Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Structure compare offsets, how to use them?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
careca777
Expert Cheater
Reputation: 0

Joined: 27 Jul 2013
Posts: 121

PostPosted: Tue Sep 21, 2021 4:35 pm    Post subject: Structure compare offsets, how to use them? Reply with quote

Hi! I have found what seems to be good offsets, but the problem is that there are 2 levels.
I tried many ways of using it in a script, but all the ways i tried it give me an error when i click "ok" in the assembler window.
How to use these?
here's one of my attempts:

Code:
cmp [[[r15]+60]+12C],0x00000002



Screenshot 2021-09-21 230959.png
 Description:
 Filesize:  25.14 KB
 Viewed:  1747 Time(s)

Screenshot 2021-09-21 230959.png


Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 137

Joined: 06 Jul 2014
Posts: 4250

PostPosted: Tue Sep 21, 2021 10:42 pm    Post subject: Reply with quote

[[[r15]+60]+12C] isn't a valid addressing mode. You need to traverse the pointer path manually. e.g.:
Code:
mov rax,[r15]
mov rax,[rax+60]
cmp [rax+12C],2
Make sure that pointer path is correct, though. Right now you're using 3 offsets of 0, 60, and 12C.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
careca777
Expert Cheater
Reputation: 0

Joined: 27 Jul 2013
Posts: 121

PostPosted: Wed Sep 22, 2021 2:43 am    Post subject: Reply with quote

Thank you, this makes sense now.
What made you select RAX to store? Any particular reason or it's just a random register for example?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 137

Joined: 06 Jul 2014
Posts: 4250

PostPosted: Wed Sep 22, 2021 11:36 am    Post subject: Reply with quote

That particular example was pretty much random. RIP isn't a general purpose register even though it looks like one, RSP you technically could write an arbitrary value to but definitely shouldn't, RBP could be in use as a stack frame pointer (even though that's less common nowadays), and R15 is probably being used by the game shortly after this cmp. Everything else is fair game though.

In a real case I'd take a closer look at the injection point (particularly the code that comes after it) and see which registers aren't in use. e.g. if I see this later on:
Code:
mov eax,[rsi+30]
This overwrites the value of rax. If nothing else accessed rax between the injection point and that instruction, then that means rax isn't in use at the injection point, and it can be used without needing to backup/restore it with push/pop.
On the contrary, rsi is read from here, and so in order to not screw up the game any more than the code injection is already doing, it shouldn't be modified by the code injection (beyond what the game does, if anything).

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites