Cheat Engine

Xtensity · Newbie cheater Reputation: 0 Joined: 15 Mar 2010 Posts: 11

I have an OP code(00463B2D - mov [edi+esi*4+10],ebx) that writes to about 1000+ different memory addresses. Though one particular address is writes to, it always writes a 16, or a 128. What would I do exactly to make it so this OP code always writes a 128 to this address?

At first I tried NOP'ing the OP code and changing the target memory address to 128, but of course that crashed the game since it stopped writing to all the other memory addresses.

Is there some sort of way I can step in and make it so this OP code only writes a 16, or 128, when it is writing to a particular address? We'll say the particular address is 237BBEE0. How can I make it so it only gets a 128 or a 16 written to it? Is this possible?

DaSpamer · Posted: Sun Aug 04, 2013 8:55 pm Post subject:

First of all,
This is not related to LUA scripting, it's related to Assemble forum.

Secondly,
Please do Cheat Engine tutorial (Step: Dissect structures and the code injection), it's explaining all you asked

Xtensity · Newbie cheater Reputation: 0 Joined: 15 Mar 2010 Posts: 11

I can easily complete the entire tutorial without any trouble, but nothing in there would help me with this current situation.

I posted this here because I figured a Lua Script, OR an AA script could accomplish the task, though I am unsure how(hence asking for help). I have poured over the AA forum and can not find, or atleast understand how I could conditionally check if certain addresses are being modified by a certain op code.

I am seeking out a way to automatically check if this op code writes to a specific address, and when it does to always write a specific value, but without interfering with the thousands of other addresses it writes to.

DaSpamer · Posted: Sun Aug 04, 2013 11:14 pm Post subject:

You can do

Xtensity · Newbie cheater Reputation: 0 Joined: 15 Mar 2010 Posts: 11

That script does absolutely nothing near what I was asking about.

To put this in simpler terms as I don't think you are understanding.

I need something that more or less will go

If [edi+esi*4+10] == 237BBEE0 then
mov [edi+esi*4+10], 128
else
mov [edi+esi*4+10], ebx
end

Is there a way to do this? Where as above, the op code continues as normal unless the target address is my address I am looking for, and if so, then only mov 128 into it.

mgr.inz.Player · Posted: Tue Aug 06, 2013 3:40 am Post subject:

@Xtensity,

DaSpamer clearly understands what you want to achieve. Just do that "Structure dissect" tutorial. Compare structure at your address (237BBEE0 from example) with two or more other structures (addresses).

You do this:
1) right click on "mov [edi+esi*4+10],ebx" instruction and choose "find out what addresses this instruction accesses".

2) open "Structure dissect" window, add your address (237BBEE0 or whatever it is)

3) click "add extra address" (under file menu). Fill in any (other than 237BBEE0) address from step 1. You can add more addresses.

4) Now, "Structures -> define new structure", name it, click yes, leave default 4096, OK.

Now, compare both structures. Use gained knowledge about differences and create "filter".

For example you found out that at offset 0x20 your target has always value 01, and others have always 00.
(edi+esi*4+10 + 20 = edi+esi*4+30)

DaSpamer · Posted: Tue Aug 06, 2013 4:43 pm Post subject:

One way is what mgr.inz.Player said.
Other way is simple checking what value ebx holds,
Since you didn't listen to my advice about dissect structure, I gave you simple alternative solution.
Because obviously, if it writes only 2 values which are 16 or 126, theres possible that it's not writing to all 1000's addresses.
It's handy if you don't use Dissect Structure.