Cheat Engine

[soggytoast111]

Hello, I'm working on a hacking project but kind of stuck at this point.

There's a specific string that's written somewhere in memory and I want to find where in the code this is generated so I can see how this function works. This is a random string that is generated at the time the function is called, so it doesn't exist anywhere in memory until then.

I can find the string easily after it's written, but it doesn't always go into memory in the same place so I can't just use the "find out what writes to this address" option.

I've been trying to use breakpoints and step through the disassembler to figure out when it's written, but this is tedious and I'm not sure if I'm guaranteed to find it this way.

Is there an easier way to do this? Or maybe set up some kind of LUA script to make this work less time consuming at least?

[Csimbi]

Ultimap?

[soggytoast111]

I don't really have any experience with ultimap. How do I use ultimap to help find this?

[DanyDollaro]

The fact that you can easily find the string makes me assume that it is shown on the screen or that it is part of a data structure you have access to, you may find out which code reads the characters of that string and see in which register its address is loaded, from there doing a bit of reverse engineering you could discover where the function gets the information on the new position of the string and from there you can find information about the function that writes it, since the strings are passed as parameters by reference, the function that generates the string will overwrite the pointer that will use the function that acts in reading, doing it requires skill and time and consider that there is the possibility that the string will be read only a limited number of times, in that case I would only think of the use of Multimap as suggested by Csimbi.

[soggytoast111]

[DanyDollaro]

I haven't links to share, they are my general notions of programming.
Usually when you write a function that has to receive a string as a parameter you pass it by reference, in low-level programming languages such as C or C++ this operation must be explicit, while in high-level languages such as Javascript or Python they are passed by default for reference.

The easiest way is to search with the Cheat Engine's memory scanner for the address of the string and if you find variables like "pointer to a pointer to a string" pointing to your string you can see what it writes to that address and you may find the function that generates it.
In case that doesn't happen then the string is handled differently, then you could find any function that reads the string and enumerate its parameters and find out which of those the function uses to find the string, most likely it will use a pointer, if so then you can go to the first method I have listed for you, I was just about to forget to tell you that to "enumerate its parameters" you could just take a look at the stack as soon as the thread breaks into the entry point of the function.
In case you still haven't understood you should deepen your knowledge on assembly, on the other hand I should describe you an infinite number of cases that could happen and would never end.

[soggytoast111]

Thanks that's a lot to chew on, but I think this at least gives me a few more angles to try. I'm very new to assembly (this is really my first project) but I do have some experience with Javascript/Python. I'm learning fast though - happy that I already got this far.

I found some cool info on some ways to bypass Cheat Engine/debugger anticheat detection so maybe ultimap isn't a complete lost cause either. Ultimap seems like a much easier way to accomplish this.