Cheat Engine

Tr1gun87 · Cheater Reputation: 0 Joined: 17 May 2017 Posts: 27

no still can't find the solution Smile

i need to understand how to get the memory value from a getUser() method

with ILSpy of the method i get this:
public static hs User => SimManager?.CurrentContext?.ag();
(called by a static object)

if i use a breakpoint and trace i get the value in the img but don't know how find it (the code of the img is the ag() )
nothing have a clear address... eax came from the stack... so i have no idea where and when that value get pushed
from what i understand ebp is the start of the stack inside the function, so is the return value, but i have still no idea how to get that value

any hint? Very Happy

https://controlc.com/cd787069 <- the trace of the img

Csimbi · Posted: Tue Aug 25, 2020 7:48 am Post subject:

Some based offset seems to come from the stack: EPB+08.
The, base+14 is read.
Did you check what's the base and where's that base coming from?

Tr1gun87 · Cheater Reputation: 0 Joined: 17 May 2017 Posts: 27

on the link there is the export of the trace
i don't see anything...

i saw ebp = starting position of the stack at the start of the call, so maybe ebp+8 is the esi value?

i noticed now the trace and the image come from 2 different sessions Very Happy

the select line of the img is line 9263 on the trace file
184AFA8E - lea esp,[ebp-08]