Cheat Engine

Dark Byte · Posted: Mon Sep 20, 2010 3:45 pm Post subject:

ok to recap:
[esi+58] contains a pointer that points to a random address
2 bytes after the location it points to is a byte with a value you want to store

try this code:

Freiza · Posted: Mon Sep 20, 2010 4:21 pm Post subject:

Hello DB,

[esi+58] contains a pointer that points to a 4byte value like "00 c0 01 00"
i want to store 01. in play

Thanks for your time.

Dark Byte · Posted: Mon Sep 20, 2010 4:31 pm Post subject:

the code I gave will do that yes

mov eax,[esi+58]:
eax gets the value of the pointer

mov al,[eax+2]:
al gets the value of the byte 2 bytes after the location the pointer points to

and the push and pop are just to make sure you don't mess up important registers

(starcraft2 ?)

Freiza · Posted: Mon Sep 20, 2010 4:55 pm Post subject:

The game is rise of nation.

The codes were correct but the data dissector was showing incorrect results .
sorry for bugging you.

anyways what was wrong in my codes:

Geri · Moderator Reputation: 111 Joined: 05 Feb 2010 Posts: 5636

I have worked on the same project. The problem is that CE is logically trying to identify the values as if they are stored on 4 or 8 bytes. In some cases if a program is storing some values on 1 byte, CE will obviously miss the type and the data will be shown as pointers:

00 01 02 00 4 bytes from my unit structure
01 01 01 00 4 bytes from enemy unit structure

In this case, these bytes are shown as pointers, however they are obviously not. The first value would point to 00000100 which is of course not really possible. The fact is that the first byte is a player ID in Rise of Nations. 00 for my player, 01 for the enemy.

My question:
Can I compare structures in the dissector from byte to byte or I can use the default guessed type only?
This way I could discover suspicious values like this sooner.

Dark Byte · Posted: Mon Sep 20, 2010 6:46 pm Post subject:

you can make a structure that exists only out of bytes and use that to compare
You could even export it and load it back later on for other games (tip: you can save as CSX and it'll be in xml which might make it easier to make a byte only structure)

also, next ce version does not detect those 2 examples as a dword but as 2 different bytes and a word, unless there is also an address that represents that value. In which case it WILL still be picked as a pointer.

Geri · Moderator Reputation: 111 Joined: 05 Feb 2010 Posts: 5636

Thanks for the hint. I will do it.

Freiza · Posted: Mon Sep 20, 2010 7:18 pm Post subject:

Thanx