Cheat Engine

Qvintus · Cheater Reputation: 0 Joined: 07 Nov 2013 Posts: 32

So my current project is taking up too much ram for unknown searching, so I've gone for break and trace, following opcode, etc.

I've found a couple things I think I could use as reference points, but the opcode that matters is deep into some function calls, and I'm lazy.

Here goes for questions:

1. Is it possible to let the debugger run lines until say xmm0 is equal to X value?
- Some option I'm missing?
- LUA, if possible please give an example

2. Is it possible to search exact values in dissect/data structure? Instead of it finding values within bigger values?
- I feel like I'm not utilizing this to its full potential, any advanced guides around?

Thanks.

FreeER · Posted: Wed Feb 07, 2018 5:43 pm Post subject:

1. hm, break and trace lets you specify a stop condition, which could be a function call (return true to stop)... not certain sure how to read XMM0 from lua though... hm, looks like you'd use something like readFloatLocal(debug_getXMMPointer(0)) for a simple float (of course for 4 floats you need to do it 4 times and add an offset of 4 for each one).
1.1 though you could also use lua to step manually with debug_continueFromBreakpoint(co_stepover)

2. I'm pretty sure it's just a string search so probably not.

Qvintus · Cheater Reputation: 0 Joined: 07 Nov 2013 Posts: 32

I'll have to look into that stop condition, because 1000 traces doesn't cut it, neither does 3000... It's troublesome to go through too.

I'd probably have to look into the LUA possibility though, all I know is that the xmm registers (?) Has some value changes some time down a call chain that could be using references from what I need to find.

Being able to find the point where xmm0,1 etc gets set to the value would save me probably weeks worth of effort.

Thanks for the help.

If anyone can add anything, you're more than welcome to do so.

Dark Byte · Posted: Wed Feb 07, 2018 6:23 pm Post subject:

One problem is that it looks like debug_getContext(true) won't work in break and trace, so you'll have to go a little bit deeper.

In your stop condition function (yes, you can give a lua function as stop condition in break and trace) use

Qvintus · Cheater Reputation: 0 Joined: 07 Nov 2013 Posts: 32

So I should be able to say:

Dark Byte · Posted: Thu Feb 08, 2018 7:58 am Post subject:

readBytesLocal needs the number of bytes, and since XMM registers are 16 bytes long it's recommended to use that (although 4 will work as well since you seem to be only interested in the first 4 bytes)

example stop statement: