Cheat Engine

kagato1980 · Posted: Tue Feb 16, 2021 11:27 am Post subject: Can't find array of byte

Related to this: https://forum.cheatengine.org/viewtopic.php?t=617186

I'm trying to find out why a certain instruction is replaced, but I'm already stuck at just scanning it.

I've done an array of bytes scan of "48 8B 85 B8 00 00", which is also part of the AOB scan that works just fine. This doesn't return any results when searching manually. Any ideas?

I'm also open to study this particular cheat in a zoom session or something (for pay)

ParkourPenguin · Posted: Tue Feb 16, 2021 11:56 am Post subject:

Make sure you're scanning through all memory, not just writable. Look where it says writable / executable / CoW and make writable / executable grey (filled in).

If the script is active, it would've overwritten the injection point with a jump to your code, so the original code wouldn't be there.

Also you're not using wildcards in the original pattern "48 8B 85 ?? ?? 00 00 48 89 44 24 ?? F3", but I'm guessing that's intentional?

kagato1980 · Posted: Tue Feb 16, 2021 12:16 pm Post subject:

Cool that worked..just had to gray one of the boxes instead of a checkmark.

So the original code points to this:
Frostpunk.exe+11B74BB - 48 8B 85 B8000000 - mov rax,[rbp+000000B8]

The [rbp+000000B8] is a pointer I think, which I added and gave me the value '657635568'. This value is the same if I pick a 7 or 8 hours estimate buildaction, so not sure what I should do with it.