| 
			
				|  | Cheat Engine The Official Site of Cheat Engine
 
 
 |  
 
	
		| View previous topic :: View next topic |  
		| Author | Message |  
		| abystus Expert Cheater
 
  Reputation: 1 
 Joined: 09 Dec 2010
 Posts: 140
 
 
 | 
			
				|  Posted: Wed Apr 11, 2012 6:27 pm    Post subject: Multi-Level Pointer Issue |   |  
				| 
 |  
				| So recently I've run into an issue where the pointer that I find under "Find what writes to this address" does not return any results when searching for it's register value in a 4 byte Hexadecimal search.  The tutorial (Step 8) is very simple, straight forward, and works every time. 
 An example game would be "America's Army 1" for infinite ammunition in the single player training mode.  I do the following:
 
 
  	  | Code: |  	  | - Find the Address (black addy).
 - Find out what writes to the address (only one listing when I shoot).
 - I notice the register inside the mov instruction, and double click the instruction (notice what it tells me I should be searching for, and also the value of the register which are usually the same).
 - Search for the value of the register as a new search (Hex checked and 4 bytes).
 - No results returned.
 
 | 
 
 I guess my question is, am I doing something wrong?  Also, are there games out there that just don't work the same as the tutorial when reversing to base address?  Any help is appreciated in guiding me to the light...
 
 Edit:
 
 I'm running 64 bit Win 7 using the 32 bit 6.1 application if it makes a difference.
 |  |  
		| Back to top |  |  
		|  |  
		| Dark Byte Site Admin
 
  Reputation: 470 
 Joined: 09 May 2003
 Posts: 25806
 Location: The netherlands
 
 | 
			
				|  Posted: Wed Apr 11, 2012 6:36 pm    Post subject: |   |  
				| 
 |  
				| Don't use find what writes. Use find what accesses 
 Also, manually check the register and the instruction in front. Perhaps a calculation is done on that registers which you need to apply
 _________________
 
 Do not ask me about online cheats. I don't know any and wont help finding them.
 Like my help? Join me on Patreon so i can keep helping
 |  |  
		| Back to top |  |  
		|  |  
		| abystus Expert Cheater
 
  Reputation: 1 
 Joined: 09 Dec 2010
 Posts: 140
 
 
 | 
			
				|  Posted: Wed Apr 11, 2012 7:22 pm    Post subject: |   |  
				| 
 |  
				|  	  | Dark Byte wrote: |  	  | Don't use find what writes. Use find what accesses 
 Also, manually check the register and the instruction in front. Perhaps a calculation is done on that registers which you need to apply
 | 
 
 I tried that way as well.  While it does return a result on the register, it doesn't have a static value in the results.  The pointer (1 of the 2 results) is constantly changing values every second, and the second changed to all zeros shortly after displaying.
 
 The two instructions that show when I fire:
 
 mov eax,[ebx]
 
 
  	  | Code: |  	  | 10142D32 - FF 15 A8612110  - call dword ptr [GNatives+108]
 10142D38 - 8B 54 24 10  - mov edx,[esp+10]
 10142D3C - 8B 03  - mov eax,[ebx] <<
 10142D3E - 2B C2  - sub eax,edx
 10142D40 - 5E - pop esi
 
 EAX=00000012
 EBX=0F9F2CB0
 ECX=0F9F2A00
 EDX=00000001
 ESI=0018BE58
 EDI=0018B544
 ESP=0018B508
 EBP=0F9F2A00
 EIP=10142D3E
 
 | 
 
 mov [ebx], eax
 
 
  	  | Code: |  	  | 10142D3E - 2B C2  - sub eax,edx
 10142D40 - 5E - pop esi
 10142D41 - 89 03  - mov [ebx],eax <<
 10142D43 - 8B D8  - mov ebx,eax
 10142D45 - 8B 44 24 10  - mov eax,[esp+10]
 
 EAX=00000011
 EBX=0F9F2CB0
 ECX=0F9F2A00
 EDX=00000001
 ESI=0018BE58
 EDI=0018B544
 ESP=0018B50C
 EBP=0F9F2A00
 EIP=10142D43
 
 | 
 
 Snip of ASM:
 
 
  	  | Code: |  	  | FPlane::TransformBy+3F317 -           -
 FPlane::TransformBy+3F318 - 8B 4E 08  - mov ecx,[esi+08]
 FPlane::TransformBy+3F31B - 56        - push esi
 FPlane::TransformBy+3F31C - 89 46 0C  - mov [esi+0C],eax
 FPlane::TransformBy+3F31F - FF 14 95 A0602110  - call dword ptr [edx*4+GNatives]
 FPlane::TransformBy+3F326 - 8B 56 0C  - mov edx,[esi+0C]
 FPlane::TransformBy+3F329 - 42        - inc edx
 FPlane::TransformBy+3F32A - 8B C2     - mov eax,edx
 FPlane::TransformBy+3F32C - 89 56 0C  - mov [esi+0C],edx
 FPlane::TransformBy+3F32F - 80 38 42  - cmp byte ptr [eax],42
 FPlane::TransformBy+3F332 - 75 10     - jne FPlane::TransformBy+3F344
 FPlane::TransformBy+3F334 - 8B 4E 08  - mov ecx,[esi+08]
 FPlane::TransformBy+3F337 - 40        - inc eax
 FPlane::TransformBy+3F338 - 6A 00     - push 00
 FPlane::TransformBy+3F33A - 56        - push esi
 FPlane::TransformBy+3F33B - 89 46 0C  - mov [esi+0C],eax
 FPlane::TransformBy+3F33E - FF 15 A8612110  - call dword ptr [GNatives+108]
 FPlane::TransformBy+3F344 - 8B 54 24 10  - mov edx,[esp+10]
 FPlane::TransformBy+3F348 - 8B 03     - mov eax,[ebx]
 FPlane::TransformBy+3F34A - 2B C2     - sub eax,edx
 FPlane::TransformBy+3F34C - 5E        - pop esi
 FPlane::TransformBy+3F34D - 89 03     - mov [ebx],eax
 
 | 
 
 
 Both of these have no offset, and also no odd calculation before it (other than the sub eax,edx)  I did notice a register was popped (ESI), but it wasn't EBX so I neglected it.  Thanks for the help thus far.
 |  |  
		| Back to top |  |  
		|  |  
		| abystus Expert Cheater
 
  Reputation: 1 
 Joined: 09 Dec 2010
 Posts: 140
 
 
 | 
			
				|  Posted: Sun Apr 15, 2012 10:46 pm    Post subject: |   |  
				| 
 |  
				| This was easily solved with the pointer scanner.  Dark Byte you are the man!  Even the tutorial (step 8) was easily torn down with it.  This is by far one of the most useful things I've used in Cheat Engine yet.  Keep up the great work! |  |  
		| Back to top |  |  
		|  |  
		|  |  
  
	| 
 
 | You cannot post new topics in this forum You cannot reply to topics in this forum
 You cannot edit your posts in this forum
 You cannot delete your posts in this forum
 You cannot vote in polls in this forum
 You cannot attach files in this forum
 You can download files in this forum
 
 |  |