View previous topic :: View next topic |
Author |
Message |
Nithroel How do I cheat? Reputation: 0
Joined: 31 Dec 2018 Posts: 2
|
Posted: Mon Dec 31, 2018 12:37 am Post subject: Cheat Engine Tutorial Bug? |
|
|
I'm on Step 8 - Multilevel Pointers in the Tutorial, and I think its bugged.
I find the value @ 019DA98. Confirm its the value.
Then I find out what access to this value.
I get 004261DC - 89 46 18 - mov [esi+18], eax
I write down ESI=019DA990 with an offset = 18.
Then I run a hex search for 019DA990.
3 Results:
0009E758
0009E818
01A163F0
The last one looks the closest to the address so I choose that one.
I make a new pointer 01A163F0 + offset 18 = Value. To test I change the value and it changes it is the pointer to the value.
OK, so then I right click the pointer and click what accesses this and click change value.
Now this is the part where I don't think its me I think the tutorial is bugging out.
I receive two instructions
1.) 0042619A - 83 3E 00 - cmp dword ptr [esi],00
2.) 0042619F - 8B 36 - mov esi, [esi]
Option 2 is a bust since ESI = 019DA990, which is just a clone of the first address I started with.
So it has to be option 1...
ESI=01A163F0 I write that down...
I think I messed up so I go back and do EACH of the other 3 options and when I click what accesses this address nothing is updated so I confirm the previous are wrong. Is it something wrong with the program or is it me. This is frustrating especially when you're just getting started learning this shit.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Mon Dec 31, 2018 2:18 am Post subject: |
|
|
everything you did is correct until
Quote: |
I think I messed up so I go back and do ....
|
you found that esi is 01A163F0 , so do a 4 byte scan for that value and continue
previously you had the ADDRESS 01a163f0, but now you need to find HOW it got that VALUE. So scan the memory for that value.
some extra info:
Code: |
cmp dword ptr [esi],00
|
can be rewritten as
Code: |
cmp dword ptr [esi+00000000],00
|
also,(bit more advanced but useful in the future)
the main reason why you do 'find what accesses' is to find the offset. You already know the address, so even in case of the mov esi,[esi] where esi gets overwritten by the read instruction, you know that [esi+0000] was 01A163F0
(and in your post you didn't write the proper first address but by using basic math you can deduce that it was 019DA990+18=0198a9a8)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Nithroel How do I cheat? Reputation: 0
Joined: 31 Dec 2018 Posts: 2
|
Posted: Thu Jan 03, 2019 6:52 am Post subject: |
|
|
Ah, thanks - that clears it up a bit. I figured I messed up somewhere and was overthinking it .
Edit: Just retried it and got it first try. Thanks for the help.
|
|
Back to top |
|
|
|