Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How do I use complex break and trace?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
kagato1980
Cheater
Reputation: 0

Joined: 30 Oct 2020
Posts: 30
Location: The netherlands
PostPosted: Thu Apr 13, 2023 7:29 am    Post subject: How do I use complex break and trace? Reply with quote
I'm trying to do some hacking on an emulated game through the Fusion emulator, but running into some problems:

I tried a simple break and trace condition for this line:
Code:
mov [edi+1],dl


with this easy condition:
Code:
readInteger(EDI+0x1)==0xC36FBBD


But it didn't stop. Also, the program runs very slowly, barely usable. I read that I can speed up the check by using a complex break and trace, but I can't find any examples of how this would work. I assume you use Lua?

Would appreciate if anyone can convert my simple break to a complex one (or point me to some docs/examples).
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4725
PostPosted: Thu Apr 13, 2023 10:55 am    Post subject: Reply with quote
readInteger reads the 4-byte integer at the specified address. That instruction is writing a 1-byte value. If you want to compare if the address is the same, use `EDI+1==0xC36FBBD`

kagato1980 wrote:
I read that I can speed up the check by using a complex break and trace
That's incorrect.

If the address is written to less frequently than that instruction executes, it might be better to watch writes to that address.
Go to that address in the disassembler, make sure the display type is set to Byte (hex or decimal), right click the byte at that address, click "Data Breakpoint -> Break and trace", and in the "Tracer" window, click "File -> New Trace". If that instruction is the only one that writes to the address, you can go ahead with no condition; otherwise, set whatever condition you want. Testing against EIP or the value of the address itself might be good.
N.B.: regarding break-on-write/access hardware breakpoints, EIP will be the address of the instruction after the instruction that wrote to the address. This is in contrast to break-on-execute breakpoints where EIP is the address of the instruction that the breakpoint was set on.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25859
Location: The netherlands
PostPosted: Thu Apr 13, 2023 11:14 am    Post subject: Reply with quote
i would do a codeinjection and then add a cmp for that reason then when it matches make it execute a nop and then return, and if not do the usual code

then set a break and trace on that nop
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
kagato1980
Cheater
Reputation: 0

Joined: 30 Oct 2020
Posts: 30
Location: The netherlands
PostPosted: Fri Apr 14, 2023 3:04 am    Post subject: Reply with quote
Dark Byte wrote:
i would do a codeinjection and then add a cmp for that reason then when it matches make it execute a nop and then return, and if not do the usual code

then set a break and trace on that nop


Thanks! It worked, but I don't understand why it only works if I leave out the brackets..I thought the brackets indicated the value at that address was a pointer? Then how can I do a direct compare on the address itself?
(I left the +1 and subtracted 1 from the address, seemed cleaner)

Code:
newmem:
  cmp edi,E38FBBC
  jne code
  nop

code:
  mov [edi+01],dl
  pop edi
  ret
  jmp return
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25859
Location: The netherlands
PostPosted: Fri Apr 14, 2023 3:11 am    Post subject: Reply with quote
edi+1 is e38fbbd
[edi+1] is the value at e38fbbd

you obviously want edi+1 so use the version without brackets
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
kagato1980
Cheater
Reputation: 0

Joined: 30 Oct 2020
Posts: 30
Location: The netherlands
PostPosted: Fri Apr 14, 2023 3:43 am    Post subject: Reply with quote
Dark Byte wrote:
edi+1 is e38fbbd
[edi+1] is the value at e38fbbd

you obviously want edi+1 so use the version without brackets


Ah of course..thanks for the help!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites