Cheat Engine
The Official Site of Cheat Engine
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Cheat Engine Forum Index
->
General Discussions
->
Guests
Post a reply
Username
Subject
Message body
Emoticons
View more Emoticons
Font colour:
Default
Dark Red
Red
Orange
Brown
Yellow
Green
Olive
Cyan
Blue
Dark Blue
Indigo
Violet
White
Black
Font size:
Font size
Tiny
Small
Normal
Large
Huge
Close Tags
[quote="sbryzl"]Basically what your saying is if dosbox.exe+38b9fc is a pointer then the value of gold is [code]100D31CC+[dosbox.exe+38B9FC][/code] so that's what to put ini the address field or do the extra math if necessary: [code]100D31CC-FFFFFFFF+[dosbox.exe+38B9FC]-1[/code][/quote]
Options
HTML is
OFF
BBCode
is
ON
Smilies are
ON
Disable BBCode in this post
Disable Smilies in this post
All times are GMT - 6 Hours
Jump to:
Select a forum
Cheat Engine
----------------
Cheat Engine
Cheat Engine MacOS
Cheat Engine Lua Scripting
Cheat Engine Extensions
Cheat Engine Tutorials
General Gamehacking
Auto Assembler tutorials
Pointer tutorials
Game specific tutorials
Webbrowser stuff related tutorials
Console Modding
LUA Tutorials
General Discussions
----------------
General Discussions
Art
Computer Talk
Random spam
Art Requests
Art Tutorials
Willekeurige Rotzooi
Guests
Cheat Requests
----------------
Single player cheat request
Cheat Engine Downloads
----------------
Tables
Trainers
Auto Assemble scripts
Coding
----------------
Cheat Engine Source
CETC Server and Clients
DBVM
Plugin development
General programming
Binaries
Crackmes
General programming+
Game Development
2D Graphics
3D Modeling
Gameplay design
Web Development
Games
----------------
Flash Games
Gaia Online
Stick Arena
Hello Kitty Forums
----------------
Temp
Topic review
Author
Message
Guest
Posted: Fri Apr 21, 2017 7:25 am
Post subject:
ParkourPenguin wrote:
As an aside, I would like to point out that the value 1085801EC overflows to 085801EC when interpreted as a 32-bit value (i.e. an address). It's a bug on CE's part if it can't handle that. I've seen this happen with some debugging stuff in the past, but it seems to be working in CE 6.6 for the few things I've tested.
If eax is 100D31CC and ecx is F84AD020, then eax + ecx = 085801EC. This is a result of modular arithmetic, but a simpler way to think about this is that the result is truncated to 32 bits. The address list and the auto assembler both seem capable of handling this in CE 6.6 (with the usual parsing restrictions, of course).
(In a 64-bit process, addresses take up 64 bits instead of 32, but based on your use of eax/ecx instead of rax/rcx, I figured you were dealing with a 32-bit process)
I was thinking of it as modular, which is how I arrived at my formula to begin with.
Turns out my issue was that I was using the 64 bit version of Cheat Engine, and I didn't even notice it until your post. Thanks a lot! You've saved me a lot of headache
ParkourPenguin
Posted: Thu Apr 20, 2017 9:07 pm
Post subject:
As an aside, I would like to point out that the value 1085801EC overflows to 085801EC when interpreted as a 32-bit value (i.e. an address). It's a bug on CE's part if it can't handle that. I've seen this happen with some debugging stuff in the past, but it seems to be working in CE 6.6 for the few things I've tested.
If eax is 100D31CC and ecx is F84AD020, then eax + ecx = 085801EC. This is a result of modular arithmetic, but a simpler way to think about this is that the result is truncated to 32 bits. The address list and the auto assembler both seem capable of handling this in CE 6.6 (with the usual parsing restrictions, of course).
(In a 64-bit process, addresses take up 64 bits instead of 32, but based on your use of eax/ecx instead of rax/rcx, I figured you were dealing with a 32-bit process)
sbryzl
Posted: Thu Apr 20, 2017 7:34 pm
Post subject:
Try creating an auto assemble script with this. Enable it and use baddy as a bas e address.
Code:
[ENABLE]
label(baddy)
registersymbol(baddy)
[dosbox.exe+38B9FC]+FFFFFFFF100D31CC:
baddy:
[DISABLE]
unregistersymbol(baddy)
Washington_
Posted: Thu Apr 20, 2017 5:12 pm
Post subject:
sbryzl wrote:
Have you tried the pointer with an offset of 100D31CC-100000000?
Or maybe an offset of FFFFFFFF100D31CC?
Yeah, I have. They both are automatically converted back to
1085001EC
What's weird is that the little equation next to the offset shows
Code:
F84AD020 + 100D31CC = 085001EC
However the address that is filled in automatically at the top is
1085001EC
.
sbryzl
Posted: Thu Apr 20, 2017 4:27 pm
Post subject:
Have you tried the pointer with an offset of 100D31CC-100000000?
Or maybe an offset of FFFFFFFF100D31CC?
Washington_
Posted: Thu Apr 20, 2017 1:52 pm
Post subject:
Whoops, wrong image link. That previous link was part of an experiment I was cooking up with some friends at university.
puu sh/vqFaM/752a0c8d63.png
Washington_
Posted: Thu Apr 20, 2017 1:50 pm
Post subject:
sbryzl wrote:
Basically what your saying is if dosbox.exe+38b9fc is a pointer then the value of gold is
Code:
100D31CC+[dosbox.exe+38B9FC]
so that's what to put ini the address field or do the extra math if necessary:
Code:
100D31CC-FFFFFFFF+[dosbox.exe+38B9FC]-1
This is close to what I need, however those addresses don't resolve at all in Cheat Engine.
I've tried doing an offset of the pointer
dosbox.exe+38B9FC
of +
100D31CC
, however that gives me the address
1085001EC
, when I need
085001EC
. That's why I came up with that formula in the first place, to try and work around the fact that I have that extra 1 digit in the front. Unfortunately my tinkering hasn't paid off, which is why I'm here in the first place.
A picture of the table I've got so far:
puu sh/vfT3j/d6c63ab3d3.png
sbryzl
Posted: Thu Apr 20, 2017 11:03 am
Post subject:
Basically what your saying is if dosbox.exe+38b9fc is a pointer then the value of gold is
Code:
100D31CC+[dosbox.exe+38B9FC]
so that's what to put ini the address field or do the extra math if necessary:
Code:
100D31CC-FFFFFFFF+[dosbox.exe+38B9FC]-1
FreeER
Posted: Thu Apr 20, 2017 10:09 am
Post subject:
Hm if you try to simplify this like a typical math equation then (at least for a 32bit program which I think dosbox is)
Code:
100D31CC - (FFFFFFFF - dosbox.exe+38B9FC) - 1
is just
Code:
100D31CC - (-1 - dosbox.exe+38B9FC) - 1
Code:
100D31CC +(1 + dosbox.exe+38B9FC) - 1
Code:
100D31CC + 1 + dosbox.exe+38B9FC - 1
Code:
100D31CC + dosbox.exe+38B9FC
Code:
dosbox.exe+38B9FC+100D31CC
which could be reduced to
Code:
dosbox.exe+1045EBC8
So perhaps try something like that.
Unless you're supposed to be reading the memory at FFFFFFFF - dosbox.exe+38B9FC (-1-dosbox.exe+38B9FC = -(dosbox.exe+38B9FD)) or even just dosbox.exe+38B9FC, in which case it doesn't simplify to just one line like that in the address list but rather something more like "dosbox.exe+38B9FC" as the base address, 0 as the first offset (so it read the address at +38...) and 100D31CCC-1 or just 100D31CCB as the second offset offset so it gets added to the value read from the base address...(lua could use something like "[dosbox.exe+38B9FC]+100D31CC-1" as an address but)
Guest
Posted: Thu Apr 20, 2017 7:47 am
Post subject:
sbryzl wrote:
Try entering in the address field without parenthesis:
100D31CC-FFFFFFFF+dosbox.exe+38B9FC-1
Unfortunately that didn't work. I tried to enter that address manually and it didn't resolve to anything. When I put
dosbox.exe+38B9FC
as a pointer I get the offset, which I can then use to calculate the values I want. However
dosbox.exe+38B9FC
itself isn't the address I need to be manipulating, it contains the address I need to be manipulating.
sbryzl
Posted: Tue Apr 18, 2017 7:35 pm
Post subject:
Try entering in the address field without parenthesis:
100D31CC-FFFFFFFF+dosbox.exe+38B9FC-1
Washington
Posted: Tue Apr 18, 2017 2:47 pm
Post subject: Pointer trouble; have pointer formula
Hi, I'm trying to figure out pointers for things like Gold, Lumber, and Oil in Warcraft II. I've figured out a formula that works for these addresses, however I'm not sure how to translate this into something usable with Cheat Engine.
Every address that holds the values I'm looking for has the following structure:
GOLD:
Code:
100D31CC - (FFFFFFFF - dosbox.exe+38B9FC) - 1
LUMBER:
Code:
100D318C - (FFFFFFFF - dosbox.exe+38B9FC) - 1
I derived these formulas after much trial and error, and I have consistently been able to get the addresses I want using them. Now, I'm trying to convert this into a pointer for Cheat Engine to use.
When I disassemble using Cheat Engine, the code I get is
Code:
mov [eax + ecx], edx
To show where my formula came from, for Gold,
Code:
eax=100D31CC
ecx=F84AD020
eax+ecx =
1085801EC
Address for Gold:
085801EC
As you can see, these values are intimately related. I figured out the formula by subtracting the ecx value from the maximum value of an address (
FFFFFFFF
) and then subtracting that new value from eax
eax - (
FFFFFFFF
- ecx) = eax -
7B52FDF
=
85801ED
Clearly, this is just
085801EC
+ 1, so I subtracted 1 in the 'general' formula and here I am. Sorry for the long explanation of my process, I'm being overly didactic for the sake of clarity.
Back to the problem at hand.
The eax values never change, restart after restart. It is the ecx values that change slightly with every iteration of the program and every level change. However, the pointer to the ecx value is
dosbox.exe+38B9FC
Thus I should have all of the information required to make a pointer for these values, and they should only be a trivial offset apart from one another, as I can easily find the other values by simply incrementing the value of one address by "10" in either direction.
Can anyone help me put this into a pointer format? I've tried messing with offsets and the like, but none of it is helping me figure this out. If you need any other info just let me know.
Powered by
phpBB
© 2001, 2005 phpBB Group
CE Wiki
IRC (#CEF)
Twitter
Third party websites