function, now you just need to read it and understand where it sets ebx so that you can make the necessary changes.
Do the first step of what Parkour told you, essentially, you found the address that shows you your target, but not the address that sets your target, something is retaining the original target and replacing, you just need to find where that is and its related to what populates ebx. |
|
| Back to top |
|
|
Astaroth4256
Advanced Cheater
![]() Reputation: 0
Joined: 25 May 2014
Posts: 59
|
| Posted: Tue Jul 12, 2016 5:58 pm Post subject: |
|
|
| ParkourPenguin wrote: | Look up "Ultimap". There are several YouTube tutorials on it that also show how to call functions.
Note that selecting a unit could be as simple as changing some value within the structure of the unit. There might be an array of pointers to selected units somewhere. Try individually selecting units and doing changed/unchanged value scans (4-byte). |
Yeah I feel stupid for the other post. I did a changed/unchanged scan before but I didn't get anything, now I gave it another try and I got a static address which seems to be doing what I'm looking for. Don't know how I could have missed it but I'm still going to have to learn how to use some ingame functions some years in the future. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
