 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
marmotas
Newbie cheater
![]() Reputation: 0
Joined: 31 Dec 2014
Posts: 10
|
 Posted: Sun Feb 22, 2015 6:41 pm Post subject: How do I change instruction memory view alignment in ce |
 |
|
Hi everybody,
I have the following C# code:
this.state.speedReducer = this.player.get_Ammo().get_SpeedReducer();
In IL code:
L_0000: br L_000b
L_0005: ldc.i4.1
L_0006: break
L_0007: ldnull
L_0008: pop
L_0009: break
L_000a: pop
L_000b: ldarg.0
L_000c: ldfld class MoveState BaseMoveController::state
L_0011: ldarg.0
L_0012: ldfld class BaseNetPlayer BaseMoveController::player
L_0017: callvirt instance class BaseAmmunitions BaseNetPlayer::get_Ammo()
L_001c: callvirt instance float32 BaseAmmunitions::get_SpeedReducer()
L_0021: stfld float32 MoveState::speedReducer
L_0026: ret
the AOB pattern:
//38 ?? ?? ?? ??
IL_0000: br L_000b
//17
IL_0005: ldc.i4.1
//01
IL_0006: break
//14
IL_0007: ldnull
//26
IL_0008: pop
//01
IL_0009: break
//26
IL_000a: pop
//02
IL_000b: ldarg.0
//7B ?? ?? ?? ??
IL_000c: ldfld class MoveState BaseMoveController::state
//02
IL_0011: ldarg.0
//7B ?? ?? ?? ??
IL_0012: ldfld class BaseNetPlayer BaseMoveController::player
//6F ?? ?? ?? ??
IL_0017: callvirt instance class BaseAmmunitions BaseNetPlayer::get_Ammo()
//6F ?? ?? ?? ??
IL_001c: callvirt instance float32 BaseAmmunitions::get_SpeedReducer()
//7D ?? ?? ?? ??
IL_0021: stfld float32 MoveState::speedReducer
//2A
IL_0026: ret
I search for the AOB pattern and I find the address with the following AOB
38 06 00 00 00 17 01 14 26 01 26 02 7B 24 07 00 04 02 7B 27 07 00 04 6F 87 02 00 06 6F C9 01 00 06 7D BE 19 00 04 2A
After I disassemble this memory region and at the beginning I get:
address ----- bytes ----- opcode
12BAC13C - 38 06 - cmp [esi],al
12BAC13E - 00 00 - add [eax],al
12BAC140 - 00 17 - add [edi],dl
12BAC142 - 01 14 26 - add [esi],edx
12BAC145 - 01 26 - add [esi],esp
12BAC147 - 02 7B 24 - add bh,[ebx+24]
12BAC14A - 07 - pop es
12BAC14B - 00 04 02 - add [edx+eax],al
12BAC14E - 7B 27 - jnp 12BAC177
12BAC150 - 07 - pop es
12BAC151 - 00 04 6F - add [edi+ebp*2],al
12BAC154 - 87 02 - xchg [edx],eax
12BAC156 - 00 06 - add [esi],al
12BAC158 - 6F - outsd
12BAC159 - C9 - leave
12BAC15A - 01 00 - add [eax],eax
12BAC15C - 06 - push es
12BAC15D - 7D BE - jnl 12BAC11D
12BAC15F - 19 00 - sbb [eax],eax
12BAC161 - 04 2A - add al,2A
which is a quite strange as I would expect after all some call ops and a return op at the end
after scrolling a bit up and down the view alignment changes automatically and...
address ----- bytes ----- opcode
12BAC13B - 11 38 - adc [eax],edi
12BAC13D - 06 - push es
12BAC13E - 00 00 - add [eax],al
12BAC140 - 00 17 - add [edi],dl
12BAC142 - 01 14 26 - add [esi],edx
12BAC145 - 01 26 - add [esi],esp
12BAC147 - 02 7B 24 - add bh,[ebx+24]
12BAC14A - 07 - pop es
12BAC14B - 00 04 02 - add [edx+eax],al
12BAC14E - 7B 27 - jnp 12BAC177
12BAC150 - 07 - pop es
12BAC151 - 00 04 6F - add [edi+ebp*2],al
12BAC154 - 87 02 - xchg [edx],eax
12BAC156 - 00 06 - add [esi],al
12BAC158 - 6F - outsd
12BAC159 - C9 - leave
12BAC15A - 01 00 - add [eax],eax
12BAC15C - 06 - push es
12BAC15D - 7D BE - jnl 12BAC11D
12BAC15F - 19 00 - sbb [eax],eax
12BAC161 - 04 2A - add al,2A
as you can see the first byte with the value 38 is grouped with some previous bytes and the output code is even more far than the expected
So how do I change the view alignment?
and some more questions...
How ce is aligned with and interprets the byte code?
In my opinion the interpretation of the above byte code is wrong. If so, the problem is caused by the fact that the code is written for the net runtime?
Thank you in advance and sorry for the big post
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Sun Feb 22, 2015 7:01 pm Post subject: |
|
|
Use the left and right arrow keys to move the current address by only 1 byte, instead of letting ce guess it by disassembling it to x86 code and picking the most logical sequence
If it has already heen executed once, you might instead be interested in the native code that has been jitted
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
marmotas
Newbie cheater
![]() Reputation: 0
Joined: 31 Dec 2014
Posts: 10
|
| Posted: Wed Feb 25, 2015 10:57 am Post subject: |
|
|
| Using the arrows works just fine - although the instruction sequence still doesn't make any sense. I will also try to see the results of another dissasembler. Thanks anyway!
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Wed Feb 25, 2015 12:20 pm Post subject: |
|
|
cheat engine disassembles to intel assembler, nit CIL
you can best see CIL as the sourcecode written in a compiler friendly format, but it still needs to be compiled to native code to function
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
