|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
foggyspider Newbie cheater Reputation: 0
Joined: 20 May 2010 Posts: 11
|
Posted: Mon Dec 18, 2017 5:58 pm Post subject: Changed meory doesn't apply until ingame button pressed |
|
|
Cheatengine can set the memory but the program does not check the memory or reflect the change until you press a button ingame.
Is it possible to change memory and call the function in the game that runs when you change it through their interface?
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Tue Dec 19, 2017 9:20 am Post subject: |
|
|
If you know what you are doing...(I've _mostly_ avoided calling game functions, especially gui ones). Sometimes you can just find the address for the display value and change it too, rather than trying to track down the function and figure out how to properly call it without crashing the game.
|
|
Back to top |
|
|
foggyspider Newbie cheater Reputation: 0
Joined: 20 May 2010 Posts: 11
|
Posted: Tue Dec 19, 2017 10:47 am Post subject: |
|
|
FreeER wrote: | If you know what you are doing...(I've _mostly_ avoided calling game functions, especially gui ones). Sometimes you can just find the address for the display value and change it too, rather than trying to track down the function and figure out how to properly call it without crashing the game. |
Unfortunately after extensive searching I cannot find any such addresses. Can you please help point me in the right direction of using cheat engine to call a game function?
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Tue Dec 19, 2017 11:24 am Post subject: |
|
|
Essentially, you find the address of the start of the function and use the instruction call <address>.
Obviously it's not always that simple. If it takes arguments, and they often do, then you have to figure out what type of arguments it takes and what values you can pass your self when calling it. If it takes a pointer to a GUI object and to the player then you have to give it valid pointers to those objects when you call it or it's going to crash trying to use the ones it believes are there. If you're using CreateThread rather than hooking existing code to call the function then you're not going to have any usable values in registers already so you'd probably need some way to find them (probably by reading pointers to those pointers manually in assembly, using an aobscan find the pointer, or hooking some other code and copying the pointer to some allocated memory you can then read from).
Once you actually know what all of the arguments are and how you are going to get them then you have to determine how to pass them, if it's an x64 game then it's fairly simple, you subtract 0x20 from rsp for "shadowspace" (a place for the function to save register values it needs to overwrite), and move the values into the correct registers (in order- RCX, RDX, R8, R9 / XMM0, XMM1, XMM2, XMM3 for floating point values, if there happen to be more than four then you use the stack like x86 for the rest), call the function, and then (I believe) add 0x20 back to rsp to "delete" the shadowspace memory.
If it's x86 then you have to figure out if it's stdcall, cdecl, thiscall, or (rarely) something else. With stdcall you just push all the arguments on the stack and call the function, with cdecl you also have to remove the arguments from the stack after the call, and thiscall is basically the same as cdecl except that you have a pointer in ecx (many object methods only need one argument, the pointer to the object to work with, so using 1 register rather than the stack is faster).
Obviously, finding where the game is calling the function can help a lot in figuring out what the arguments are, how it gets them, and how it provides them to the function.
|
|
Back to top |
|
|
foggyspider Newbie cheater Reputation: 0
Joined: 20 May 2010 Posts: 11
|
Posted: Tue Dec 19, 2017 9:03 pm Post subject: |
|
|
FreeER wrote: | Essentially, you find the address of the start of the function and use the instruction call <address>.
Obviously it's not always that simple. If it takes arguments, and they often do, then you have to figure out what type of arguments it takes and what values you can pass your self when calling it. If it takes a pointer to a GUI object and to the player then you have to give it valid pointers to those objects when you call it or it's going to crash trying to use the ones it believes are there. If you're using CreateThread rather than hooking existing code to call the function then you're not going to have any usable values in registers already so you'd probably need some way to find them (probably by reading pointers to those pointers manually in assembly, using an aobscan find the pointer, or hooking some other code and copying the pointer to some allocated memory you can then read from).
Once you actually know what all of the arguments are and how you are going to get them then you have to determine how to pass them, if it's an x64 game then it's fairly simple, you subtract 0x20 from rsp for "shadowspace" (a place for the function to save register values it needs to overwrite), and move the values into the correct registers (in order- RCX, RDX, R8, R9 / XMM0, XMM1, XMM2, XMM3 for floating point values, if there happen to be more than four then you use the stack like x86 for the rest), call the function, and then (I believe) add 0x20 back to rsp to "delete" the shadowspace memory.
If it's x86 then you have to figure out if it's stdcall, cdecl, thiscall, or (rarely) something else. With stdcall you just push all the arguments on the stack and call the function, with cdecl you also have to remove the arguments from the stack after the call, and thiscall is basically the same as cdecl except that you have a pointer in ecx (many object methods only need one argument, the pointer to the object to work with, so using 1 register rather than the stack is faster).
Obviously, finding where the game is calling the function can help a lot in figuring out what the arguments are, how it gets them, and how it provides them to the function. |
Thank you for taking the time to post this, I really appreciate the help.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|