Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Tutorial step 6 curious question

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091
PostPosted: Wed May 21, 2014 9:41 pm    Post subject: Tutorial step 6 curious question Reply with quote
So I have completed the tutorial successfully (both x86 and x64 versions), and I got bored and did it again today (only on the x64 version). (edit: I suppose I should probably mention that I'm using ce ver 6.3 and win 7 x64...)

Last time I did step six I just got the pointer and froze it at 5000 (I saved the table I used, that's the only reason I know), this time I tried to use an assembler script to set the new value to 5000 after pressing change pointer (so that it's basically just enable script and press to continue) and I found that it didn't work...at least not when pressing change pointer, however it does when pressing change value. So I tested simply freezing the pointer and pressing change value, and that fails to work.

so I'm curious if anyone can explain why the script works when pressing change value but not when freezing the value (I assume that the change pointer button doesn't use the same code to change the value as the change value button does and so fails there, but that doesn't explain why the script magically works with the change value button).

here's the script I used btw:
Code:
[ENABLE]
alloc(step6,18,"Tutorial-x86_64.exe"+2F985)
label(returnhere)

step6: //this is allocated memory, you have read,write,execute access
mov [rdx],1388
mov rax,["Tutorial-x86_64.exe"+2C7710]
jmp returnhere

"Tutorial-x86_64.exe"+2F985:
jmp step6
nop
nop
nop
nop
returnhere:

[DISABLE]
dealloc(step6)
"Tutorial-x86_64.exe"+2F985:
mov [rdx],eax
mov rax,["Tutorial-x86_64.exe"+2C7710]


hm, I just noticed that I'd changed the allocated memory label for each of my scripts but I didn't change the 'returnhere' labels...I imagine that could cause a few issues if I was using more than one of these at a time...

Anyways, thanks to anyone who takes the time to try and explain this for me!
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197
PostPosted: Thu May 22, 2014 12:01 am    Post subject: Reply with quote
Because different instructions are being used to alter the value and alter the pointer address. You can use injection, pointers or a combination of both to defeat this step. If you freeze a pointer address value to 5000, you can defeat this step by pressing 'change pointer button'. If you inject code at an instruction that handles the values for 'change value button', you can defeat this step by writing a script that always sets the value for those addresses to 5000. You can also inject at an instruction that accesses the pointer for your pointer address. Here, you can generate the value of the pointer address within the script and alter it by locking it at 5000, similarly to freezing the pointer address value, but by using injection. By doing this, pressing the 'change pointer button' will defeat this step.

Anyway, this step was designed to teach you about pointers. As long as you use pointers or circumvent them altogether by using injection, you can defeat this step. The method that you use is up to you. Also, it's just the way the tutorial was written.

Last edited by ++METHOS on Thu May 22, 2014 12:16 am; edited 2 times in total
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091
PostPosted: Thu May 22, 2014 12:13 am    Post subject: Reply with quote
++METHOS wrote:
...Also, it's just the way the tutorial was written.
ah, that makes sense. Not sure why that didn't occur to me immediately, probably because I was getting access violations (due to a silly mistake)

waste of a good first post I guess, but thanks for taking the time to explain it!
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197
PostPosted: Thu May 22, 2014 12:16 am    Post subject: Reply with quote
Simply put, when you press button1 (change value), the value of address1 gets changed by instruction1...but when you press button2 (change pointer), address1 changes to address2 by instruction2 and instruction1 doesn't get accessed again until button1 gets pressed. As you can see, different instructions are being accessed when you press button1 and button2.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites