| View previous topic :: View next topic |
| Author |
Message |
ranseier
Newbie cheater
![]() Reputation: 0
Joined: 27 Sep 2015
Posts: 23
|
 Posted: Mon Oct 19, 2015 3:02 pm Post subject: C# Find out what addresses this instruction accesses |
 |
|
Hi,
I found an address in the memory viewer where I can do the "Find out what addresses this instruction accesses" which returns all enemies healths in the game. Thanks to the AOB signatur this address is stable during game restarts.
Now I want to get the same result in C# - get all the enemies health values.
I am using this class http://www.cheatengine.org/forum/viewtopic.php?p=5242821&sid=3170ae57f3052fd995f64e24ff8e091e so the AOB scan is no problem.
But how about the the part that "Find out what addresses this instruction accesses" does? I have no clue what technique is used here.
Thanks for any hints!
|
|
| Back to top |
|
 |
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Mon Oct 19, 2015 8:20 pm Post subject: |
|
|
AFAIK cheat engine is using the debugger to retrieve those addresses.
A fairly simple solution for you would be to hook the code and retrieve the offset.
If your code updating life is :
mov [eax+0c], ebx
then a simple :
push ecx
push edx
lea ecx,[eax+0c]
mov edx, 0x00434256
mov [edx],ecx
pop edx
pop ecx
this would store the first address whose life is being modified to 0X00434256 memory address.
now you can modify the code to figure out how many adress are being accessed and you can log all of them with a bit more of assembly code.
|
|
| Back to top |
|
|
ranseier
Newbie cheater
![]() Reputation: 0
Joined: 27 Sep 2015
Posts: 23
|
| Posted: Tue Oct 20, 2015 5:00 am Post subject: |
|
|
After watching Fleeps "C++ Mid Function Hooking/Codecaving Tutorial" on youtube, I learned how to hook the code. It looks like C++ is more suited for dll injection than C#.
| ulysse3131 wrote: |
now you can modify the code to figure out how many adress are being accessed and you can log all of them with a bit more of assembly code. |
Do you have an example or a hint how to do that? I am quite new to ASM.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4697
|
| Posted: Tue Oct 20, 2015 9:49 am Post subject: |
|
|
| ranseier wrote: | | ulysse3131 wrote: |
now you can modify the code to figure out how many adress are being accessed and you can log all of them with a bit more of assembly code. |
Do you have an example or a hint how to do that? I am quite new to ASM. |
I'd do it by allocating some memory, then making a routine that loops through that memory comparing the stored addresses to the one that's being accessed by the game's instruction.
For example, using CE's auto assembler, let's assume the eax register points to the enemy's address. Then:
| Code: | alloc(newmem,1024)
alloc(enemyAddresses,1024)
label(addEnemyAddress)
label(exitAdd)
label(exit)
newmem:
//game's code, example:
mov esi,[eax]
//eax is a pointer, [eax] is the enemy's address
//then:
push ecx
push edi
mov ecx,enemyAddresses
call addEnemyAddress
pop edi
pop ecx
//continue game's code here
addEnemyAddress:
mov edi,[ecx]
cmp esi,edi
je exit
test edi,edi
jz exitAdd
add ecx,4
jmp addEnemyAddress
exitAdd:
mov [ecx],esi
exit:
ret |
Of course, if it's possible for an enemy to be destroyed, then you'd need a way of removing that enemy's address from this list. That would be a bit more challenging to do, but it's still easily possible. Just loop through the list, and once you find it, move every address after it back one until you reach a null address (a value of 0).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Tue Oct 20, 2015 2:27 pm Post subject: |
|
|
| Yes, that chunk of code is pretty good, unfortunately I don't think there is a "newbie" way to make this, you'll need to learn a bit of assembly to get something decent.
|
|
| Back to top |
|
|
ranseier
Newbie cheater
![]() Reputation: 0
Joined: 27 Sep 2015
Posts: 23
|
| Posted: Tue Oct 20, 2015 2:30 pm Post subject: |
|
|
| thank you guys, I will try it.
|
|
| Back to top |
|
|
ulysse31
Master Cheater
![]() Reputation: 2
Joined: 19 Mar 2015
Posts: 324
Location: Paris
|
| Posted: Tue Oct 20, 2015 7:04 pm Post subject: |
|
|
Just be very careful with the stack, remember "call" modifies the stack and 1 call must ultimately meet 1 (and only one) ret.
Remember to push every register you use and pop it afterwards.
If you crash your game it very likely will be because one of the above 2.
If you meet problems don't hesitate to post your code here.
The given chunk of code assumes there is a pointer to your final address but it might not be the case so before you start coding, take the line of code that is from the game and that you found and determine wether it's a pointer or not.
Also if you don't wanna allocate memory you can scan for code caves, it's very likely you'll have pretty large ones.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
