|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
careca777 Expert Cheater Reputation: 0
Joined: 27 Jul 2013 Posts: 121
|
Posted: Tue Sep 21, 2021 4:35 pm Post subject: Structure compare offsets, how to use them? |
|
|
Hi! I have found what seems to be good offsets, but the problem is that there are 2 levels.
I tried many ways of using it in a script, but all the ways i tried it give me an error when i click "ok" in the assembler window.
How to use these?
here's one of my attempts:
Code: | cmp [[[r15]+60]+12C],0x00000002 |
Description: |
|
Filesize: |
25.14 KB |
Viewed: |
1748 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 137
Joined: 06 Jul 2014 Posts: 4250
|
Posted: Tue Sep 21, 2021 10:42 pm Post subject: |
|
|
[[[r15]+60]+12C] isn't a valid addressing mode. You need to traverse the pointer path manually. e.g.:
Code: | mov rax,[r15]
mov rax,[rax+60]
cmp [rax+12C],2 | Make sure that pointer path is correct, though. Right now you're using 3 offsets of 0, 60, and 12C.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
careca777 Expert Cheater Reputation: 0
Joined: 27 Jul 2013 Posts: 121
|
Posted: Wed Sep 22, 2021 2:43 am Post subject: |
|
|
Thank you, this makes sense now.
What made you select RAX to store? Any particular reason or it's just a random register for example?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 137
Joined: 06 Jul 2014 Posts: 4250
|
Posted: Wed Sep 22, 2021 11:36 am Post subject: |
|
|
That particular example was pretty much random. RIP isn't a general purpose register even though it looks like one, RSP you technically could write an arbitrary value to but definitely shouldn't, RBP could be in use as a stack frame pointer (even though that's less common nowadays), and R15 is probably being used by the game shortly after this cmp. Everything else is fair game though.
In a real case I'd take a closer look at the injection point (particularly the code that comes after it) and see which registers aren't in use. e.g. if I see this later on:
This overwrites the value of rax. If nothing else accessed rax between the injection point and that instruction, then that means rax isn't in use at the injection point, and it can be used without needing to backup/restore it with push/pop.
On the contrary, rsi is read from here, and so in order to not screw up the game any more than the code injection is already doing, it shouldn't be modified by the code injection (beyond what the game does, if anything).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|