| View previous topic :: View next topic |
| Author |
Message |
Insensitivity
How do I cheat?
![]() Reputation: 0
Joined: 03 May 2015
Posts: 5
|
 Posted: Sun May 03, 2015 6:15 am Post subject: Finding Pointers |
 |
|
As I am fairly new to using Cheat Engine, I tried finding some pointers, I managed to find 3 offsets and then i got stuck on this two:
| Code: |
The following opcodes accessed 106D1320
0299DF5A - 85 05 00011C00 - test [001C0100],eax
0299DF60 - C3 - ret
0299DF61 - 8B 40 10 - mov eax,[eax+10] <<
0299DF64 - 83 C4 38 - add esp,38
0299DF67 - 5D - pop ebp
EAX=10570028
EBX=148740E0
ECX=05C0C9E8
EDX=10715EF0
ESI=106D1310
EDI=05C0C9E8
ESP=18CDF520
EBP=18CDF598
EIP=0299DF64
|
First of all, I would like to understand how from
It ended up giving me 106D1310(The value of the pointer is probaby...), which is correct, I just don't seem to understand why.
Secondly, in the following:
| Code: |
The following opcode accessed 1069B370:
02BE29BA - 3B 71 08 - cmp esi,[ecx+08]
02BE29BD - 0F83 56010000 - jae 02BE2B19
02BE29C3 - 8B 74 B1 0C - mov esi,[ecx+esi*4+0C] <<
02BE29C7 - 83 FE 00 - cmp esi,00
02BE29CA - 0F84 EC000000 - je 02BE2ABC
EAX=002F41B4
EBX=14874008
ECX=1069B338
EDX=002F419B
ESI=106D1310
EDI=106469E0
ESP=18CDF510
EBP=18CDF5C0
EIP=02BE29C7
|
I failed to find the pointer and the offset.
I searched through some old topics in google, but couldn't implement what I was reading into my specific process. I assume from reading Dark_Byte's comments that this refers to an array ( which is good as this is probably what I am looking for)
, but I can't figure out the address and the offset, any help is appreciated.
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sun May 03, 2015 8:42 am Post subject: |
|
|
Before this code executes, EAX contains the base address of the game structure.
It gets to the specific variable you're after by adding hex 10 (16) to that address.
| Code: | | mov esi,[ecx+esi*4+0C] |
In this scenario, ECX contains your base address. ESI is used as an index and hex 0C is a base offset.
It multiplies ESI by 4 because each variable in that array is 4 bytes long.
It should also be noted that these probably aren't static pointers.
So when you reload the game, they will not work.
|
|
| Back to top |
|
|
Insensitivity
How do I cheat?
![]() Reputation: 0
Joined: 03 May 2015
Posts: 5
|
| Posted: Sun May 03, 2015 8:44 am Post subject: |
|
|
| sorry for lacking so much knowledge, but how then I find ECX ?
|
|
| Back to top |
|
|
vng21092
Grandmaster Cheater
 Reputation: 15
Joined: 05 Apr 2013
Posts: 644
|
| Posted: Sun May 03, 2015 9:21 am Post subject: |
|
|
| put a breakpoint on the instruction (F5) and the next time the code gets executed the game would freeze and the registers should pop up in the memory viewer on the right
|
|
| Back to top |
|
|
Insensitivity
How do I cheat?
![]() Reputation: 0
Joined: 03 May 2015
Posts: 5
|
| Posted: Sun May 03, 2015 12:36 pm Post subject: |
|
|
| vng21092 wrote: | | put a breakpoint on the instruction (F5) and the next time the code gets executed the game would freeze and the registers should pop up in the memory viewer on the right |
Is there any viable solution that doesn't require using a break point, as it isn't possible for me right now..?
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sun May 03, 2015 1:50 pm Post subject: |
|
|
If you are using Find out what access this address, then you're using breakpoints.
Also, you have ECX listed right there in your output (at the bottom). 
|
|
| Back to top |
|
|
justa_dude
Grandmaster Cheater
 Reputation: 23
Joined: 29 Jun 2010
Posts: 893
|
| Posted: Sun May 03, 2015 2:56 pm Post subject: Re: Finding Pointers |
|
|
| Insensitivity wrote: | in the following:
| Code: |
The following opcode accessed 1069B370:
02BE29BA - 3B 71 08 - cmp esi,[ecx+08]
02BE29BD - 0F83 56010000 - jae 02BE2B19
02BE29C3 - 8B 74 B1 0C - mov esi,[ecx+esi*4+0C] <<
02BE29C7 - 83 FE 00 - cmp esi,00
02BE29CA - 0F84 EC000000 - je 02BE2ABC
EAX=002F41B4
EBX=14874008
ECX=1069B338
EDX=002F419B
ESI=106D1310
EDI=106469E0
ESP=18CDF510
EBP=18CDF5C0
EIP=02BE29C7
|
I failed to find the pointer and the offset.
I searched through some old topics in google, but couldn't implement what I was reading into my specific process. I assume from reading Dark_Byte's comments that this refers to an array ( which is good as this is probably what I am looking for)
, but I can't figure out the address and the offset, any help is appreciated. |
If the pointer is in ECX and you're searching for pointers, then you want to search for memory containing the address 1069B338.
BTW, this looks like .NET/Mono code. Is it? And if so, why don't you have CE's Mono features enabled?
| Insensitivity wrote: | | vng21092 wrote: | | put a breakpoint on the instruction (F5) and the next time the code gets executed the game would freeze and the registers should pop up in the memory viewer on the right |
Is there any viable solution that doesn't require using a break point, as it isn't possible for me right now..? |
Yes, absolutely... find a suitable hack point (the ones you"ve identified while looking for pointer chains may be suitable, and grab the address with injection. It's almost always a heck of a lot faster than searching for pointers.
_________________
A nagy kapu mellett, mindig van egy kis kapu.
----------------------
Come on... |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
