Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Randomly changing pointer to pointer values ?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
kosh
Newbie cheater
Reputation: 0

Joined: 28 Jul 2011
Posts: 12
PostPosted: Fri Oct 04, 2013 6:23 pm    Post subject: Randomly changing pointer to pointer values ? Reply with quote
I dug out my old copy of Art of war: direct action, and while I know there are cheats to give cash, I wanted to play around with CE and do $10K at a time instead of $1K.
Anyway, after finding the address of the cash, it shows this below.
Code:


Probable base pointer =1EF5A420

005C7B7C - je ACTOFWAR.EXE+1C7BAC
005C7B7E - mov eax,[ebp-04]
005C7B81 - mov [ebx+44],eax
005C7B84 - fld dword ptr [ebx+44]
005C7B87 - add esp,F4

EAX=46147000
EBX=1EF5A420
ECX=46147000
EDX=46147000
ESI=0017FA20
EDI=004D0F0C
EBP=0017F9D8
ESP=0017F9AC
EIP=005C7B84

And yeah, 0x1EF5A464 (EBX+44) is indeed the cash write location.
However, that is only for display it seems. Since if you modify it, it changes it back.
EAX (0x46147000) is what gets loaded into that EBX+44 address.
(That is 9500.0 in decimal).
So, looking at what loads that into EAX shows mov eax,[ebp-04] (0x0017F9D8)-4 or 0x0017F9D4.

Fine.
Now do a 4 byte scan for that, and get 0x0017F1AC. This is a pointer to a pointer obviously, since it holds 0x0017F9D4 (at least some time--it keeps changing, as does the value in 0x0017F9D4 ).
That shows 3 addresses, with two of them constantly cycling other addresses as well as the one we want.
The one that never changes is 0x0007C950.
I do a 'what accesses that address 0x0007C950' and it has a list of 13 or so addresses.
Doing a 'what writes to that address 0x0007C950' has 3 addresses.

Now, I know the game is doing something to prevent changing the values of the cash, since it resets it, but the question is, where do I go from here? I tried to set a new value for that pointer to a pointer, but that also gets reset (or stuck in a loop trying to reset it).

I tried setting breakpoints with CE and doing a step (f7), but it seems that stepping is broken, since I hit F7, and then the game runs again...

Any erm.. pointers on how to overcome their protection of values ?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 470

Joined: 09 May 2003
Posts: 25778
Location: The netherlands
PostPosted: Fri Oct 04, 2013 6:45 pm    Post subject: Reply with quote
That means you found a visual representation address and not the real address.

e.g the actual money might be 9500.12 but the display object is stored only as full money, so there it's stored as 9500, and then when you scan you only find the display object's storage space and not the real address


See if you can find the real one. (e.g different value type, different float rounding or using changed/unchanged scans in case of obfuscation)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
kosh
Newbie cheater
Reputation: 0

Joined: 28 Jul 2011
Posts: 12
PostPosted: Fri Oct 04, 2013 9:26 pm    Post subject: Reply with quote
Dark Byte wrote:
That means you found a visual representation address and not the real address.

e.g the actual money might be 9500.12 but the display object is stored only as full money, so there it's stored as 9500, and then when you scan you only find the display object's storage space and not the real address

Ahh, I see.
Quote:

See if you can find the real one. (e.g different value type, different float rounding or using changed/unchanged scans in case of obfuscation)

Started off with unchanged, then earned some $$$, used increase, then did unchanged until it was down to 50K addresses, then spent $$$ and searched for decrease, and in the end, all it found was the same address it found last time. (The float value up above that is just used for display)

I am guessing they are obfuscating it somehow, tried searching 'all' as well.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites