 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
casshern
How do I cheat?
![]() Reputation: 0
Joined: 16 Feb 2022
Posts: 2
|
 Posted: Wed Feb 16, 2022 10:57 am Post subject: How to find the second offset? |
 |
|
I would like to have the Y position of my character and to do this I need the static pointer.
So I used the "pointer scan" methods to get an address of which I have in fact two offsets
| Code: |
"prog"+00082348 -> 0C26CD0
[0C26CD0+C] -> 0C2836D0; go to the address pointed by 0C26CD0+C
0C2836D0 + 2E0 = 0C839B0; which is exactly my Y position.
|
From what I understood (and tested several times) the first offset "00082348" is always the same and then go to the adress pointed by "prog"+00082348+C too.
The problem is that the last offset "2E0" can be different and I don't understand how it is recovered.
Using "Find what accesses the address pointed at by this pointer" I get:
| Code: |
0041BA05 - 8D 04 50 - lea eax,[eax+edx*2]
0041BA08 - C1 E0 04 - shl eax,04
0041BA0B - 0FBF 44 08 20 - movsx eax,word ptr [eax+ecx+20] <<
0041BA10 - C2 0400 - ret 0004
0041BA13 - 90 - nop
EAX=00000004
EBX=0C314501
ECX=0C2836D0
EDX=00000014
ESI=00000005
EDI=00000014
ESP=0019DC90
EBP=00190001
EIP=0041BA10
|
And checking with IDA the subroutine associated:
| Code: |
.text:0041B9F0 arg_0 = dword ptr 4
.text:0041B9F0
.text:0041B9F0 mov ecx, dword_486448
.text:0041B9F6 mov eax, [esp+arg_0]
.text:0041B9FA mov edx, [ecx+14h]
.text:0041B9FD mov ecx, [ecx+0Ch]
.text:0041BA00 sub eax, edx
.text:0041BA02 lea edx, [eax+eax*4]
.text:0041BA05 lea eax, [eax+edx*2]
.text:0041BA08 shl eax, 4
.text:0041BA0B movsx eax, word ptr [eax+ecx+20h]
.text:0041BA10 retn 4
.text:0041BA10 sub_ endp
|
C transformation:
| Code: |
int __stdcall sub_(int a1)
{
return *(__int16 *)(176 * (a1 - *(_DWORD *)(dword_486448 + 20)) + *(_DWORD *)(dword_486448 + 12) + 32);
}
|
The thing is that I don't understand how to get "a1" with cheat engine because it seems to be the answer to my problem, no? Unless "a1" is a value of stack and in that case I have to find another way.
Thanks for your help!
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 473
Joined: 09 May 2003
Posts: 25918
Location: The netherlands
|
| Posted: Wed Feb 16, 2022 11:22 am Post subject: |
|
|
a1 is stack parameter
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
casshern
How do I cheat?
![]() Reputation: 0
Joined: 16 Feb 2022
Posts: 2
|
| Posted: Wed Feb 16, 2022 11:40 am Post subject: |
|
|
So I have 2 solutions. The first is to find a way to get the second offset.
The second is to make a script to get the value of a1 in the stack, right?
I would prefer the first solution, to have the static pointer associated to my position... do you have an idea?
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
