| View previous topic :: View next topic |
| Author |
Message |
super bird
How do I cheat?
![]() Reputation: 0
Joined: 01 Mar 2016
Posts: 4
|
 Posted: Fri Feb 22, 2019 2:12 pm Post subject: Dissect data /structures problem |
 |
|
Hey fellas
i am still new to assemble language and cheating with CE
i don't even have the basic of c++ and not a native english speaker
i have done several simple cheat tables in some indie games (like infinite health,ammo, etc )
but now i am looking forward to some more advanced CT
i tried to dissect some games data by using the same base address and find what is in the close proximity to the pointer that i target
this method worked for a game because the pointer was only shorter than 4 bytes
but when i tried today on a game "farmfrenzy" to find what instruction writes to the address of the coins i found this "ecx+000F43FC"
when i tried to dissect the base address i didn't find that offset
and what i see is all the offsets are no longer than 4 bytes
can you explain why i don't see the offset ?
and what should i do
and what the difference between dissecting the base address and dissecting the address where i found the value in ?
| Description: |
|
| Filesize: |
358.99 KB |
| Viewed: |
3838 Time(s) |
|
|
|
| Back to top |
|
 |
TheyCallMeTim13
Wiki Contributor
 Reputation: 50
Joined: 24 Feb 2017
Posts: 976
Location: Pluto
|
| Posted: Fri Feb 22, 2019 3:37 pm Post subject: |
|
|
Basically the "dissect data structure" tool just reads a bunch of addresses and guesses the data type and displays the values.
As for not showing your offset, it's because the default structure size that CE uses is just a good average that won't take too long to load but get the full structure in most games. But for this game the structure seems to be a lot bigger so just increase your structure size. But this would have to be bigger than the offset, i.e. larger than 0xF43FC or 1000444.
If it were me. I'd just add to the base and remember to add that back to the offset the dissect data shows, later when adding stuff to the table. So use "152EF020+F4000" as the base then you just need to look at the "3FC" offset in the tool to find your money address.
_________________
|
|
| Back to top |
|
|
salumor
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jan 2019
Posts: 87
|
| Posted: Sat Feb 23, 2019 10:08 am Post subject: |
|
|
Just to be clear - what TheyCallMeTim13 wrote is correct, I'd also use "152EF020+F4000" or similar.
@super bird
A short note: there has been some missunderstanding with Byte length. (will be important once you start optimizing code)
4 Bits / Hex up to "F" is a Nibble.
8 Bits / Hex up to "FF" is a Byte.
"FF FF FF FF" - are 4 Bytes, you can also say 8x4=32 is a 32 Bit address (8 cause 1 Byte rep. 8 Bits in modern pc architectures.)
What might does seem confusing is the delimiter. But the 4 Bytes in dissect tool represents the guessed type of the Address - not the Offset. The Offset is recommended with 4096 (decimal, 1000 in Hex - so a low part of 2 Bytes up to "FF FF").
You may also check - if it would be 5 bytes, it would exceed 32 Bit, thus you'd need 64 Bit. That would need a change of registers (eax -> rax). But you need to check on the register list, not opcode cause there are occations where you'd use eax in 64Bit.
Last edited by salumor on Wed Mar 06, 2019 5:37 pm; edited 1 time in total |
|
| Back to top |
|
|
super bird
How do I cheat?
![]() Reputation: 0
Joined: 01 Mar 2016
Posts: 4
|
| Posted: Tue Feb 26, 2019 1:54 pm Post subject: |
|
|
| TheyCallMeTim13 wrote: | Basically the "dissect data structure" tool just reads a bunch of addresses and guesses the data type and displays the values.
As for not showing your offset, it's because the default structure size that CE uses is just a good average that won't take too long to load but get the full structure in most games. But for this game the structure seems to be a lot bigger so just increase your structure size. But this would have to be bigger than the offset, i.e. larger than 0xF43FC or 1000444.
If it were me. I'd just add to the base and remember to add that back to the offset the dissect data shows, later when adding stuff to the table. So use "152EF020+F4000" as the base then you just need to look at the "3FC" offset in the tool to find your money address. |
you can't imagine how this has helped me
thank you very match you that you made me aware of this
|
|
| Back to top |
|
|
super bird
How do I cheat?
![]() Reputation: 0
Joined: 01 Mar 2016
Posts: 4
|
| Posted: Tue Mar 05, 2019 8:24 am Post subject: |
|
|
| salumor wrote: | @super bird
A short note: there has been some missunderstanding with Byte length. (will be important once you start optimizing code)
4 Bits / Hex up to "F" is a
8 Bits / Hex up to "FF" is a Byte.
"FF FF FF FF" - are 4 Bytes, you can also say 8x4=32 is a 32 Bit address (8 cause 1 Byte rep. 8 Bits in modern pc architectures.)
What might does seem confusing is the delimiter. But the 4 Bytes in dissect tool represents the guessed type of the Address - not the Offset. The Offset is recommended with 4096 (decimal, 1000 in Hex - so a low part of 2 Bytes up to "FF FF").
You may also check - if it would be 5 bytes, it would exceed 32 Bit, thus you'd need 64 Bit. That would need a change of registers (eax -> rax). But you need to check on the register list, not opcode cause there are occations where you'd use eax in 64Bit. |
sorry for the delay i tried to reply earlier but there was some problems with the forums which discarded my reply to you
i know you came here for helping me but i am now more confused
why did we multiplied 4 by 8
where did 8 come from ?
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Tue Mar 05, 2019 8:57 am Post subject: |
|
|
| super bird wrote: | | salumor wrote: | @super bird
A short note: there has been some missunderstanding with Byte length. (will be important once you start optimizing code)
4 Bits / Hex up to "F" is a
8 Bits / Hex up to "FF" is a Byte.
"FF FF FF FF" - are 4 Bytes, you can also say 8x4=32 is a 32 Bit address (8 cause 1 Byte rep. 8 Bits in modern pc architectures.)
What might does seem confusing is the delimiter. But the 4 Bytes in dissect tool represents the guessed type of the Address - not the Offset. The Offset is recommended with 4096 (decimal, 1000 in Hex - so a low part of 2 Bytes up to "FF FF").
You may also check - if it would be 5 bytes, it would exceed 32 Bit, thus you'd need 64 Bit. That would need a change of registers (eax -> rax). But you need to check on the register list, not opcode cause there are occations where you'd use eax in 64Bit. |
sorry for the delay i tried to reply earlier but there was some problems with the forums which discarded my reply to you
i know you came here for helping me but i am now more confused
why did we multiplied 4 by 8
where did 8 come from ? |
just dont confuse yourself, carefully read the post you quoted.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
salumor
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jan 2019
Posts: 87
|
| Posted: Wed Mar 06, 2019 4:43 pm Post subject: |
|
|
| super bird wrote: | | salumor wrote: | 4 Bits / Hex up to "F" is a
8 Bits / Hex up to "FF" is a Byte.
"FF FF FF FF" - are 4 Bytes, you can also say 8x4=32 is a 32 Bit address (8 cause 1 Byte rep. 8 Bits in modern pc architectures.) |
... where did 8 come from ? |
I do have to correct myself here a bit. You could actually either say:
- (was my intention here): 8Bits * 4Bytes (4xFF)
- or: 4Bits * 8Nibble (8xF)
Since Bytes is way more common than Nibble I di use that, but both are legit. And both end at 32Bits, representing 4Bytes again. (or 8 Nibble).
I think the easiest way to understand that is taking a look what "Hex F" means in "binary" and understanding the correlation bits/hex. Therefore take a look at f.e. https://en.wikipedia.org/wiki/Hexadecimal#Representation
============
Another example which do hope to make it clear why one would use Hex:
THIS IS 16 BIT!
HEX: 12 34
DEC: 4660
OCT: 11064
BIN: 0001 0010 0011 0100
Now we all do know that
BIN: 1111 1111 1111 1111
does represent:
HEX: FF FF (remember 8 Binary 8x0or1 is 2xHex up to FF)
+
DEC: 65535
OCT: 177777
Choose yourself. What is the most readable form?
Why 16 Bit? Well ... do count the sum of 1111 1111 1111 1111.
=======================================
32 Bits:
HEX: FF FF FF FF (and here we do have: 4 bytes again)
BIN: 1111 1111 1111 1111 1111 1111 1111 1111 (8x4 is ... 32 Bits)
=======================================
64 Bit
HEX: 1234 5678 90AB CDEF
BIN: 0001 0010 0011 0100 0101 0110 0111 1000 1001 0000 1010 1011 1100 1101 1110 1111 (16x4 or .... 32x2. Why x2 well it's either 0 or 1. That 32 time after another thus 32 Bits .... If you didn't check that no1 can help you.
DEC: 1311768467294899695
OCT: 110642547422052746757
Choose again.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
