Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Finding a specific address by freezing/not freezing

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
itsoqrappy
Advanced Cheater
Reputation: 0

Joined: 24 Mar 2016
Posts: 67

PostPosted: Thu Mar 24, 2016 5:12 pm    Post subject: Finding a specific address by freezing/not freezing Reply with quote

I've found in a single-player game the no-recoil address. Now I'm trying to find the no-spread address, and the problem is here: I have ~30 addresses which change synchronously when the spread increases/decreases.
I selected, freezed and set all them (the addresses) to 0, but nothing changes: the spread is still increasing/decreasing.
To figure out I didn't have from that addresses the spread address I took my recoil address, freeze and set it to 0. Then I saw nothing changed. So I unfreezed it and right-clicked on it "Find out what writes to this address"; I NOP'd recoil-opcode and from that moment I had no-recoil enabled.

Now I understood that freezing the address isn't useful in these cases, but sometimes I get more than 30 addresses (~60 too), which I can't distinguish as I already said they change synchronously.
Instead of checking them one-per-one using "Find out what writes to this address" and NOP'ing it, is there a way to NOP automatically the opcodes(functions) of multiple address automatically?

Thanks in advance.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu Mar 24, 2016 6:37 pm    Post subject: Reply with quote

A few things...

Cheat Engine drop-down menu: Edit/General Settings: set all interval times to 1 ms. This may help with your freezing issue.

Regarding spread, sometimes there are 2 values...1 for default size of spread perimeter, based on the weapon, and one for the adjustable size of spread for when you are firing (e.g. the spread perimeter may increase in size the more that you fire). In other words, one of these values may not even change when you fire. Also, you may only need to change the default value in order to achieve the desired effect.

Also, these values can sometimes be found in the same structure as ammo, recoil etc..

And, yes, you can batch-NOP instructions, but you'll have to get those instructions for each address that you want to test. Once you check to see what is accessing the address, you can batch-NOP all instructions that populate the debugger list. I would recommend adding ALL instructions for ALL addresses to your code list and saving your table before you NOP anything. That way, depending on the target, you may not have to do so much work if/when the target crashes.
Back to top
View user's profile Send private message
itsoqrappy
Advanced Cheater
Reputation: 0

Joined: 24 Mar 2016
Posts: 67

PostPosted: Fri Mar 25, 2016 7:22 am    Post subject: Reply with quote

First of all, thanks for your reply.

++METHOS wrote:
Cheat Engine drop-down menu: Edit/General Settings: set all interval times to 1 ms. This may help with your freezing issue.

Yes, we should underline the word "may", because it doesn't in my case.

++METHOS wrote:
Regarding spread, sometimes there are 2 values...1 for default size of spread perimeter, based on the weapon, and one for the adjustable size of spread for when you are firing (e.g. the spread perimeter may increase in size the more that you fire). In other words, one of these values may not even change when you fire. Also, you may only need to change the default value in order to achieve the desired effect.

ok

++METHOS wrote:
Also, these values can sometimes be found in the same structure as ammo, recoil etc..

That was the first thing I tried. I didn't found nothing.

++METHOS wrote:
And, yes, you can batch-NOP instructions, but you'll have to get those instructions for each address that you want to test. Once you check to see what is accessing the address, you can batch-NOP all instructions that populate the debugger list. I would recommend adding ALL instructions for ALL addresses to your code list and saving your table before you NOP anything. That way, depending on the target, you may not have to do so much work if/when the target crashes.

I'm not sure what you do mean with "batch-NOP". Can you do a concrete example?

Thanks in advance.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Fri Mar 25, 2016 7:28 am    Post subject: Reply with quote

Batch-NOP = NOP multiple instructions at a time.

But, as previously mentioned, you will still need to generate all of the instructions for every single address that you want to test.

Regarding the freeze issue, you can also try using speedhack to slow the process down and see if it has an affect, for testing purposes.

Regarding finding nothing in data structures...be sure to set your update interval in there, as well. Also, it helps if you create two groups that are identical (e.g. two ammo structures), then, right-click and lock one of the structures. With your update interval set to 1, you can then use the speed hack to slow the process down, fire your weapon in game, and see, in real time, the values that are actually changing inside of your structure. This will help considerably, for values that change so quickly that you may not even notice them.
Back to top
View user's profile Send private message
itsoqrappy
Advanced Cheater
Reputation: 0

Joined: 24 Mar 2016
Posts: 67

PostPosted: Fri Mar 25, 2016 7:38 am    Post subject: Reply with quote

++METHOS wrote:
Batch-NOP = NOP multiple instructions at a time.

But, as previously mentioned, you will still need to generate all of the instructions for every single address that you want to test.

Alright, could you explain how to "batch-NOP" instructions?

++METHOS wrote:
Regarding the freeze issue, you can also try using speedhack to slow the process down and see if it has an affect, for testing purposes.

This doesn't help very much.

++METHOS wrote:
Regarding finding nothing in data structures...be sure to set your update interval in there, as well. Also, it helps if you create two groups that are identical (e.g. two ammo structures), then, right-click and lock one of the structures. With your update interval set to 1, you can then use the speed hack to slow the process down, fire your weapon in game, and see, in real time, the values that are actually changing inside of your structure. This will help considerably, for values that change so quickly that you may not even notice them.

I know perfectly how to use Dissect data/structure, and yes, I did try this method, also by locking one of them (group).
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Fri Mar 25, 2016 9:00 am    Post subject: Reply with quote

Well, good luck then.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4702

PostPosted: Fri Mar 25, 2016 11:48 am    Post subject: Reply with quote

To batch-NOP instructions, just take a bunch of instructions and replace their machine code bytes with 0x90 (NOP). What ++METHOS was saying was that finding those instructions is the hard part. You can either do that manually yourself, or just write a Lua script that sets breakpoints automatically and replaces instructions it finds with NOPs.

I really would recommend doing it manually since replacing the wrong instruction with NOPs could crash the game. If you try to do it automatically, then you won't have any idea what caused it to crash. You could try to make the automatic selection process better (i.e. see if an instruction accesses other addresses), but it'll never be perfect.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Fri Mar 25, 2016 12:37 pm    Post subject: Reply with quote

Actually, I was just referring to highlighting multiple instructions inside the debugger window (The following opcodes accessed...), and clicking on the Replace button. Or, preferably, highlighting those same instructions and clicking on the Add to the codelist button, and from there, highlighting all instructions, right-clicking and selecting Replace all...but only after ALL possible instructions have been captured, from ALL test addresses, and the table has been saved off.

But......I got annoyed. Very Happy
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Fri Mar 25, 2016 1:16 pm    Post subject: Reply with quote

itsoqrappy wrote:
This doesn't help very much.

This doesn't get you very much help.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites