Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How do I force an address to a value I wan't?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
ScottySR
How do I cheat?
Reputation: 0

Joined: 04 Sep 2018
Posts: 9

PostPosted: Tue Sep 04, 2018 1:10 pm    Post subject: How do I force an address to a value I wan't? Reply with quote

As many probably know the check box next to the address "freezes" the value. It's more like quickly changes it back if it changes. Not really ideal for what I'm doing. Most likely the game updates those values every frame even if it's not necessary. There are actually very limited scenarios where they change. As far as I'm concerned you'd have to do some sort of code injection to prevent the values from changing back. I'd have to have some way of controlling what the injected code changes the value to instead of having a constant value.

By the way, do code injections save to the CT file so I don't have to do it every single time I start up the game? And if possible, have a single code injection to change all 8 values independently would be ideal, although I'm not sure if it would be even possible

First problem is finding the pointers for the 8 values I want to modify. Finding the addresses themselves is easy, however pointer scan doesn't seem to yield results with these values. After checking what accesses those addresses, all 8 of them gave the exact result, which is:

Code:
0032D4C8   mulss xmm1,[ebx+250]
002F4829   movss [ebx+250],xmm0
0032CE29   mulss xmm0,[ebx+250]


I'm not familiar with PC assembly code, but from my experience at 6502 assembly, I can fairly certainly say that those 3 opcodes read pointers from a table to figure out where the final address to store the value is. I haven't pointer scanned for addresses in these kinds of cases so I'm not sure what kind of approach should be taken. It does seem that the usual method doesn't work here.

By the way (v2), is there a tutorial for the basics of the assembly language that is displayed in the debugger. I'm not sure what assembly language this is exactly and if CE displays the code in it's own way. Understanding the basics might be useful.

Anyway, if you have anything that could lead me closer to my goal, feel free to give me any tips and/or links that might help Smile
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Tue Sep 04, 2018 2:13 pm    Post subject: Reply with quote

If changing the value in the address list doesn't do what you want it to do, freezing it or injecting code to change it probably won't help.

You can save a script that will automatically inject code.

You don't need to find a pointer if you're modifying code.

The mulss instructions are multiplying a float in an xmm register with the float stored at an address, and the movss instruction is moving a float from an xmm register into a memory location.

That's x86 architecture. Your processor's manufacturer should provide documentation (e.g. Intel).

Try the CE tutorial for more information.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Tue Sep 04, 2018 3:16 pm    Post subject: Re: How do I force an address to a value I wan't? Reply with quote

If the value reverts back to what it would be that means it's coming from a different address.

Code:
002F4829   movss [ebx+250],xmm0


This is the only instruction that writes to your address. You would have to trace back from here to find where the value in xmm0 comes from.
Back to top
View user's profile Send private message
ScottySR
How do I cheat?
Reputation: 0

Joined: 04 Sep 2018
Posts: 9

PostPosted: Tue Sep 04, 2018 3:19 pm    Post subject: Reply with quote

Changing the address values do exactly what I want. The problem here is that the game rewrites the intended value every frame. Since freezing changes the value to the specified value every X milliseconds, it creates a stutter in the value and it messes up what I'm trying to do. Even 1ms, which I believe is the smallest interval, is not fast enough.

I figured that replacing movss with nop prevents the values from changing. I don't think this is all that is going on. Changing stage or returning to title screen re-assigns most addresses. This makes it so that this is only useful in the current stage. After I change the values are larger than intended and you can't change them anymore. There has to be pointers involved somehow in all this. Furtermore, changing the values to 0 doesn't actually end up with the effect that you would believe. It seems by the result that it's almost zero. Not sure if the two mulss have anything to do with this
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 92

Joined: 14 Jul 2007
Posts: 3102

PostPosted: Wed Sep 05, 2018 2:31 am    Post subject: Re: How do I force an address to a value I wan't? Reply with quote

sbryzl wrote:
If the value reverts back to what it would be that means it's coming from a different address.

Maybe.
Or, maybe the value is constantly recalculated for its next use (so it's written and read back immediately).
Back to top
View user's profile Send private message
ScottySR
How do I cheat?
Reputation: 0

Joined: 04 Sep 2018
Posts: 9

PostPosted: Wed Sep 05, 2018 9:15 am    Post subject: Re: How do I force an address to a value I wan't? Reply with quote

sbryzl wrote:

This is the only instruction that writes to your address. You would have to trace back from here to find where the value in xmm0 comes from.


I was actually just wondering how you do this. I might need to find where the value to ebx is coming as well, but I believe it's the same as xmm registers
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 92

Joined: 14 Jul 2007
Posts: 3102

PostPosted: Wed Sep 05, 2018 3:19 pm    Post subject: Re: How do I force an address to a value I wan't? Reply with quote

ScottySR wrote:
sbryzl wrote:

This is the only instruction that writes to your address. You would have to trace back from here to find where the value in xmm0 comes from.


I was actually just wondering how you do this. I might need to find where the value to ebx is coming as well, but I believe it's the same as xmm registers

Well, you need to trace it back using the stack.
Or, just run a trace that does not do step into and see where it returns (this does give false results sometimes!).
See what called this function with what parameters.
Back to top
View user's profile Send private message
ScottySR
How do I cheat?
Reputation: 0

Joined: 04 Sep 2018
Posts: 9

PostPosted: Fri Sep 07, 2018 9:50 pm    Post subject: Reply with quote

I think I can use the structure dissect menu to find values that are different between all 8 variables and use them in the code injection to find which address the instruction is accessing.

By the way, do all values in the code I write have to be in decimal or can I write hex as well? And is it possible to link certain values from the code to the cheat table for easier modification?
Back to top
View user's profile Send private message
Csimbi
I post too much
Reputation: 92

Joined: 14 Jul 2007
Posts: 3102

PostPosted: Fri Sep 07, 2018 11:42 pm    Post subject: Reply with quote

You mean the AA scripts?
They are hexadecimal by default.
Tapping F1 in the AA editor will take you here.
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Sat Sep 08, 2018 7:29 am    Post subject: Reply with quote

ScottySR wrote:
And is it possible to link certain values from the code to the cheat table for easier modification?


Yes. You can reference any location from a registered label plus or minus any offset.

Use an aob scan to create another registered label somewhere else, or to access a section in your aa script you can place another registered label anywhere within your new memory region.
example:
Code:
[enable]
registersymbol(label1)
newmem:

label1:


[disable]
unregistersymbol(label1)
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites