Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Is it possible to find an address when a value exists?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Birdi
Expert Cheater
Reputation: 0

Joined: 08 Jun 2020
Posts: 122
Location: Migrating
PostPosted: Mon Jan 04, 2021 6:51 am    Post subject: Is it possible to find an address when a value exists? Reply with quote
I'm no expert in lua/asm, but I'm wondering if it's possible to grab an address when a specific value is found at any time during a process' runtime?

I know for certain that, eventually, a value (eg. 1193564454) will exist in some unknown address, but if only for a frame, and at an unknown time otherwise.

I assume it's possible to have a breakpoint or similar to find any address(es) that contain a value when it pops up during runtime, but I'm completely lost.
Back to top
View user's profile Send private message Visit poster's website
soggytoast111
Cheater
Reputation: 0

Joined: 25 Sep 2020
Posts: 26
PostPosted: Mon Jan 04, 2021 10:27 am    Post subject: Reply with quote
It's not possible to automatically "detect" when that specific value is written (as far as I know).

The way to solve this problem is that you have to do some detective work and figure out how that value is being written. Maybe there is some string that is associated with the function that writes it? Use "referenced strings" as an entry point and see if you can get onto the thread that eventually writes that value. Or maybe you have some other idea about how this process works to get to the right thread.

But once you find the thread, slowly step through it and narrow down exactly when it's written. Eventually (after a lot of tedious stepping through the assembly op codes) you can figure out precisely which opcode writes it and then you can always know where it is by breaking on that opcode.

I've done this myself many times. It can take a while but you will eventually find it this way.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 150

Joined: 06 Jul 2014
Posts: 4657
PostPosted: Mon Jan 04, 2021 12:42 pm    Post subject: Reply with quote
Birdi wrote:
it's possible to have a breakpoint or similar to find any address(es) that contain a value when it pops up during runtime
Possible, but completely ridiculous. It would take days-weeks to render a single frame.

soggytoast111 wrote:
once you find the thread, slowly step through it and narrow down exactly when it's written
Still ridiculous, but slightly less so (hours-days).

Try ultimap or the code filter.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
soggytoast111
Cheater
Reputation: 0

Joined: 25 Sep 2020
Posts: 26
PostPosted: Tue Jan 05, 2021 8:07 am    Post subject: Reply with quote
ParkourPenguin wrote:

Try ultimap or the code filter.


Ultimap/code filter can be useful when you have some kind of event that you can control in-game. Like if you fire a weapon or take damage you can use that as a condition to filter the results. It doesn't really work when you just have a one-shot event you are trying to track down.

For example, a recent game hack I was working on involved reversing the process that decrypts the save game. This is a one-time event that happens when the game is initialized. I was able to do this by finding a string that referenced where the save game was stored, and then stepping through the thread until I found where individual bytes were being decrypted. It took me two hours at most - I don't really know how ultimap/code filter could have helped me do this any faster.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites