tndz
How do I cheat?
![]() Reputation: 0
Joined: 21 Mar 2011
Posts: 1
|
 Posted: Mon Mar 21, 2011 11:05 am Post subject: reading strings from memory |
 |
|
Hey,
though this is my first time posting here I am not new to programming but i'm having some trouble finding a few things in the memory of a program.
I have a program (a game) which records everything I do (combat-wise) to a file named "combatlog.txt" inside the game's directory. I'd like to get the contents of that file into my program.
While it's working quite well with a function which tries to open the file and read it out, it sometimes fails (EOpenFileError Access violation, which is no problem) and it sometimes fails with another (system) Access Violation, causing the thread reading the file to crash, so my program requires a restart.
so i figured i could just read the memory of the game (thus preventing access violation from I/O), i.e. everytime the game calls fOpen to watch the memory and transfer it into my program. via cheat-engine I found the assembly from fOpen to fClose:
| Code: | 00268AB0 - 68 d8 99 c7 00 - push std::_init_locks::operator=+24e53f /// push the filename into register
00268AB5 - ff 15 a4 98 c4 00 - call dword ptr [std::_init_locks::operator=+21e40b] /// call fOpen
00268ABB - 83 c4 08 - add esp,08
00268ABE - 89 06 - mov [esi],eax
00268AC0 - 85 c0 - test eax,eax /// checks if fOpen succeeded
00268AC2 - 74 50 - je 00268b14 /// jump if failed
00268AC4 - 8b 44 24 24 - mov eax,[esp+24]
00268AC8 - 57 - push edi
00268AC9 - 50 - push eax
00268ACA - 8d 4c 24 0c - lea ecx,[esp+0c]
00268ACE - 51 - push ecx
00268ACF - e8 66 13 3d 00 - call createvorbisfileplugin+3046a
00268AD4 - 8b 16 - mov edx,[esi]
00268AD6 - 83 c4 08 - add esp,08
00268AD9 - 52 - push edx
00268ADA - 8d 4c 24 0c - lea ecx,[esp+0c]
00268ADE - ff 15 24 95 c4 00 - call dword ptr [std::_init_locks::operator=+21e08b] /// a call to a string formatting function
00268AE4 - 8b 3d a0 98 c4 00 - mov edi,[std::_init_locks::operator=+21e407] /// cheatengine commented this line as [fPuts]
00268AEA - 50 - push eax
00268AEB - ff d7 - call edi
00268AED - 8b 06 - mov eax,[esi]
00268AEF - 50 - push eax
00268AF0 - 68 3c 3f d9 00 - push std::_init_locks::operator=+368aa3
00268AF5 - ff d7 - call edi
00268AF7 - 8b 0e - mov ecx,[esi]
00268AF9 - 51 - push ecx
00268AFA - ff 15 9c 98 c4 00 - call dword ptr [std::_init_locks::operator=+21e403] /// call to fClose
00268B00 - 83 c4 14 - add esp,14
00268B03 - 8d 4c 24 08 - lea ecx,[esp+08]
00268B07 - c7 06 00 00 00 00 - mov [esi],00000000
00268B0D - ff 15 ec 94 c4 00 - call dword ptr [std::_init_locks::operator=+21e053]
00268B13 - 5f - pop edi
00268B14 - 5e - pop esi |
so I guess the data I need are, after being formatted by a call (see 00268ADE), now pointed to by eax, as the formatting function finally pushes its result to eax. I can't read out eax though, as cheat engine fails to attach itself to the game's process. so from this point on im pretty clueless how to continue.
any help or comments appreciated.
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
