View previous topic :: View next topic |
Author |
Message |
DarkDolphin Newbie cheater Reputation: 1
Joined: 30 Jan 2014 Posts: 22
|
Posted: Mon Feb 20, 2017 5:03 am Post subject: Tracing from a "string" to find the right code |
|
|
Lets say that the game has this function called "get_Invincibility" , and we know for sure that it links to a boolean value (0 or 1).
Since this invincibility value is only used for debugging purposes, we have no way to activate that in game. Therefore, we can't do search / next search to find it.
If we search for the strings "get_Invincibility", it is found.
Question: Is there a way to trace from this "get_Invincibility" strings to the right location storing 0 or 1?
|
|
Back to top |
|
|
SunBeam I post too much Reputation: 65
Joined: 25 Feb 2005 Posts: 4022 Location: Romania
|
Posted: Mon Feb 20, 2017 5:31 am Post subject: |
|
|
If you'd tell us the name of the game or post code snippets, we'd further advise. It totally depends how the game is built: I found strings often used as parameters to functions (push string, push etc., call func), while the magic happened in side the function; of course, there are situations where the string is just a string added to a list of initializations and never used as a reference in game code. In short, find the string location and study the code around it. There's no obvious indication how its effect is compiled (can be a bool, can be a test value, etc.).
|
|
Back to top |
|
|
DarkDolphin Newbie cheater Reputation: 1
Joined: 30 Jan 2014 Posts: 22
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25287 Location: The netherlands
|
Posted: Mon Feb 20, 2017 7:26 am Post subject: |
|
|
try the referenced string window (and let it run)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Mon Feb 20, 2017 9:17 am Post subject: |
|
|
If dev console/debugger features are actually intact (and you are not just seeing remnants of what was stripped prior to shipping), you can typically determine which strings are valuable by using Ollydbg or similar, and doing as SunBeam has suggested - which is examine the code that handles that string as well as the code around it. You can set a breakpoint at the start of the sub-routine to see if it is anything useful and just work your way from there. Sometimes, you have to work your way back, even further, to determine where adjustments need to be made in order to fulfill your dreams.
|
|
Back to top |
|
|
SunBeam I post too much Reputation: 65
Joined: 25 Feb 2005 Posts: 4022 Location: Romania
|
|
Back to top |
|
|
DarkDolphin Newbie cheater Reputation: 1
Joined: 30 Jan 2014 Posts: 22
|
Posted: Tue Feb 21, 2017 12:38 am Post subject: |
|
|
@Dark Byte
________________________________
Very interesting! I never tried the Referenced Strings before. I'll mess around and see how it goes.
(For someone else who reads this and wanna know where it is: Memory Viewer --> View --> Referenced Strings.)
________________________________
@Methos
________________________________
Thank you. I've been using .NET Reflector. It's a unity game.
________________________________
@SunBeam
________________________________
Yeah! You got it right.
If we look at a table Cake-san made for the earlier game version:
/viewtopic.php?t=532837 (No longer works for the current version)
The first script is an AoB scan for the base pointer address. For each jump of the pointer, the description (ex. CharacterStats, m_hitstate) is similar to the string inside the game (but that string is not near the memory address). I really want to figure out how he managed to do that. Not only to do as he did, but to figure out other things like GlobalSettings.GodMode, etc.
Description: |
|
Filesize: |
216.67 KB |
Viewed: |
19847 Time(s) |
|
|
|
Back to top |
|
|
|