 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Pach
How do I cheat?
![]() Reputation: 0
Joined: 19 May 2024
Posts: 2
|
 Posted: Sun May 19, 2024 6:06 pm Post subject: Having trouble finding pointer address |
 |
|
Hi, I'm new to CE and have dealt with system architecture before but have a rough understanding of x86 assembly. I want to find the value of the currently playing song in a karaoke application, and I'm certain I've found the address where it is located because it updates when I expect it to. Following tutorials, I went to "find out what accesses this address" but did not find any copy memory instruction. Instead, when I add a song (which changes its value as expected), I get the following instructions:
| Code: | 7FF634997375 - 0F11 40 80 - movups [rax-80],xmm0
7FF63499737D - 0F11 48 90 - movups [rax-70],xmm1
7FF63497B523 - 66 45 39 24 5E - cmp [r14+rbx*2],r12w
7FF634A03970 - 0FB7 0A - movzx ecx,word ptr [rdx]
7FF634A03120 - 66 83 39 0A - cmp word ptr [rcx],0A
FF634A032E0 - 0FB7 03 - movzx eax,word ptr [rbx]
7FF634A03300 - 0FB7 43 FE - movzx eax,word ptr [rbx-02]
7FF634A03466 - 66 42 83 3C 4E 00 - cmp word ptr [rsi+r9*2],00
7FF634A038B0 - 41 0FB7 08 - movzx ecx,word ptr [r8]
7FF634A034D0 - 41 0FB7 11 - movzx edx,word ptr [r9]
7FFB55B68DF5 - 0FB7 04 3A - movzx eax,word ptr [rdx+rdi]
7FF6349CE7A3 - 66 42 39 2C 4E - cmp [rsi+r9*2],bp |
The first two instructions only happen once when the song is queued (could be when the value changes? edit: this seems to be the next song in queue), and the middle instructions happen very often before the song starts. I traced it, and it seems like it continuously moves the name down in memory? The last 2 happen 8 times when the song starts.
The only time where it does do a copy memory instruction is when the song finishes:
| Code: | | 7FF6349BEEAB - 66 89 AB 28020000 - mov [rbx+00000228],bp |
I suspect there might be something if I follow one of the movups or movzx instructions but I'm not completely sure what that actually does, and which one/what address to scan for in CE.
I've looked in the memory, it seems like it just replaces the first two bytes of the song name with 0.
If anything, I'd just like some intuition on what is happening, if I've provided sufficient information to explain.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25827
Location: The netherlands
|
| Posted: Sun May 19, 2024 10:50 pm Post subject: |
|
|
first part: memory copy operation, for local memory destination
2nd and 3th part: string reading
so, the address you've found is a string. Likely there is an index into the text or a pointer into the text that specifies what part of the text is in use
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Pach
How do I cheat?
![]() Reputation: 0
Joined: 19 May 2024
Posts: 2
|
| Posted: Mon May 20, 2024 5:08 am Post subject: |
|
|
| Dark Byte wrote: | first part: memory copy operation, for local memory destination
2nd and 3th part: string reading
so, the address you've found is a string. Likely there is an index into the text or a pointer into the text that specifies what part of the text is in use |
hmm, I'm not quite familiar with all the instructions especially the cmps it's doing in the string reading part. If I set a breakpoint and look at RDX after the first instruction (movzx ecx, word ptr [rdx]), would I likely find the address of the pointer to the text? Or would I find it in one of the registers mentioned in the later instructions? I will try and experiment more later today.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
