Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Newbie Question

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
Eizok
How do I cheat?
Reputation: 1

Joined: 05 Dec 2018
Posts: 4

PostPosted: Wed Dec 05, 2018 9:14 am    Post subject: Newbie Question Reply with quote

Hi, Everyone I'm very new here. I tried to search for the problem, but can't find it. Hope you guys can help me.

Can't Find the offset below, For what I understood the "EDI" is the base and the rest the offset but I try to solve it by multiply ("ESI"*4+Offset) but it doesn't work anyhow. what Should I do? the only thing I find on the internet it was Offset array but couldn't understand it.

and why is "EDi" so big if it's an offset?



Captura de Tela (17).png
 Description:
 Filesize:  43.7 KB
 Viewed:  2283 Time(s)

Captura de Tela (17).png


Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Dec 05, 2018 9:25 am    Post subject: Reply with quote

Those register values are shown after the instruction has been executed. Since that instruction is writing to EDI, the value you see is the value that was stored in [esi+edi*4+2a48]. That is not the actual value of EDI as was used in address calculation.

Look at almost any other instruction there (except EAX) and you'll see the real value used as the index.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Eizok
How do I cheat?
Reputation: 1

Joined: 05 Dec 2018
Posts: 4

PostPosted: Wed Dec 05, 2018 9:30 am    Post subject: Reply with quote

ParkourPenguin wrote:
Those register values are shown after the instruction has been executed. Since that instruction is writing to EDI, the value you see is the value that was stored in [esi+edi*4+2a48]. That is not the actual value of EDI as was used in address calculation.

Look at almost any other instruction there (except EAX) and you'll see the real value used as the index.


I'd started with an EAX value but it took me to this address it's the 4th Offset.
But what r u saying I should avoid EDI and try to work with EAX values?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Wed Dec 05, 2018 9:38 am    Post subject: Reply with quote

No; just look at a different instruction besides that one and the first one in the list (i.e. "mov eax,[ecx+eax*4+2a48]"). Everything else is writing to a different register, so the value of the index register won't be clobbered.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Eizok
How do I cheat?
Reputation: 1

Joined: 05 Dec 2018
Posts: 4

PostPosted: Wed Dec 05, 2018 10:19 am    Post subject: Reply with quote

ParkourPenguin wrote:
No; just look at a different instruction besides that one and the first one in the list (i.e. "mov eax,[ecx+eax*4+2a48]"). Everything else is writing to a different register, so the value of the index register won't be clobbered.


OK, Eax it is the same thing how to calc offset?

is it like this

ECX*4+2A48?
therefore : 21396120*4+2A48?
Base Number : 2701EF30



Captura de Tela (18)_LI.jpg
 Description:
 Filesize:  228.52 KB
 Viewed:  2267 Time(s)

Captura de Tela (18)_LI.jpg


Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Wed Dec 05, 2018 10:28 am    Post subject: Reply with quote

the stuff between [ecx+eax*4+2a48] matches 21398b74

eax is unkown, so:
ecx+?*4+2a48=21398b74

ecx=21396120
so 21396120+offset=21398b74

so offset=21398b74-21396120=2A54

(and not that it matters at all, but eax was apparently 3)

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Eizok
How do I cheat?
Reputation: 1

Joined: 05 Dec 2018
Posts: 4

PostPosted: Wed Dec 05, 2018 11:18 am    Post subject: This post has 1 review(s) Reply with quote

Dark Byte wrote:
the stuff between [ecx+eax*4+2a48] matches 21398b74

eax is unkown, so:
ecx+?*4+2a48=21398b74

ecx=21396120
so 21396120+offset=21398b74

so offset=21398b74-21396120=2A54

(and not that it matters at all, but eax was apparently 3)


I think I got it, I'll try later too see if it works.

It works Thanks
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites