Cheat Engine

vng21092 · Posted: Sat May 02, 2015 9:32 pm Post subject:

believe me, that was one of the first things I tried, didn't work

, and according to this

eax has to be the right address since ebx is 0... right?

EDIT: nvm, sorry, I forgot, it DOES work BUT, since the instruction writes to 8 addresses, it stores the LAST value of eax into "iqe_slot1", but I still need the first 7 which are 6 bytes behind it, consecutively.

Here's a better picture:

Geri · Moderator Reputation: 111 Joined: 05 Feb 2010 Posts: 5636

Yes, but after that instruction is executed, eax is already replaced with the value and it's not the address anymore.

I don't really get it. What do you want to do with the value when you saved it?

Try to explain what you want to do exactly and you should also clarify which register or address is used for what purpose, because now I have no idea what do you want to do with this. One thing is sure, the code that you have posted in the first post will not work, because you are handling a value as an address and if you just want to save the value, then

movzx eax,byte ptr [eax+ebx]

saves the value from [eax+ebx] to eax. After this instruction, eax is the value that you are looking for. So mov [iqe_slot1],eax has to save the value on your custom address.

Try to use break and trace and check your code step by step, see how are the values and registers changing.

EDIT:
Ok, now I see you have edited your post. This makes it obvious.
What is ebp? It's fairly close to the addresses that you are looking for.

And the value of ebx is probably the counter for the list, so eax is the base address for the list. Which means that since

mov eax,[ebp+14] <--Original Code
movzx eax,byte ptr [eax+ebx] <--Original Code

[ebp+14] has to be the base address of the list.

vng21092 · Posted: Sat May 02, 2015 10:14 pm Post subject:

well if you look at the picture above, I want that first address "1A081BB8" as my starting point, or EAX. Then I just wanna do this

Geri · Moderator Reputation: 111 Joined: 05 Feb 2010 Posts: 5636

I think that [ebp+14] is the base address of the list and ebx is the counter to the exact item in the list.

So save [ebp+14] and then you have the base address.
Eg do something like

mov edi,[ebp+14]

then save the values from [edi], then from [edi+06] etc until all items are saved.

And of course don't forget to save and restore the original edi.

Or since [ebp+14] is saved on eax anyway, you don't have to save it, just use it before it is overwritten. In that case, make sure that all of your code is placed between those 2 lines. So it should look like

1. mov eax,[ebp+14]
2. all of your codes that save [eax], [eax+06] etc
3. movzx eax,byte ptr [eax+ebx]

vng21092 · Posted: Sat May 02, 2015 10:31 pm Post subject:

OMG I'M RETARDED, I don't know WHY that hadn't occurred to me, sometimes things are so simple I over-complicate it in my head, that worked, thank you so much. Now I could finish the inventory editor, you the man. May this relieve you from the stress I have brought upon you