 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Reoline
How do I cheat?
![]() Reputation: 0
Joined: 04 Jan 2021
Posts: 4
|
 Posted: Wed Jan 20, 2021 9:13 am Post subject: Multiple offsets - what does it mean? |
 |
|
I used to think that when I use a CE debugger and see an instruction like "mov [rbx + 10], eax" it means that there is a structure in memory (rbx points on its start) and 16 bytes after there is a variable in a struct. But sometimes I get results like this: (screenshot) with many different and strange offsets, and I dont quite get the idea behind that. Does it mean that the same variable belongs to different structs? Why are some offsets negative, are there some special structs which are counted from the end, not the beginning? Or I am entirely wrong and offsets are not connected with structs or classes in any way?
| Description: |
|
| Filesize: |
23.93 KB |
| Viewed: |
1730 Time(s) |
|
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4721
|
| Posted: Wed Jan 20, 2021 12:59 pm Post subject: |
|
|
The intuition in your first sentence is correct: if multiple instructions accessing a value use an offset like +10, it usually means the value you're watching is part of a structure that starts 16 bytes before it.
In low level languages like C/C++ etc., nested structures are by default directly embedded inside the encapsulating structure: pointers would need to be explicitly created. This can cause the same value to be accessed through several different offsets. e.g. C++ 11 code:
| Code: | #include <cstdio>
struct Foo {
double a;
double b;
};
struct Bar {
int a;
int b;
Foo c;
int d;
};
double foomul(Foo *f) {
return f->a * f->b; // offsets: +0, +8
}
double barmul(Bar *b) {
return (double)(b->a)
* b->b
* b->c.a // offset +8
* b->c.b // offset +0x10
* b->d;
}
int main() {
Bar b{2, 3, Foo{1.5, 2.5}, 4};
std::printf("%f\n", foomul(&b.c));
std::printf("%f\n", barmul(&b));
return 0;
|
Here, the doubles with values 1.5 / 2.5 are accessed using the offsets +0 / +8 and +8 / +0x10 in the functions foomul and barmul respectively.
From the perspective of machine code, it's kind of correct to say the same value can belong to two different structs (as seen in the above example), but I wouldn't put it like that in the context of most relevant programming language's jargon.
Negative offsets are weird.
Beyond that, there isn't much I can say with such little information.
What type of data this value is (string, double, bit field...), signification of the data (e.g. health, money, ammo), information about the surrounding data, exactly which byte in the value each instruction is accessing (irrelevant for 1-byte values), more context around instructions that access the data, what language this was compiled from, what game engine was used, etc., would help.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
