 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
BlackBolt
Cheater
![]() Reputation: 0
Joined: 16 Jun 2010
Posts: 26
Location: Spain
|
 Posted: Thu Jul 01, 2010 5:51 pm Post subject: Specific adress |
 |
|
Hi there.
I've got a piece of code that writes to random adresses.
Pointers are completely useless, so I want the code to write to a specific adress. Is that possible? If it is, how may I do it?
_________________
Look, behind you! A dristraction!
Where!? |
|
| Back to top |
|
 |
XaLeX
Expert Cheater
![]() Reputation: 0
Joined: 19 Aug 2008
Posts: 226
|
| Posted: Thu Jul 01, 2010 6:33 pm Post subject: |
|
|
Assuming the code is something like
| Code: | //load random address in eax
mov [eax],value
|
you could replace it with (obviously using a cave):
| Code: | push eax
mov eax,your_address
mov [eax],value
pop eax
(jmp back) |
and it'll write to your_address.
|
|
| Back to top |
|
|
BlackBolt
Cheater
![]() Reputation: 0
Joined: 16 Jun 2010
Posts: 26
Location: Spain
|
|
| Back to top |
|
|
XaLeX
Expert Cheater
![]() Reputation: 0
Joined: 19 Aug 2008
Posts: 226
|
| Posted: Thu Jul 01, 2010 7:02 pm Post subject: |
|
|
haha no problem  i'm really enjoying learning it, it's kind of.. rewarding xD
|
|
| Back to top |
|
|
BlackBolt
Cheater
![]() Reputation: 0
Joined: 16 Jun 2010
Posts: 26
Location: Spain
|
| Posted: Thu Jul 01, 2010 7:48 pm Post subject: |
|
|
Ok, seems that I'm doing something wrong, because the adress I want it to write to doesn't get the value. I also don't understand some things, so I'll explain a bit more the situation...
The adress where the code's located is: 06294A5C which has the code:
and I want that code to write to the adress 006176F8
Sorry for bothering already having some info, but I'm kinda a noob at code stuff xD
And at the end, (jmp back)... where does it exactly have to jump? back to the previous adress? (06294A5C) Done that before and the game kept in the loading screen. I guess it was because there was some kind of loop.
_________________
Look, behind you! A dristraction!
Where!? |
|
| Back to top |
|
|
zile
Advanced Cheater
![]() Reputation: 0
Joined: 11 Jul 2009
Posts: 75
|
| Posted: Thu Jul 01, 2010 10:07 pm Post subject: |
|
|
| BlackBolr wrote: | Ok, seems that I'm doing something wrong, because the adress I want it to write to doesn't get the value. I also don't understand some things, so I'll explain a bit more the situation...
The adress where the code's located is: 06294A5C which has the code:
and I want that code to write to the adress 006176F8
Sorry for bothering already having some info, but I'm kinda a noob at code stuff xD
And at the end, (jmp back)... where does it exactly have to jump? back to the previous adress? (06294A5C) Done that before and the game kept in the loading screen. I guess it was because there was some kind of loop. |
jump back to the next line after the previous address ( i dont know how many opcodes are mov [eax], value )
basically, just see the next line's address and make your codecave jump to that line
what ur doing is going in a loop because
06294A5C -> your codecave -> 06294A5C -> your codecave....non-stop
|
|
| Back to top |
|
|
XaLeX
Expert Cheater
![]() Reputation: 0
Joined: 19 Aug 2008
Posts: 226
|
| Posted: Fri Jul 02, 2010 1:56 am Post subject: |
|
|
| BlackBolr wrote: | The adress where the code's located is: 06294A5C which has the code:
and I want that code to write to the adress 006176F8 |
(..I hope bl doesn't have any strange functioning. xD)
So, in the memory view highlight that line of code and hit CTRL+A, then from the Template menu choose Code Injection.
You should get something like
| Code: | alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
06294A5C:
jmp newmem
//some nop's (none is fine too)
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov [esi+50],bl
//something
exit:
jmp returnhere |
where it says "place your code here", add (in a new line)
Also, if you want the code to write ONLY to your new address, and not in the original one, erase the first line of "originalcode".
|
|
| Back to top |
|
|
BlackBolt
Cheater
![]() Reputation: 0
Joined: 16 Jun 2010
Posts: 26
Location: Spain
|
| Posted: Fri Jul 02, 2010 6:10 am Post subject: |
|
|
I feel... dumb xD, so easy.... tried many similar combinations, and nothing... XD
Anyway, now works, value is written at the adress I want, but changing its value doesn't have efect in-game, as it did changing the original adresses it wrote to.
It seems I'll have to find another way to handle this code after all.
Thanks for the help once again xD
_________________
Look, behind you! A dristraction!
Where!? |
|
| Back to top |
|
|
XaLeX
Expert Cheater
![]() Reputation: 0
Joined: 19 Aug 2008
Posts: 226
|
| Posted: Fri Jul 02, 2010 12:06 pm Post subject: |
|
|
Well, changing the new value cannot affect the original one obviously >.<
I thought you only needed to know the value.
in this case there are two things you can do:
1)find the pointer path. i mean, there are no random pointers as far as i know O_o
2)modify the code once more:
| Code: |
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
06294A5C:
jmp newmem
//some nop's (none is fine too)
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
originalcode:
mov [esi+50],bl
//something
exit:
jmp returnhere
|
and where it says "place your code here", this time you add
replacing value with either a fixed value, as a constant in the code, e.g.
| Code: | | mov bl,64 //remember it's in hex |
or by reading an address you'll add in the cheat table, thus being able to change the value more easily. you can use an unused address in the program memory, it's not hard to find.. or you could allocate 1 byte* (CTRL+ALT+M in memory view) and use that.
assuming the new memory has address 00123ABC, you'd write
then you can add that address to the table to change it easily*.
*the bl register is of the type byte, that is, it takes up only one byte. be careful!
|
|
| Back to top |
|
|
BlackBolt
Cheater
![]() Reputation: 0
Joined: 16 Jun 2010
Posts: 26
Location: Spain
|
| Posted: Fri Jul 02, 2010 12:40 pm Post subject: |
|
|
>.< Call me noob.. (well I actually am xD) but when modified the code at the allocated memory it said that the line containing
couldn't be compiled.
_________________
Look, behind you! A dristraction!
Where!? |
|
| Back to top |
|
|
XaLeX
Expert Cheater
![]() Reputation: 0
Joined: 19 Aug 2008
Posts: 226
|
| Posted: Fri Jul 02, 2010 1:07 pm Post subject: |
|
|
oops.. sorry xD
try
| Code: |
push eax
mov eax,006176F8
mov bl,[eax]
pop eax
|
EDIT: actually, if i try doing something like "mov bl,[...]" CE says it's fine. O_o
|
|
| Back to top |
|
|
BlackBolt
Cheater
![]() Reputation: 0
Joined: 16 Jun 2010
Posts: 26
Location: Spain
|
|
| Back to top |
|
|
XaLeX
Expert Cheater
![]() Reputation: 0
Joined: 19 Aug 2008
Posts: 226
|
| Posted: Fri Jul 02, 2010 4:04 pm Post subject: |
|
|
fortunately for us, dark byte is a genius xD
right click the code in that spot, and choose "Find out what addresses this instruction accesses"
depending on how fast the pointer path changes, you'll get from one to dozens of addresses.. good luck xD
|
|
| Back to top |
|
|
BlackBolt
Cheater
![]() Reputation: 0
Joined: 16 Jun 2010
Posts: 26
Location: Spain
|
| Posted: Fri Jul 02, 2010 4:11 pm Post subject: |
|
|
Isn't that the same as right-click at the code (in codelist) -> find out what adresses this code writes to ? XD I know to do that already.... the point is that CE does it by itself... isn't there something like a script to do so or something?
EDIT: Pointers for this code are completely useless, there's no pointer for this.... not a static one.
_________________
Look, behind you! A dristraction!
Where!? |
|
| Back to top |
|
|
XaLeX
Expert Cheater
![]() Reputation: 0
Joined: 19 Aug 2008
Posts: 226
|
| Posted: Fri Jul 02, 2010 4:53 pm Post subject: |
|
|
Well, the address is just esi+50, so if you allocate 4 bytes and create a routine that continually stores in that 4 bytes the value of esi+50 you would theoretically have a pointer to that value. theoretically xD
so, let's try xD
as always, select that piece of code, ctrl+a, code injection template.
| Code: |
//add this line to the other allocations:
alloc(addr,4)
newmem:
push eax
lea eax,[esi+50]
mov [addr],eax
pop eax
originalcode:
mov [esi+50],bl
//...
|
when you inject it, be sure to write down what it says. ("addr = xxxxxxx")
then in the address list click on "manually add an address", select pointer, write the address you have noted down earlier, offset 0. voilą xD
as soon as the value gets changed you get a permanent pointer to it.
(worked for me with plant tycoon, so should be fine.. cross your fingers xD)
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
but I'm running out of ideas of how to handle this problem.