Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to note down addresses from Memory Viewer.

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
iNoob435
Newbie cheater
Reputation: 0

Joined: 16 Jun 2018
Posts: 17

PostPosted: Tue Jun 19, 2018 6:35 pm    Post subject: How to note down addresses from Memory Viewer. Reply with quote

So I wanted to make a norecoil hack and because of some address I came to hover over the Memory Viewer. So when I shoot there are a few values that are increasing when I toggle norecoil in-game(It's a mod for a private match) and those stay 00 That further assures me that those are the values. However I want to use them in a C++ program and I don't know how to. Are those offsets
or what because I'm confused as I'm new to this.

I've posted a screenshot with those values highlighted. Thanks for replying Smile



Cheat Engine.png
 Description:
 Filesize:  109 KB
 Viewed:  4808 Time(s)

Cheat Engine.png


Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Wed Jun 20, 2018 10:25 am    Post subject: Reply with quote

The addresses on the left are for the first byte in the row, then the bytes at the top are the last bytes of the address (for the first row, the last digit will be the same for all rows), so the blue selected 0 is 007F10D8 +4 (because it's the fifth byte in the row) = 007F10DC and the yellow highlighted bytes are at 7F108D-8F. The yellow separators appear every 8 bytes.

You'll probably want to convert those addresses to module+offset and the simplest way to do that is probably to go to them in the hex editor and look Very Happy (otherwise you can use lua's getNameFromAddress, or possibly by adding them to the address list from the hex viewer.... not certain about that one though)

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
iNoob435
Newbie cheater
Reputation: 0

Joined: 16 Jun 2018
Posts: 17

PostPosted: Wed Jun 20, 2018 12:19 pm    Post subject: Reply with quote

Again thanks for the help Smile

I clicked the blue value by mistake but I get what you mean.

Edit: Although I couldn't make it work though Sad
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Wed Jun 20, 2018 12:54 pm    Post subject: Reply with quote

FreeER wrote:
You'll probably want to convert those addresses to module+offset and the simplest way to do that is probably to go to them in the hex editor and look
meant to say disassembler there not hex editor in case it confuses someone, oops.

"I couldn't make it work though" isn't really enough information to figure out why it didn't work so... ¯\_(ツ)_/¯

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
iNoob435
Newbie cheater
Reputation: 0

Joined: 16 Jun 2018
Posts: 17

PostPosted: Wed Jun 20, 2018 2:12 pm    Post subject: Reply with quote

If you can help me with it I'd explain Razz. Earlier by that I meant that I found the address and stuff but the address didn't have the same function so I couldn't make norecoil.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Wed Jun 20, 2018 2:30 pm    Post subject: Reply with quote

Hey can you help me?


Right now you're probably wondering with what, maybe you're even thinking about what exactly it could be and whether you could help... but the only reasonable answer is: I don't know if I can help you because you have not explained what you need help with.

Similarly, I don't know if I can help you because I don't know what exactly you need help with. If you do not know how to program in C++
at all then no, not really, go learn C++ with tutorials or courses etc. If you have a syntax error yes, though I really shouldn't have to if you went and learned C++. If you have any other error, ¯\_(ツ)_/¯ if you are using some third party library that I do not know and it does not have documentation then maybe not, if you have some silly mistake buried in 2000 lines of code I probably could but probably would not take the time to do so, if you do not know how to find the base of a module, go watch some tutorials on youtube they cover it (eg search for "C++ pattern scanning game trainer").

I don't make trainers even in CE let alone C++ so I don't know all the details very well, but I have done a couple basic ones (both RPM/WPM + dll) so I know the general idea.

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
iNoob435
Newbie cheater
Reputation: 0

Joined: 16 Jun 2018
Posts: 17

PostPosted: Wed Jun 20, 2018 3:19 pm    Post subject: Reply with quote

Hehe.

I get what you mean. But my problem is not with C++. I have trouble finding the specific addresses that I need. It's been like only a couple of days with me trynna scan memory addresses so I have a lot of trouble you may say. The previous two questions I asked, I solved em and well, I was able to make a triggerbot and a Infinite UAV hack. However with the norecoil one, I'm completely confused. On the memory viewer I get the 007F108D-F changing the values that associates it with the recoil. However some other address is writing the values on it because changing those values don't work and are simply replaced with a similar value after being changed. So I right click these addresses and there are a few addresses writing to it. But they keep writing constantly like they don't start when I shoot in-game or something. There are three similar addresses that are writing constantly. Whenever I change their opcode to nop the game completely crashes altogether. I'm not sure what address do I change and which one is the recoil one. I've like wasted hours on it but I don't find anything Sad. When I add the values that writing to my program they again have some random values that don't change and nothing reading/writing to them.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Wed Jun 20, 2018 5:30 pm    Post subject: Reply with quote

if it's a fstp instruction that's writing to it try changing it to fstp st(0) instead of nopping it.

Otherwise they're probably shared instructions, try finding where it's called for the value you care about by setting a breakpoint and opening the breakpoint window and right clicking the breakpoint and set a condition to check for the reg+offset equaling the address of the value you found (it's in lua so remember to prefix numbers with 0x for hex), then let the game hit the breakpoint, remove the breakpoint, and then use the "execute til return" or whatever it's called shortcut shift+F8 iirc. Look 1 instruction up and you should see a call, try skipping over that entire call somehow (nop the pushs, call, pops, change a conditional jmp nearby etc.) and see what happens.

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
iNoob435
Newbie cheater
Reputation: 0

Joined: 16 Jun 2018
Posts: 17

PostPosted: Thu Jun 21, 2018 6:44 am    Post subject: Reply with quote

This is what the 3 addresses writing to it look like.

Edit: I figured out that the third one is related to crouching/prone stuff. So you may ignore it.

Edit 2: Okay. So I used the calculator and found out that the second address referred to 007F108C, which didn't change in the Memory Viewer. Although once I added it as a address it's value was zero while not shooting and increased when the gun recoils. So it maybe the most accurate of them all. However once right-click and find what it writes to, it writes to 007F108C again so I don't understand that part Sad.



Cheat Engine.png
 Description:
 Filesize:  39.1 KB
 Viewed:  4662 Time(s)

Cheat Engine.png


Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Thu Jun 21, 2018 12:09 pm    Post subject: Reply with quote

007F108C is 1 byte before 007F108D and since most 4 byte values are going to start at some multiple of 4 (0, 4, 8, C, 10 etc.) and the middle instruction is clearly writing a "dword" aka a 4 byte value, it makes perfect sense.

And yes, it's a fstp aka "Float STore and Pop" and if you simply nop it then it no longer pops the value from the FPU stack which is likely to cause a crash just like not popping values from the CPU/thread stack. Based on how it's accessing the address it's also possibly also a shared instruction that affects dozens-hundreds-thousands of other addresses and not changing those could crash the game.

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
iNoob435
Newbie cheater
Reputation: 0

Joined: 16 Jun 2018
Posts: 17

PostPosted: Thu Jun 21, 2018 1:26 pm    Post subject: Reply with quote

Alright thanks. I maybe a bit irritating but on 007F108C the first two opcodes along with addresses mentioned are writing to it. The third one is not there are all. But what confuses me is that there again is fstp dword ptr [edi+esi*4+00000108] opcode is there. So when I calculate this it again refers to 007F108C so how do I get to the right address and which code do I change and change it to what Sad.
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Thu Jun 21, 2018 2:34 pm    Post subject: Reply with quote

Well if you're just going to overwrite the bytes with 0 repeatedly then use 007F108C and overwrite 5 bytes ¯\_(ツ)_/¯

If you're going to hook the code then hook one if it works you're done, if not try the other, if that doesn't work then hook both ¯\_(ツ)_/¯

The only "right" address is the one that works, don't complicate it more than that Very Happy

but yeah, it's odd that the third instruction would be reading at ...D as a 4 byte value not ...C

_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
iNoob435
Newbie cheater
Reputation: 0

Joined: 16 Jun 2018
Posts: 17

PostPosted: Fri Jun 22, 2018 3:10 am    Post subject: Reply with quote

Hehe.

I just now think that the recoil is being sent from the server and there maybe no way to counter it other than getting the values from 007F108C and adding opposite value by emulating the recoil into where the player is looking which may be nearly impossible.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites