View previous topic :: View next topic |
Author |
Message |
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Sat Dec 30, 2017 3:35 pm Post subject: Cmp apparently not working |
|
|
Hello everyone!
I apologize in advance for any kind of grammar mistake (and also for any script-related mistake)
I can't post Images so you have to copy and paste and do stuff
Basically i have found the instruction that accesses the 2 Addresses that i am interested to change:
So i proceeded by searching for a suitable offset to compare, because of the shared instruction (I checked registers too but no luck.):
I grouped the 2 base addresses i want in the Group 1 and the others in Group 2 and, as you can see, the offset at +04 is good for a compare.
So i wrote down this script:
When i enable it tho, my values are not changing.
If i replace the jne with a je, ALL the addresses will be affected by the instruction (my addresses will consequently change too).
What am i doing wrong?
P.S: If i directly modify my addresses, they will be changed, so i suppose there is no instruction watching and re-changing my addresses.
P.P.S: I tried also this: viewtopic.php?p=5720841
P.P.P.S: The Offset is correct, i've checked multiple times even restarting the PC.
I hope that everything was clear and also that someone will help me!
Thank you and Happy New Year
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Sat Dec 30, 2017 3:54 pm Post subject: |
|
|
perhaps [edi+04] value is not a constant, or will change while-in-game.
lock group one addresses and add them again into another group and see if they change, alternatively you can compare the registers too.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Sat Dec 30, 2017 3:56 pm Post subject: |
|
|
OldCheatEngineUser wrote: | perhaps [edi+04] value is not a constant, or will change while-in-game.
lock group one addresses and add them again into another group and see if they change, alternatively you can compare the registers too. |
I checked 4-5 times as i said and it was 46 all the times
Thanks for editing the images in the post!
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Sat Dec 30, 2017 4:09 pm Post subject: |
|
|
The other thing to consider is that the code is working but the value is overwritten some where else, I would try stepping though the injection code to confirm if it is working or not. If it is then it is either not the real value (display or dummy) or you will need to deal with the other instructions that may only fire after you write to the value.
_________________
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Sat Dec 30, 2017 4:26 pm Post subject: |
|
|
Floating point numbers usually go through the FPU in x86. When I see code treat them as plain old data (i.e. moved through general purpose registers), it usually isn't what I'm looking for. Another instruction is probably writing to the address, or that address doesn't hold the right value. (if changing the value yourself doesn't work, a code injection won't work either)
Set a breakpoint in your code injection and see what happens. If it hits too often on the cmp instruction, place it on "mov [edi+30],(float)200" so you can see if it's at least taking the branch.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Sat Dec 30, 2017 4:45 pm Post subject: |
|
|
TheyCallMeTim13 wrote: | The other thing to consider is that the code is working but the value is overwritten some where else, I would try stepping though the injection code to confirm if it is working or not. If it is then it is either not the real value (display or dummy) or you will need to deal with the other instructions that may only fire after you write to the value. |
ParkourPenguin wrote: | Floating point numbers usually go through the FPU in x86. When I see code treat them as plain old data (i.e. moved through general purpose registers), it usually isn't what I'm looking for. Another instruction is probably writing to the address, or that address doesn't hold the right value. (if changing the value yourself doesn't work, a code injection won't work either)
Set a breakpoint in your code injection and see what happens. If it hits too often on the cmp instruction, place it on "mov [edi+30],(float)200" so you can see if it's at least taking the branch. |
The Addresses are correct, if i change them directly via CE they will change effectively and not revert back. (if this is what u mean)
There is only a SINGLE instruction constantly writing at the first address (it is the instruction i'm injecting to).
I forgot to say: They are 2 addresses of Y coordinates of 2 different objects
I will try what you both said, will take some time
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Sat Dec 30, 2017 5:38 pm Post subject: |
|
|
Perhaps the "EDI+4" address is a flag for a stage in the procedure and is always 46 at that one point, but this happens so fast that you never see it in the dissect data structure form.
Quote: | If i replace the jne with a je, ALL the addresses will be affected by the instruction (my addresses will consequently change too). |
This is what got me thinking about that, that it is really always equal to 46 here. Again you will just have to step though the code to see.
Hope it helps.
_________________
|
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Sat Dec 30, 2017 6:14 pm Post subject: |
|
|
TheyCallMeTim13 wrote: | Perhaps the "EDI+4" address is a flag for a stage in the procedure and is always 46 at that one point, but this happens so fast that you never see it in the dissect data structure form.
Quote: | If i replace the jne with a je, ALL the addresses will be affected by the instruction (my addresses will consequently change too). |
This is what got me thinking about that, that it is really always equal to 46 here. Again you will just have to step though the code to see.
Hope it helps. |
Wow, that's smart.
I'll check if that address is being writed too. Thank you
EDIT: Maybe you were right, that offset is being writed constantly by 3 instructions: (img below)
ht tps:// i. img ur. com/Jm EyGa1.png
Even tho they are and/or
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Sat Dec 30, 2017 7:43 pm Post subject: |
|
|
I would back trace the base address to use as an identifier or just find a different identifier in the structure.
_________________
|
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Sun Dec 31, 2017 8:35 am Post subject: |
|
|
I wanted to try with registers, as you can see in the following image:
The green-ish are my addresses, i noticed that EDX has an unique value; so my script became:
Still not changing the single address.
Could it be that even the register is constantly changing?[/img]
Last edited by LewcowVaal on Thu Dec 08, 2022 9:46 am; edited 1 time in total |
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Sun Dec 31, 2017 10:51 am Post subject: |
|
|
Yeah, my bet is that, that is an address used some where in the procedure.
What I would try is to back trace the base address to a point when only the base for the player is calculated. There is a spot where only the players base is calculated. But It may be be several levels back to get to that point.
Ever table I do I always try to find a solid base and test the hell out of it before writing any cheats. This way I get around a lot of guess work when identifying the player.
_________________
|
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Sun Dec 31, 2017 1:57 pm Post subject: |
|
|
TheyCallMeTim13 wrote: | Yeah, my bet is that, that is an address used some where in the procedure.
What I would try is to back trace the base address to a point when only the base for the player is calculated. There is a spot where only the players base is calculated. But It may be be several levels back to get to that point.
Ever table I do I always try to find a solid base and test the hell out of it before writing any cheats. This way I get around a lot of guess work when identifying the player. |
I just need to figure out how to do that!
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Sun Dec 31, 2017 2:13 pm Post subject: |
|
|
No general tutorial for that on the wiki, I will report back after completion but it may be a little bit. But it's amateur night tonight too, so I will be hanging out at home.
_________________
|
|
Back to top |
|
|
LewcowVaal Advanced Cheater Reputation: 0
Joined: 30 Dec 2017 Posts: 63
|
Posted: Sun Dec 31, 2017 2:33 pm Post subject: |
|
|
TheyCallMeTim13 wrote: | No general tutorial for that on the wiki, I will report back after completion but it may be a little bit. But it's amateur night tonight too, so I will be hanging out at home. |
I guess that should be similar to finding a base pointer...
I appreciate your dedication, just take your time and enjoy the ending of this year
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Mon Jan 01, 2018 2:07 am Post subject: |
|
|
_________________
|
|
Back to top |
|
|
|