Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


only finding GUI value; can't find real value to edit

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
ymiu
Cheater
Reputation: 0

Joined: 16 Dec 2018
Posts: 41

PostPosted: Fri May 10, 2019 3:23 pm    Post subject: only finding GUI value; can't find real value to edit Reply with quote

TL;DR: I found some addresses that change when my "money" value changes, but editing them doesn't change my "money", and I can't trace them back to any other addresses that hold the real "money" value because the program seems to be sending these values around on the stack.

Long version below:

The game is Mutant Year Zero. It's 64-bit. Been working on this problem on and-off for weeks... I've never been unable to find a value that seems so simple to find.

Entering a shop, scanning for scrap (money) value, then buying an item and re-scanning for the new updated on-screen value yields no results.
Very rarely, this yields one result, but let's not go there for now since the next step covers it.

If I leave the shop and undo the last (unsuccessful) scan, then re-scan for the same value again, I get two addresses every time.
I get the same result if I scan for scrap prior to entering the shop, go in and buy an item, then leave the shop before scanning for the new value.

Now if I modify these, it never affects the real scrap count.
The game continues to count down my scrap, when I buy things, as if I never edited the value.
So I figure these addresses only pertain to my on-screen value (even though they don't even succeed in showing the edits on-screen).

Now I find out what writes to these two addresses.
See first screenshot, below, for a description of what that's like.

Since only one of those addresses is being written-to at the time I enter the shop, I'll assume the real scrap value had already been read-from in order to know which value to store in this address.
(good/bad assumption?)

I can't simply debug the VCRUNTIME140.DLL instruction, because that's getting called constantly for other things.
So I wrote a script to help me record the RDX records when [RDX] is equal to my current scrap.
Since the VCRUNTIME code is just a stub, I also record the RSP so I know where the stub returns to.
The second screenshot, below, shows my debug results.

Unfortunately, the CALL immediately above the RET (RSP) address didn't take me directly to the VCRUNTIME stub, and it doesn't give me any obvious leads as to the origins of the RDX address found there.

The third screenshot shows that the first successful RDX hit within VCRUNTIME points to the stack, which doesn't help me since I don't know what instruction placed it there.

Any ideas?



3.png
 Description:
The very first RDX grabbed from the VCRUNTIME stub points to the stack, but I don't know which instruction placed that value there.
 Filesize:  225.66 KB
 Viewed:  7731 Time(s)

3.png



2.png
 Description:
The memory browser shows debug output from my script, collected by monitoring for [RDX] values equal to my scrap each time the VCRUNTIME stub is entered. The disassembler shows the RET address after the first scrap-related RDX was detected.
 Filesize:  306.05 KB
 Viewed:  7731 Time(s)

2.png



1.png
 Description:
Finding out what writes to the two Scrap addresses. These hits show up whether or not I actually purchase anything in the shop, since they only activate upon entering or leaving the shop.
 Filesize:  1.17 MB
 Viewed:  7731 Time(s)

1.png


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sat May 11, 2019 12:36 am    Post subject: Reply with quote

Does this game require an internet connection to play? ( If you type in ipconfig /release in a command prompt, can you keep playing and buying things ? )
If not, then it's likely money is server sided and the money value you get from the internet socket

If you can, then try finding money using changed/unchanged scans and just buy stuff/sell stuff, repeat. (Perhaps exist the shop each time, or never exit the shop)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
ymiu
Cheater
Reputation: 0

Joined: 16 Dec 2018
Posts: 41

PostPosted: Sat May 11, 2019 3:56 am    Post subject: Reply with quote

It's definitely not a multiplayer game. No servers or anything involved at all.
The game uses the Unreal engine, if that matters at all.

The crux of my problem is tracing back to the original instruction that pushed my current scrap value into the address that RDX points to within that VCRUNTIME stub.
I tried messing with Break and Trace conditions, but didn't have any luck detecting anything useful.

Are there any other tools that can inform me of JMPs or CALLs that lead to that VCRUNTIME stub, using "[RDX]==scrap" as a condition?

I'm not the only one having problems-- I've read other people complain about this being hard-to-find, and despite all of the suggestions, none of them work for me.

I found a video, only a couple months old, that shows how some guy just simply searches for the changed scrap value, edits it, and has instant success.
It's blowing my mind because I almost always get back 0 results when I search for a changed value after purchase, and on the rare times I do get back one result, changing it has no bearing on my next purchase.

I verified I'm using the same exact CE version and scan settings as the guy in the video (at least the visible ones on the CE GUI).

https://youtu.be/vYllfoU9Qrk?t=56

Edit:
Someone was kind enough to post some CE scripts on another forum.
Looking one of them over, it pointed to some instructions that are only accessed when I enter the shop, and leave me with a base pointer and an offset to access my scrap when I set a breakpoint.
The problem was that the value stored at the offset did not match my current scrap value at all.
The stored value was (int)153 and my scrap was (int)177.
To make it worse, when I tried buying an item (lowering scrap), the value at the offset never changed.
Nevertheless, when I edited the value and bought something else, the game reflected my new edited value, at last!

I'm glad to have gotten over this obstacle, but I'm still confounded as to what's going on under the hood.
Back to top
View user's profile Send private message
uggbbtyryu
How do I cheat?
Reputation: 0

Joined: 11 Jul 2023
Posts: 1

PostPosted: Tue Jul 11, 2023 5:56 am    Post subject: Reply with quote

Did you just roll with it? Or did you ever get any clearity on how this behaved ymiu?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites