| View previous topic :: View next topic |
| Author |
Message |
kimpet
Newbie cheater
![]() Reputation: 0
Joined: 09 Nov 2015
Posts: 22
|
 Posted: Tue Mar 29, 2016 9:05 pm Post subject: Is there a way to find cmp instuction? |
 |
|
| Is there a way to find cmp instuction comparing player and enemy health?
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Tue Mar 29, 2016 9:35 pm Post subject: |
|
|
| Find player and enemy health then right-click their addresses and find out what instructions access them.
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
 Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Wed Mar 30, 2016 1:52 am Post subject: |
|
|
| And/Or dissect and compare their structures and maybe you'll find a value you can compare against yourself ...
|
|
| Back to top |
|
|
kimpet
Newbie cheater
![]() Reputation: 0
Joined: 09 Nov 2015
Posts: 22
|
| Posted: Wed Mar 30, 2016 1:53 am Post subject: |
|
|
| Zanzer wrote: | | Find player and enemy health then right-click their addresses and find out what instructions access them. |
I cant find the cmp instruction
| Description: |
|
| Filesize: |
91.6 KB |
| Viewed: |
8767 Time(s) |
|
Last edited by kimpet on Wed Mar 30, 2016 3:07 am; edited 2 times in total |
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Wed Mar 30, 2016 2:08 am Post subject: |
|
|
| Of course you won't find a cmp opcode directly when debugging health addresses ... But as you can see there are more address that access the enemy health than your own which means that some of those routines (69F7EE45 and 69EABEA8) are enemy only which is already some point to start with ...
|
|
| Back to top |
|
|
kimpet
Newbie cheater
![]() Reputation: 0
Joined: 09 Nov 2015
Posts: 22
|
| Posted: Wed Mar 30, 2016 3:44 am Post subject: |
|
|
| hhhuut wrote: | | And/Or dissect and compare their structures and maybe you'll find a value you can compare against yourself ... |
I already tried that way but cant find a value that I want to compare also I couldnt find a group differrent value which seperates the enemy and a player values
This is the result of my data structure between enemy and player, offset +3C is the health, Group 1 is enemy and Group 2 is the player.
| Description: |
|
| Filesize: |
107.3 KB |
| Viewed: |
8758 Time(s) |
|
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Wed Mar 30, 2016 3:56 am Post subject: |
|
|
Are you absolutely sure that all of the addresses of group 1 belong to the enemy and the same for group 2 (just asking) ?
Also did you compare the structure further down like to offset 300 and not only to offset 88?
|
|
| Back to top |
|
|
kimpet
Newbie cheater
![]() Reputation: 0
Joined: 09 Nov 2015
Posts: 22
|
| Posted: Wed Mar 30, 2016 4:13 am Post subject: |
|
|
| hhhuut wrote: | Are you absolutely sure that all of the addresses of group 1 belong to the enemy and the same for group 2 (just asking) ?
Also did you compare the structure further down like to offset 300 and not only to offset 88? |
yes I test it 1 by 1 before seperating them into group
I did go down to see if there is group different but no luck
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Wed Mar 30, 2016 4:22 am Post subject: |
|
|
Did you already compare the register status' at the location you want to do a code injection?
Probably some register is 0 for the enemy and 1 for humans or something like that ...
|
|
| Back to top |
|
|
kimpet
Newbie cheater
![]() Reputation: 0
Joined: 09 Nov 2015
Posts: 22
|
| Posted: Wed Mar 30, 2016 4:38 am Post subject: |
|
|
| hhhuut wrote: | Did you already compare the register status' at the location you want to do a code injection?
Probably some register is 0 for the enemy and 1 for humans or something like that ... |
what register status do u mean?
all enemy and players health writes here on this instruction
| Code: | | fst dword ptr [ebx+3C] |
didnt touch anything here yet
| Code: | [ENABLE]
aobscanmodule(INJECT,WW2Mod.dll,D9 53 3C D9 44 24 0C) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
fst dword ptr [ebx+3C]
fld dword ptr [esp+0C]
jmp return
INJECT:
jmp code
nop
nop
return:
registersymbol(INJECT)
[DISABLE]
INJECT:
db D9 53 3C D9 44 24 0C
unregistersymbol(INJECT)
dealloc(newmem) |
| Code: | 6A04BD68 - F6 C4 44 - test ah,44
6A04BD6B - 7B 29 - jnp WW2Mod.std::_Mutex::_Mutex+207250
6A04BD6D - D9 53 3C - fst dword ptr [ebx+3C] <<
6A04BD70 - D9 44 24 0C - fld dword ptr [esp+0C]
6A04BD74 - D8D1 - fcom st(0),st(1)
EAX=10393920
EBX=1039CEC8
ECX=1039CEC8
EDX=10290C40
ESI=0874F3F8
EDI=1039CEC8
ESP=0056F270
EBP=0056F314
EIP=6A04BD70
|
|
|
| Back to top |
|
|
hhhuut
Grandmaster Cheater
Reputation: 6
Joined: 08 Feb 2015
Posts: 607
|
| Posted: Wed Mar 30, 2016 4:58 am Post subject: |
|
|
| Code: | EAX=10393920
EBX=1039CEC8
ECX=1039CEC8
EDX=10290C40
ESI=0874F3F8
EDI=1039CEC8
ESP=0056F270
EBP=0056F314
EIP=6A04BD70 |
I mean those registers ... EBX, ECX and EDI are the same for example, maybe they aren't for enemy players ...
|
|
| Back to top |
|
|
SunBeam
I post too much
 Reputation: 65
Joined: 25 Feb 2005
Posts: 4023
Location: Romania
|
| Posted: Wed Mar 30, 2016 11:20 am Post subject: |
|
|
| Company of Heroes 2?
|
|
| Back to top |
|
|
Cake-san
Grandmaster Cheater
 Reputation: 8
Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung
|
|
| Back to top |
|
|
kimpet
Newbie cheater
![]() Reputation: 0
Joined: 09 Nov 2015
Posts: 22
|
| Posted: Wed Mar 30, 2016 7:10 pm Post subject: |
|
|
| SunBeam wrote: | | Company of Heroes 2? |
no
the Complete Edition
| Cake-san wrote: | Judging by the picture, y u no compare that offset 34 ?  |
that offset 34 is also using the same pointer with the player the image i posted is cut the last player is using that pointer
|
|
| Back to top |
|
|
SunBeam
I post too much
Reputation: 65
Joined: 25 Feb 2005
Posts: 4023
Location: Romania
|
| Posted: Thu Mar 31, 2016 5:21 am Post subject: |
|
|
I'll have a stab at it.
You might want to think of this as well: in the structure you investigate for the comparison, you might need to go up (or down) one level. Say.. offset 34 referenced by Cake-san is a pointer. This pointer leads to a memory region where you'd find a differentiation between the player and enemy. In short, that difference you look for is not always in the first structure (the one where health is). Health can be a sub-system of the player structure. As such, to find the player structure you'd have to "exit" the sub-system (your pointer here).
One more thing you can do is to figure out how big the structure is (how it's allocated, via GlobalAlloc or some other method). If you figure that out, then investigate the function that populates the structure with data and you'll find your differentiation  Both the enemy and player structures will be populated by same function, but a bit different, based on some checks that happen within. Those would be the dead-giveaways.
..or see what Recifense does here: http://forum.cheatengine.org/viewtopic.php?t=565501.
BR,
Sun
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
