Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Getting scren resolution
Goto page Previous  1, 2, 3  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting
View previous topic :: View next topic  
Author Message
k4sh
Cheater
Reputation: 0

Joined: 01 Mar 2016
Posts: 28
PostPosted: Sun Mar 20, 2016 4:48 am    Post subject: Reply with quote
"mgsvtpp.exe"+303747F gives me only one address accessed which is the one found with the group search.

"mgsvtpp.exe"+303D7AD gave me 2 addresses.
Same as above and 07B01940 which is new.

I get these results only after changing resolution. Nothing if i only play the game.

Browsing and displaying that address shows me obviously the width and next (07B01940 + 4) gives me the height.
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
PostPosted: Mon Mar 21, 2016 9:25 am    Post subject: Reply with quote
Could you check "find out what accesses ..." that new 07B01940 address. Maybe it is constantly accessed and we can use this nonstatic address.





About instruction at "mgsvtpp.exe"+303747F.
Looks like I need more information. For now there's not enough information to make a script, which will work all the time, not only at the resolution change.

Currently we can see last part of that function.
"ORIGINAL CODE" generated by CE template is too short, I hoped it wouldn't.
We can try again, highlight this opcode again, press and hold SHIFT, hit PageUP ten times, then press CTRL+C, click "copy", then paste here.






Also, I think it would be better to find the caller too.

Start the game in window mode,
highlight "mgsvtpp.exe"+30374AF (it is 'ret'),
press F5 to toggle on breakpoint at this address,
change resolution in game,
I should see the game froze,
inside memory viewer, press F7 once,
one line above there is caller,
highlight it, press and hold SHIFT, hit PageUP ten times, then press CTRL+C, click "copy", then paste here.





Maybe with that I or somebody can figure it out.
_________________
Back to top
View user's profile Send private message MSN Messenger
k4sh
Cheater
Reputation: 0

Joined: 01 Mar 2016
Posts: 28
PostPosted: Mon Mar 21, 2016 2:09 pm    Post subject: Reply with quote
07B01940 (which has changed today) is accessed by 3 new adresses while changing the resolution in game.

1st one is located in MSVCR110.memmove
2nd one is "mgsvtpp.exe"+303D7AD seen previously
3rd one is "mgsvtpp.exe"+303747B

Opcodes around "mgsvtpp.exe"+303747F :

Code:

mgsvtpp.exe+3037303 - 8B 44 F8 0C           - mov eax,[rax+rdi*8+0C]
mgsvtpp.exe+3037307 - EB B6                 - jmp mgsvtpp.exe+30372BF
mgsvtpp.exe+3037309 - 48 89 D9              - mov rcx,rbx
mgsvtpp.exe+303730C - E8 8FE0DBFF           - call mgsvtpp.exe+2DF53A0
mgsvtpp.exe+3037311 - 48 8B 5C 24 50        - mov rbx,[rsp+50]
mgsvtpp.exe+3037316 - 48 83 C4 30           - add rsp,30 { 48 }
mgsvtpp.exe+303731A - 5F                    - pop rdi
mgsvtpp.exe+303731B - C3                    - ret
mgsvtpp.exe+303731C - 00 CC                 - add ah,cl
mgsvtpp.exe+303731E - CC                    - int 3
mgsvtpp.exe+303731F - CC                    - int 3
mgsvtpp.exe+3037320 - CC                    - int 3
mgsvtpp.exe+3037321 - CC                    - int 3
mgsvtpp.exe+3037322 - CC                    - int 3
mgsvtpp.exe+3037323 - CC                    - int 3
mgsvtpp.exe+3037324 - CC                    - int 3
mgsvtpp.exe+3037325 - CC                    - int 3
mgsvtpp.exe+3037326 - CC                    - int 3
mgsvtpp.exe+3037327 - 66 0F1F 84 00 00000000  - nop [rax+rax+00000000]
mgsvtpp.exe+3037330 - 48 83 EC 28           - sub rsp,28 { 40 }
mgsvtpp.exe+3037334 - 4C 8B 42 58           - mov r8,[rdx+58]
mgsvtpp.exe+3037338 - 48 BA FFFFFFFFFFFF0000 - mov rdx,0000FFFFFFFFFFFF { -1 }
mgsvtpp.exe+3037342 - 4C 89 C0              - mov rax,r8
mgsvtpp.exe+3037345 - 48 33 41 20           - xor rax,[rcx+20]
mgsvtpp.exe+3037349 - 48 85 C2              - test rdx,rax
mgsvtpp.exe+303734C - 75 09                 - jne mgsvtpp.exe+3037357
mgsvtpp.exe+303734E - 31 C0                 - xor eax,eax
mgsvtpp.exe+3037350 - 48 83 C4 28           - add rsp,28 { 40 }
mgsvtpp.exe+3037354 - C3                    - ret
mgsvtpp.exe+3037355 - 06                    - push es
mgsvtpp.exe+3037356 - CC                    - int 3
mgsvtpp.exe+3037357 - 83 49 18 01           - or dword ptr [rcx+18],01 { 1 }
mgsvtpp.exe+303735B - 4C 89 41 20           - mov [rcx+20],r8
mgsvtpp.exe+303735F - E8 4CE3F6FF           - call mgsvtpp.exe+2FA56B0
mgsvtpp.exe+3037364 - B8 0FA290C3           - mov eax,C390A20F { -289.27 }
mgsvtpp.exe+3037369 - 48 83 C4 28           - add rsp,28 { 40 }
mgsvtpp.exe+303736D - 8D 80 F25D6F3C        - lea eax,[rax+3C6F5DF2]
mgsvtpp.exe+3037373 - C3                    - ret
mgsvtpp.exe+3037374 - DCF1                  - fdivr st(1),st(0)
mgsvtpp.exe+3037376 - CC                    - int 3
mgsvtpp.exe+3037377 - CC                    - int 3
mgsvtpp.exe+3037378 - CC                    - int 3
mgsvtpp.exe+3037379 - CC                    - int 3
mgsvtpp.exe+303737A - 66 0F1F 44 00 00      - nop [rax+rax+00]
mgsvtpp.exe+3037380 - 48 89 5C 24 08        - mov [rsp+08],rbx
mgsvtpp.exe+3037385 - 48 89 6C 24 10        - mov [rsp+10],rbp
mgsvtpp.exe+303738A - 48 89 74 24 18        - mov [rsp+18],rsi
mgsvtpp.exe+303738F - 57                    - push rdi
mgsvtpp.exe+3037390 - 48 83 EC 20           - sub rsp,20 { 32 }
mgsvtpp.exe+3037394 - 48 89 D6              - mov rsi,rdx
mgsvtpp.exe+3037397 - 48 89 CF              - mov rdi,rcx
mgsvtpp.exe+303739A - C7 81 88000000 02000000 - mov [rcx+00000088],00000002 { 2 }
mgsvtpp.exe+30373A4 - E8 579CFBFF           - call mgsvtpp.exe+2FF1000
mgsvtpp.exe+30373A9 - 48 8D 57 50           - lea rdx,[rdi+50]
mgsvtpp.exe+30373AD - 48 89 C1              - mov rcx,rax
mgsvtpp.exe+30373B0 - 48 89 C3              - mov rbx,rax
mgsvtpp.exe+30373B3 - E8 48240000           - call mgsvtpp.exe+3039800
mgsvtpp.exe+30373B8 - 4C 8B 0B              - mov r9,[rbx]
mgsvtpp.exe+30373BB - 45 31 C0              - xor r8d,r8d
mgsvtpp.exe+30373BE - 48 89 F2              - mov rdx,rsi
mgsvtpp.exe+30373C1 - 48 89 D9              - mov rcx,rbx
mgsvtpp.exe+30373C4 - 41 FF 91 98000000     - call qword ptr [r9+00000098]
mgsvtpp.exe+30373CB - 84 C0                 - test al,al
mgsvtpp.exe+30373CD - 75 10                 - jne mgsvtpp.exe+30373DF
mgsvtpp.exe+30373CF - 83 A7 88000000 FC     - and dword ptr [rdi+00000088],-04 { 252 }
mgsvtpp.exe+30373D6 - 83 C8 FF              - or eax,-01 { 255 }
mgsvtpp.exe+30373D9 - E9 BD000000           - jmp mgsvtpp.exe+303749B
mgsvtpp.exe+30373DE - 00 48 8B              - add [rax-75],cl
mgsvtpp.exe+30373E1 - 06                    - push es
mgsvtpp.exe+30373E2 - 48 39 47 50           - cmp [rdi+50],rax
mgsvtpp.exe+30373E6 - 75 65                 - jne mgsvtpp.exe+303744D
mgsvtpp.exe+30373E8 - 48 8B 46 08           - mov rax,[rsi+08]
mgsvtpp.exe+30373EC - 48 39 47 58           - cmp [rdi+58],rax
mgsvtpp.exe+30373F0 - 75 5B                 - jne mgsvtpp.exe+303744D
mgsvtpp.exe+30373F2 - 48 8B 47 60           - mov rax,[rdi+60]
mgsvtpp.exe+30373F6 - 48 B9 FFFFFFFFFFFF0000 - mov rcx,0000FFFFFFFFFFFF { -1 }
mgsvtpp.exe+3037400 - 48 33 46 10           - xor rax,[rsi+10]
mgsvtpp.exe+3037404 - 48 85 C1              - test rcx,rax
mgsvtpp.exe+3037407 - 75 44                 - jne mgsvtpp.exe+303744D
mgsvtpp.exe+3037409 - 48 8B 47 68           - mov rax,[rdi+68]
mgsvtpp.exe+303740D - 48 33 46 18           - xor rax,[rsi+18]
mgsvtpp.exe+3037411 - 48 85 C1              - test rcx,rax
mgsvtpp.exe+3037414 - 75 37                 - jne mgsvtpp.exe+303744D
mgsvtpp.exe+3037416 - 48 8B 47 70           - mov rax,[rdi+70]
mgsvtpp.exe+303741A - 48 33 46 20           - xor rax,[rsi+20]
mgsvtpp.exe+303741E - 48 85 C1              - test rcx,rax
mgsvtpp.exe+3037421 - 75 2A                 - jne mgsvtpp.exe+303744D
mgsvtpp.exe+3037423 - 8B 46 28              - mov eax,[rsi+28]
mgsvtpp.exe+3037426 - 39 47 78              - cmp [rdi+78],eax
mgsvtpp.exe+3037429 - 75 22                 - jne mgsvtpp.exe+303744D
mgsvtpp.exe+303742B - 8B 46 2C              - mov eax,[rsi+2C]
mgsvtpp.exe+303742E - 39 47 7C              - cmp [rdi+7C],eax
mgsvtpp.exe+3037431 - 75 1A                 - jne mgsvtpp.exe+303744D
mgsvtpp.exe+3037433 - 8B 46 30              - mov eax,[rsi+30]
mgsvtpp.exe+3037436 - 39 87 80000000        - cmp [rdi+00000080],eax
mgsvtpp.exe+303743C - 75 0F                 - jne mgsvtpp.exe+303744D
mgsvtpp.exe+303743E - 8B 46 34              - mov eax,[rsi+34]
mgsvtpp.exe+3037441 - 39 87 84000000        - cmp [rdi+00000084],eax
mgsvtpp.exe+3037447 - 75 04                 - jne mgsvtpp.exe+303744D
mgsvtpp.exe+3037449 - 31 C0                 - xor eax,eax
mgsvtpp.exe+303744B - EB 4E                 - jmp mgsvtpp.exe+303749B
mgsvtpp.exe+303744D - 83 8F 88000000 01     - or dword ptr [rdi+00000088],01 { 1 }
mgsvtpp.exe+3037454 - 48 8B 06              - mov rax,[rsi]
mgsvtpp.exe+3037457 - 48 89 47 18           - mov [rdi+18],rax
mgsvtpp.exe+303745B - 48 8B 46 08           - mov rax,[rsi+08]
mgsvtpp.exe+303745F - 48 89 47 20           - mov [rdi+20],rax
mgsvtpp.exe+3037463 - 48 8B 46 10           - mov rax,[rsi+10]
mgsvtpp.exe+3037467 - 48 89 47 28           - mov [rdi+28],rax
mgsvtpp.exe+303746B - 48 8B 46 18           - mov rax,[rsi+18]
mgsvtpp.exe+303746F - 48 89 47 30           - mov [rdi+30],rax
mgsvtpp.exe+3037473 - 48 8B 46 20           - mov rax,[rsi+20]
mgsvtpp.exe+3037477 - 48 89 47 38           - mov [rdi+38],rax
mgsvtpp.exe+303747B - 48 8B 46 28           - mov rax,[rsi+28]
mgsvtpp.exe+303747F - 48 89 47 40           - mov [rdi+40],rax
mgsvtpp.exe+3037483 - 48 8B 46 30           - mov rax,[rsi+30]
mgsvtpp.exe+3037487 - 48 89 47 48           - mov [rdi+48],rax
mgsvtpp.exe+303748B - E8 20E2F6FF           - call mgsvtpp.exe+2FA56B0
mgsvtpp.exe+3037490 - B8 0FA2C390           - mov eax,90C3A20F { [0] }
mgsvtpp.exe+3037495 - 8D 80 F25D3C6F        - lea eax,[rax+6F3C5DF2]
mgsvtpp.exe+303749B - 48 8B 5C 24 30        - mov rbx,[rsp+30]
mgsvtpp.exe+30374A0 - 48 8B 6C 24 38        - mov rbp,[rsp+38]
mgsvtpp.exe+30374A5 - 48 8B 74 24 40        - mov rsi,[rsp+40]
mgsvtpp.exe+30374AA - 48 83 C4 20           - add rsp,20 { 32 }
mgsvtpp.exe+30374AE - 5F                    - pop rdi
mgsvtpp.exe+30374AF - C3                    - ret



Here the opcodes after return from function "mgsvtpp.exe"+30374AF :
Code:

mgsvtpp.exe+2FA49EB - E8 007A0300           - call mgsvtpp.exe+2FDC3F0
mgsvtpp.exe+2FA49F0 - 90                    - nop
mgsvtpp.exe+2FA49F1 - 48 8D 4F 40           - lea rcx,[rdi+40]
mgsvtpp.exe+2FA49F5 - E8 F6790300           - call mgsvtpp.exe+2FDC3F0
mgsvtpp.exe+2FA49FA - 90                    - nop
mgsvtpp.exe+2FA49FB - 48 8D 4F 18           - lea rcx,[rdi+18]
mgsvtpp.exe+2FA49FF - 48 8B 5C 24 50        - mov rbx,[rsp+50]
mgsvtpp.exe+2FA4A04 - 48 8B 74 24 58        - mov rsi,[rsp+58]
mgsvtpp.exe+2FA4A09 - 48 83 C4 30           - add rsp,30 { 48 }
mgsvtpp.exe+2FA4A0D - 5F                    - pop rdi
mgsvtpp.exe+2FA4A0E - E9 DD790300           - jmp mgsvtpp.exe+2FDC3F0
mgsvtpp.exe+2FA4A13 - CC                    - int 3
mgsvtpp.exe+2FA4A14 - CC                    - int 3
mgsvtpp.exe+2FA4A15 - CC                    - int 3
mgsvtpp.exe+2FA4A16 - CC                    - int 3
mgsvtpp.exe+2FA4A17 - CC                    - int 3
mgsvtpp.exe+2FA4A18 - CC                    - int 3
mgsvtpp.exe+2FA4A19 - D8 B1 FAE50F1F        - fdiv dword ptr [rcx+1F0FE5FA]
mgsvtpp.exe+2FA4A1F - 00 48 89              - add [rax-77],cl
mgsvtpp.exe+2FA4A22 - 4C 24 08              - and al,08 { 8 }
mgsvtpp.exe+2FA4A25 - 53                    - push rbx
mgsvtpp.exe+2FA4A26 - 48 83 EC 30           - sub rsp,30 { 48 }
mgsvtpp.exe+2FA4A2A - 48 C7 44 24 20 FEFFFFFF - mov [rsp+20],FFFFFFFE { [30840] }
mgsvtpp.exe+2FA4A33 - 48 89 CB              - mov rbx,rcx
mgsvtpp.exe+2FA4A36 - 48 8D 05 33F60EFF     - lea rax,[mgsvtpp.exe+2094070] { [142FA5980] }
mgsvtpp.exe+2FA4A3D - 48 89 01              - mov [rcx],rax
mgsvtpp.exe+2FA4A40 - 48 83 C1 58           - add rcx,58 { 88 }
mgsvtpp.exe+2FA4A44 - 48 89 4C 24 48        - mov [rsp+48],rcx
mgsvtpp.exe+2FA4A49 - E8 5297E4FF           - call mgsvtpp.exe+2DEE1A0
mgsvtpp.exe+2FA4A4E - 90                    - nop
mgsvtpp.exe+2FA4A4F - 48 8D 4B 40           - lea rcx,[rbx+40]
mgsvtpp.exe+2FA4A53 - 48 89 4C 24 48        - mov [rsp+48],rcx
mgsvtpp.exe+2FA4A58 - E8 4397E4FF           - call mgsvtpp.exe+2DEE1A0
mgsvtpp.exe+2FA4A5D - 90                    - nop
mgsvtpp.exe+2FA4A5E - 48 89 D9              - mov rcx,rbx
mgsvtpp.exe+2FA4A61 - 48 83 C4 30           - add rsp,30 { 48 }
mgsvtpp.exe+2FA4A65 - 5B                    - pop rbx
mgsvtpp.exe+2FA4A66 - E9 C554EFFF           - jmp mgsvtpp.exe+2E99F30
mgsvtpp.exe+2FA4A6B - CC                    - int 3
mgsvtpp.exe+2FA4A6C - CC                    - int 3
mgsvtpp.exe+2FA4A6D - CC                    - int 3
mgsvtpp.exe+2FA4A6E - CC                    - int 3
mgsvtpp.exe+2FA4A6F - CC                    - int 3
mgsvtpp.exe+2FA4A70 - 48 89 4C 24 08        - mov [rsp+08],rcx
mgsvtpp.exe+2FA4A75 - 41 56                 - push r14
mgsvtpp.exe+2FA4A77 - 48 83 EC 30           - sub rsp,30 { 48 }
mgsvtpp.exe+2FA4A7B - 48 C7 44 24 20 FEFFFFFF - mov [rsp+20],FFFFFFFE { [30840] }
mgsvtpp.exe+2FA4A84 - 48 89 5C 24 48        - mov [rsp+48],rbx
mgsvtpp.exe+2FA4A89 - 48 89 74 24 50        - mov [rsp+50],rsi
mgsvtpp.exe+2FA4A8E - 48 89 7C 24 58        - mov [rsp+58],rdi
mgsvtpp.exe+2FA4A93 - 48 89 CF              - mov rdi,rcx
mgsvtpp.exe+2FA4A96 - 8B 59 10              - mov ebx,[rcx+10]
mgsvtpp.exe+2FA4A99 - FF CB                 - dec ebx
mgsvtpp.exe+2FA4A9B - 48 63 F3              - movsxd  rsi,ebx
mgsvtpp.exe+2FA4A9E - 78 32                 - js mgsvtpp.exe+2FA4AD2
mgsvtpp.exe+2FA4AA0 - 48 8D 34 F5 00000000  - lea rsi,[rsi*8+00000000]
mgsvtpp.exe+2FA4AA8 - 48 8B 47 18           - mov rax,[rdi+18]
mgsvtpp.exe+2FA4AAC - 48 8B 0C 06           - mov rcx,[rsi+rax]
mgsvtpp.exe+2FA4AB0 - 48 85 C9              - test rcx,rcx
mgsvtpp.exe+2FA4AB3 - 74 15                 - je mgsvtpp.exe+2FA4ACA
mgsvtpp.exe+2FA4AB5 - 48 8B 01              - mov rax,[rcx]
mgsvtpp.exe+2FA4AB8 - FF 50 68              - call qword ptr [rax+68]
mgsvtpp.exe+2FA4ABB - 48 8B 47 18           - mov rax,[rdi+18]
mgsvtpp.exe+2FA4ABF - 48 8D 0C D8           - lea rcx,[rax+rbx*8]
mgsvtpp.exe+2FA4AC3 - 31 D2                 - xor edx,edx
mgsvtpp.exe+2FA4AC5 - E8 2678EEFF           - call mgsvtpp.exe+2E8C2F0
mgsvtpp.exe+2FA4ACA - 48 83 EE 08           - sub rsi,08 { 8 }
mgsvtpp.exe+2FA4ACE - FF CB                 - dec ebx
mgsvtpp.exe+2FA4AD0 - 79 D6                 - jns mgsvtpp.exe+2FA4AA8
mgsvtpp.exe+2FA4AD2 - 48 8D 4F 10           - lea rcx,[rdi+10]
mgsvtpp.exe+2FA4AD6 - E8 9595CA01           - call mgsvtpp.exe+4C4E070
mgsvtpp.exe+2FA4ADB - 45 31 C0              - xor r8d,r8d
mgsvtpp.exe+2FA4ADE - 44 89 C2              - mov edx,r8d
mgsvtpp.exe+2FA4AE1 - 39 17                 - cmp [rdi],edx
mgsvtpp.exe+2FA4AE3 - 76 10                 - jna mgsvtpp.exe+2FA4AF5
mgsvtpp.exe+2FA4AE5 - 89 D1                 - mov ecx,edx
mgsvtpp.exe+2FA4AE7 - 48 8B 47 08           - mov rax,[rdi+08]
mgsvtpp.exe+2FA4AEB - 4C 89 04 C8           - mov [rax+rcx*8],r8
mgsvtpp.exe+2FA4AEF - FF C2                 - inc edx
mgsvtpp.exe+2FA4AF1 - 3B 17                 - cmp edx,[rdi]
mgsvtpp.exe+2FA4AF3 - 72 F0                 - jb mgsvtpp.exe+2FA4AE5
mgsvtpp.exe+2FA4AF5 - 48 89 F9              - mov rcx,rdi
mgsvtpp.exe+2FA4AF8 - E8 13182D00           - call mgsvtpp.exe+3276310
mgsvtpp.exe+2FA4AFD - 48 8B 4F 20           - mov rcx,[rdi+20]
mgsvtpp.exe+2FA4B01 - 48 85 C9              - test rcx,rcx
mgsvtpp.exe+2FA4B04 - 74 1C                 - je mgsvtpp.exe+2FA4B22
mgsvtpp.exe+2FA4B06 - 48 8B 59 08           - mov rbx,[rcx+08]
mgsvtpp.exe+2FA4B0A - 48 8B 01              - mov rax,[rcx]
mgsvtpp.exe+2FA4B0D - BA 0FA2FFE6           - mov edx,E6FFA20F { [0] }
mgsvtpp.exe+2FA4B12 - 8D 92 F25D0019        - lea edx,[rdx+19005DF2]
mgsvtpp.exe+2FA4B18 - FF 10                 - call qword ptr [rax]
mgsvtpp.exe+2FA4B1A - 48 89 D9              - mov rcx,rbx
mgsvtpp.exe+2FA4B1D - 48 85 DB              - test rbx,rbx
mgsvtpp.exe+2FA4B20 - 75 E4                 - jne mgsvtpp.exe+2FA4B06
mgsvtpp.exe+2FA4B22 - 48 8D 4F 10           - lea rcx,[rdi+10]
mgsvtpp.exe+2FA4B26 - E8 4595CA01           - call mgsvtpp.exe+4C4E070
mgsvtpp.exe+2FA4B2B - 90                    - nop
mgsvtpp.exe+2FA4B2C - 48 89 F9              - mov rcx,rdi
mgsvtpp.exe+2FA4B2F - 48 8B 5C 24 48        - mov rbx,[rsp+48]
mgsvtpp.exe+2FA4B34 - 48 8B 74 24 50        - mov rsi,[rsp+50]
mgsvtpp.exe+2FA4B39 - 48 8B 7C 24 58        - mov rdi,[rsp+58]
mgsvtpp.exe+2FA4B3E - 48 83 C4 30           - add rsp,30 { 48 }
mgsvtpp.exe+2FA4B42 - 41 5E                 - pop r14
mgsvtpp.exe+2FA4B44 - E9 C7172D00           - jmp mgsvtpp.exe+3276310
mgsvtpp.exe+2FA4B49 - CC                    - int 3
mgsvtpp.exe+2FA4B4A - CC                    - int 3
mgsvtpp.exe+2FA4B4B - 0F1F 44 00 00         - nop [rax+rax+00]
mgsvtpp.exe+2FA4B50 - 49 89 E3              - mov r11,rsp
mgsvtpp.exe+2FA4B53 - 57                    - push rdi
mgsvtpp.exe+2FA4B54 - 48 81 EC 80000000     - sub rsp,00000080 { 128 }
mgsvtpp.exe+2FA4B5B - 49 C7 43 98 FEFFFFFF  - mov [r11-68],FFFFFFFE { [30840] }
mgsvtpp.exe+2FA4B63 - 49 89 5B 10           - mov [r11+10],rbx
mgsvtpp.exe+2FA4B67 - 48 89 CB              - mov rbx,rcx
mgsvtpp.exe+2FA4B6A - 48 8D 3D 67E109FF     - lea rdi,[mgsvtpp.exe+2042CD8] { [142DD0940] }
mgsvtpp.exe+2FA4B71 - 49 89 7B 08           - mov [r11+08],rdi
mgsvtpp.exe+2FA4B75 - 48 8D 05 346151FF     - lea rax,[mgsvtpp.exe+24BACB0] { [143143470] }
mgsvtpp.exe+2FA4B7C - 49 89 43 08           - mov [r11+08],rax
mgsvtpp.exe+2FA4B80 - 48 8D 41 08           - lea rax,[rcx+08]
mgsvtpp.exe+2FA4B84 - 49 89 43 C8           - mov [r11-38],rax
mgsvtpp.exe+2FA4B88 - 49 89 4B D0           - mov [r11-30],rcx
mgsvtpp.exe+2FA4B8C - 48 8D 41 04           - lea rax,[rcx+04]
mgsvtpp.exe+2FA4B90 - 49 89 43 D8           - mov [r11-28],rax
mgsvtpp.exe+2FA4B94 - 49 C7 43 E0 08000000  - mov [r11-20],00000008 { 8 }
mgsvtpp.exe+2FA4B9C - 49 C7 43 E8 08000000  - mov [r11-18],00000008 { 8 }
mgsvtpp.exe+2FA4BA4 - 48 8D 42 08           - lea rax,[rdx+08]
mgsvtpp.exe+2FA4BA8 - 49 89 43 A0           - mov [r11-60],rax
mgsvtpp.exe+2FA4BAC - 49 89 53 A8           - mov [r11-58],rdx
mgsvtpp.exe+2FA4BB0 - 48 8D 42 04           - lea rax,[rdx+04]
mgsvtpp.exe+2FA4BB4 - 49 89 43 B0           - mov [r11-50],rax
mgsvtpp.exe+2FA4BB8 - 49 C7 43 B8 08000000  - mov [r11-48],00000008 { 8 }
mgsvtpp.exe+2FA4BC0 - 49 C7 43 C0 08000000  - mov [r11-40],00000008 { 8 }
mgsvtpp.exe+2FA4BC8 - 4D 8D 4B 08           - lea r9,[r11+08]
mgsvtpp.exe+2FA4BCC - 41 B8 0FA247C3        - mov r8d,C347A20F { [0] }
mgsvtpp.exe+2FA4BD2 - 49 8D 53 A0           - lea rdx,[r11-60]
mgsvtpp.exe+2FA4BD6 - 49 8D 4B C8           - lea rcx,[r11-38]
mgsvtpp.exe+2FA4BDA - 45 8D 80 F25DC53C     - lea r8d,[r8+3CC55DF2]
mgsvtpp.exe+2FA4BE1 - E8 4A26EAFF           - call mgsvtpp.exe+2E47230
mgsvtpp.exe+2FA4BE6 - 90                    - nop
mgsvtpp.exe+2FA4BE7 - 48 89 BC 24 90000000  - mov [rsp+00000090],rdi
mgsvtpp.exe+2FA4BEF - 48 89 D8              - mov rax,rbx
mgsvtpp.exe+2FA4BF2 - 48 8B 9C 24 98000000  - mov rbx,[rsp+00000098]
mgsvtpp.exe+2FA4BFA - 48 81 C4 80000000     - add rsp,00000080 { 128 }
mgsvtpp.exe+2FA4C01 - 5F                    - pop rdi
mgsvtpp.exe+2FA4C02 - C3                    - ret
mgsvtpp.exe+2FA4C03 - 27                    - daa
mgsvtpp.exe+2FA4C04 - CC                    - int 3
mgsvtpp.exe+2FA4C05 - CC                    - int 3
mgsvtpp.exe+2FA4C06 - CC                    - int 3
mgsvtpp.exe+2FA4C07 - CC                    - int 3
mgsvtpp.exe+2FA4C08 - 0F1F 84 00 00000000   - nop [rax+rax+00000000]
mgsvtpp.exe+2FA4C10 - 48 89 5C 24 08        - mov [rsp+08],rbx
mgsvtpp.exe+2FA4C15 - 57                    - push rdi
mgsvtpp.exe+2FA4C16 - 48 83 EC 20           - sub rsp,20 { 32 }
mgsvtpp.exe+2FA4C1A - 89 D3                 - mov ebx,edx
mgsvtpp.exe+2FA4C1C - 48 89 CF              - mov rdi,rcx
mgsvtpp.exe+2FA4C1F - E8 6CFCFFFF           - call mgsvtpp.exe+2FA4890
mgsvtpp.exe+2FA4C24 - F6 C3 01              - test bl,01 { 1 }
mgsvtpp.exe+2FA4C27 - 74 13                 - je mgsvtpp.exe+2FA4C3C
mgsvtpp.exe+2FA4C29 - BA 0FA247C3           - mov edx,C347A20F { [0] }
mgsvtpp.exe+2FA4C2E - 48 89 F9              - mov rcx,rdi
mgsvtpp.exe+2FA4C31 - 8D 92 F25DB93C        - lea edx,[rdx+3CB95DF2]
mgsvtpp.exe+2FA4C37 - E8 0419E4FF           - call mgsvtpp.exe+2DE6540
mgsvtpp.exe+2FA4C3C - 48 89 F8              - mov rax,rdi
mgsvtpp.exe+2FA4C3F - 48 8B 5C 24 30        - mov rbx,[rsp+30]
mgsvtpp.exe+2FA4C44 - 48 83 C4 20           - add rsp,20 { 32 }
mgsvtpp.exe+2FA4C48 - 5F                    - pop rdi
mgsvtpp.exe+2FA4C49 - C3                    - ret
mgsvtpp.exe+2FA4C4A - CC                    - int 3
mgsvtpp.exe+2FA4C4B - CC                    - int 3
mgsvtpp.exe+2FA4C4C - CC                    - int 3
mgsvtpp.exe+2FA4C4D - CC                    - int 3
mgsvtpp.exe+2FA4C4E - CC                    - int 3
mgsvtpp.exe+2FA4C4F - CC                    - int 3
mgsvtpp.exe+2FA4C50 - CC                    - int 3
mgsvtpp.exe+2FA4C51 - CC                    - int 3
mgsvtpp.exe+2FA4C52 - CC                    - int 3
mgsvtpp.exe+2FA4C53 - CC                    - int 3
mgsvtpp.exe+2FA4C54 - CC                    - int 3
mgsvtpp.exe+2FA4C55 - CC                    - int 3
mgsvtpp.exe+2FA4C56 - 66 2E 0F1F 84 00 00000000  - nop cs:[rax+rax+00000000]
mgsvtpp.exe+2FA4C60 - 57                    - push rdi
mgsvtpp.exe+2FA4C61 - 48 83 EC 40           - sub rsp,40 { 64 }
mgsvtpp.exe+2FA4C65 - 48 C7 44 24 20 FEFFFFFF - mov [rsp+20],FFFFFFFE { [30840] }
mgsvtpp.exe+2FA4C6E - 48 89 5C 24 50        - mov [rsp+50],rbx
mgsvtpp.exe+2FA4C73 - 48 89 6C 24 60        - mov [rsp+60],rbp
mgsvtpp.exe+2FA4C78 - 48 89 74 24 68        - mov [rsp+68],rsi
mgsvtpp.exe+2FA4C7D - 48 89 CE              - mov rsi,rcx
mgsvtpp.exe+2FA4C80 - 48 8D 0D B913B5FF     - lea rcx,[mgsvtpp.exe+2AF6040] { [00000001] }
mgsvtpp.exe+2FA4C87 - 48 89 4C 24 28        - mov [rsp+28],rcx
mgsvtpp.exe+2FA4C8C - 48 8D 54 24 30        - lea rdx,[rsp+30]
mgsvtpp.exe+2FA4C91 - E8 DA47E6FF           - call mgsvtpp.exe+2E09470
mgsvtpp.exe+2FA4C96 - 90                    - nop
mgsvtpp.exe+2FA4C97 - 83 3D 2A13B5FF 00     - cmp dword ptr [mgsvtpp.exe+2AF5FC8],00 { [00000001] }
mgsvtpp.exe+2FA4C9E - 75 4D                 - jne mgsvtpp.exe+2FA4CED
mgsvtpp.exe+2FA4CA0 - 30 DB                 - xor bl,bl
mgsvtpp.exe+2FA4CA2 - 31 FF                 - xor edi,edi
mgsvtpp.exe+2FA4CA4 - 39 3D 6E13B5FF        - cmp [mgsvtpp.exe+2AF6018],edi { [00000013] }
mgsvtpp.exe+2FA4CAA - 76 37                 - jna mgsvtpp.exe+2FA4CE3
mgsvtpp.exe+2FA4CAC - 8D 6F 01              - lea ebp,[rdi+01]
mgsvtpp.exe+2FA4CAF - 48 8B 05 6A13B5FF     - mov rax,[mgsvtpp.exe+2AF6020] { [06EE0800] }
mgsvtpp.exe+2FA4CB6 - 48 8B 0C F8           - mov rcx,[rax+rdi*8]
mgsvtpp.exe+2FA4CBA - 48 8B 01              - mov rax,[rcx]
mgsvtpp.exe+2FA4CBD - 48 89 F2              - mov rdx,rsi
mgsvtpp.exe+2FA4CC0 - FF 50 10              - call qword ptr [rax+10]
mgsvtpp.exe+2FA4CC3 - 83 F8 FF              - cmp eax,-01 { 255 }

Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
PostPosted: Mon Mar 21, 2016 5:33 pm    Post subject: Reply with quote
There is interesting address at mgsvtpp.exe+2FA4CAF

I meant this: mgsvtpp.exe+2AF6020



Could you check this pointer:
[[mgsvtpp.exe+2AF6020]+0]+40

mgsvtpp.png
 Description:
 Filesize:  5.08 KB
 Viewed:  12313 Time(s)

mgsvtpp.png

_________________
Back to top
View user's profile Send private message MSN Messenger
k4sh
Cheater
Reputation: 0

Joined: 01 Mar 2016
Posts: 28
PostPosted: Tue Mar 22, 2016 6:28 am    Post subject: Reply with quote
Here is the result.

Whatever the type being displayed, i don't see anything resolution related (which is actually 1600*900 windowed).

MGSVTPP.png
 Description:
 Filesize:  24.75 KB
 Viewed:  10804 Time(s)

MGSVTPP.png
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
PostPosted: Tue Mar 22, 2016 8:45 am    Post subject: Reply with quote
Click > button few times, so 0 becomes: 8,10,18, ...
_________________
Back to top
View user's profile Send private message MSN Messenger
k4sh
Cheater
Reputation: 0

Joined: 01 Mar 2016
Posts: 28
PostPosted: Tue Mar 22, 2016 3:02 pm    Post subject: Reply with quote
The results :

I don't understand how the hell you ended in [[mgsvtpp.exe+2AF6020]+0]+40
I got the pointer from mgsvtpp.exe+2AF6020 but don't see for the offsets

MGSVTPP.png
 Description:
 Filesize:  29.25 KB
 Viewed:  10762 Time(s)

MGSVTPP.png
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
PostPosted: Tue Mar 22, 2016 4:21 pm    Post subject: Reply with quote
One last thing.

launch game, launch ce, open game process,

execute this script (CTRL+ALT+L):

Code:
results = AOBScan('8D6F01488B05xxxxxxxx488B0CF8488B014889F2FF5010')

if results then print('results count: '..results.Count) end

results.destroy()

_________________
Back to top
View user's profile Send private message MSN Messenger
k4sh
Cheater
Reputation: 0

Joined: 01 Mar 2016
Posts: 28
PostPosted: Tue Mar 22, 2016 4:46 pm    Post subject: Reply with quote
1 result.
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
PostPosted: Tue Mar 22, 2016 5:59 pm    Post subject: Reply with quote
could you test this CT

edit:
reuploded

edit:
removed. I forgot that readInteger treats all 32bit integers as unsigned.
Updated CT file will be somewhere below.
_________________


Last edited by mgr.inz.Player on Fri Mar 25, 2016 8:39 am; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
k4sh
Cheater
Reputation: 0

Joined: 01 Mar 2016
Posts: 28
PostPosted: Wed Mar 23, 2016 1:20 am    Post subject: Reply with quote
Looks like it failed.

MGSVTPP.png
 Description:
 Filesize:  1.71 KB
 Viewed:  10637 Time(s)

MGSVTPP.png
Back to top
View user's profile Send private message
k4sh
Cheater
Reputation: 0

Joined: 01 Mar 2016
Posts: 28
PostPosted: Wed Mar 23, 2016 2:26 pm    Post subject: Reply with quote
Same result.
Looks like the script is the same ?
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
PostPosted: Fri Mar 25, 2016 6:47 am    Post subject: Reply with quote
"Looks like the script is the same" - it depends, maybe you downloaded CT file just after I reuploaded proper version.



"Same result"
Are you sure?
Maybe [[mgsvtpp.exe+2AF6020]+68]+40 does not always work. Could you check it again.
_________________
Back to top
View user's profile Send private message MSN Messenger
k4sh
Cheater
Reputation: 0

Joined: 01 Mar 2016
Posts: 28
PostPosted: Fri Mar 25, 2016 7:39 am    Post subject: Reply with quote
So i re downloaded your script another time (just to be sure) and the result is the same posted previously.

[[mgsvtpp.exe+2AF6020]+68]+40 always get the actual resolution (launch after launch).

Correct me if i'm wrong (and you can as i'm very new in using lua) but i got that your script retieves the "+2AF6020" offset and i assume it's added to the aobscan base result.
The aobscan base result is "mgsvtpp.exe+2FA4CAC".

I mean that offset isn't it intended to be added to the game's base address instead of mgsvtpp.exe+2FA4CAC+3 ?
Back to top
View user's profile Send private message
mgr.inz.Player
I post too much
Reputation: 222

Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
PostPosted: Fri Mar 25, 2016 7:59 am    Post subject: Reply with quote
I forgot that readInteger reads that value as 'not signed'. (I made tests on positive value.)


Code:
mgsvtpp.exe+2FA4CAF - 48 8B 05 6A13B5FF     - mov rax,[mgsvtpp.exe+2AF6020] <---- we want to get mgsvtpp.exe+2AF6020
mgsvtpp.exe+2FA4CB6 - next instruction


In this instruction we see RIP relative addressing.
(address = addressOfNextInst + offset)


This byte pattern 6A 13 B5 FF, it is an offset FFB5136A, and it is signed 32bit integer. And can be read as -4AEC96

mgsvtpp.exe+2FA4CB6 + -4AEC96 = mgsvtpp.exe+2AF6020




My script simply does this.
Code:
offset=readSignedInteger(addressOfOffset)
registerSymbol('ptrBase',addressOfNextInstruction+offset)




Wait a while, I will give you proper script for negative offsets.




EDIT:
here

test2.CT
 Description:

Download
 Filename:  test2.CT
 Filesize:  1.48 KB
 Downloaded:  557 Time(s)

_________________
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Lua Scripting All times are GMT - 6 Hours
Goto page Previous  1, 2, 3  Next
Page 2 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites