Cheat Engine

[RAKO]

ok I want to make a little program for maple story and anyway there is info that I want to find out and all I need is the edx and ecx values but I can't change the memory. I know ce does it in the form:
formFoundcodeListExtraUnit

but I'm not that great with delphi. so can someone tell me how to do this in either c++ or c#?

[Slugsnack]

Do a codecave then move each of the values you want into buffers. You will probably need to use inline ASM either way but make sure not to make any function calls before you move them into buffers else you will end up modifying EAX/ECX/EDX.

Or if you can bypass it.. DebugActiveProcess/GetThreadContext. Not sure what you mean by you can't change memory. You won't be able to read anything without modifying memory or acting as a debugger and/or breakpointing at a certain VA.

[GMZorita]

unsigned myadd = 1;
unsigned myreturn = myaddy+5;
int ecxval;

void mycall()
{
OutputDebugString(IntToHex((int)ecxval,8).c_str());
}

void mycodecave()
{

_asm{
mov [ecxval],ecx
call mycall
jmp myreturn
}
}


Make the jump and your done.

[Zand]

If you're making it jump back to myreturn, when is OutputDebugString called?

[GMZorita]

[Slugsnack]

Read the thread properly..

[GMZorita]

[RAKO]

ok so it is hard to make without mem editing. but i believe it is done in cheat engine and I know which form it is done in so I will have to try. I think I have other options as well. thanks anyway.

[Slugsnack]

[nog_lorp]

Hardware breakpoints. (what is the status on these in current GG?).

[rapion124]

Why can't you edit memory? Is it because of a CRC? If so, then you can just restore the original bytes in your codecave. That should allow you to get the ecx/edx value without getting detected. Only problem is you have to rewrite your jmp everytime.

[sponge]

[nog_lorp]