Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


How to interpret this function?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
ionut_baluca
Newbie cheater
Reputation: 0

Joined: 08 Jan 2016
Posts: 20

PostPosted: Mon Dec 02, 2024 12:31 pm    Post subject: How to interpret this function? Reply with quote

This is the link of the Memory View:

https://prnt.sc/J0upvY_rj9cn

So:

Code:
mov [rbx+r8],r11d


This instruction is writting on my actual Gold Collected.
However, if I change the value of Gold Collected, boom crash.

This game is a singleplayer browser game made with unity, I already managed to get 1hitkill script on it (thanks ParkourPenguin), edit damage, HP etc. Now i'm trying with resources but it seems that they are being checked by some code and make the game crash.


Now on memory view I see this code that have a lot of registers moving around and 2 comparisons. I can't understand exactly what all this mess of a code is doing, anyone layman enough to explain it to me?
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 148

Joined: 06 Jul 2014
Posts: 4586

PostPosted: Mon Dec 02, 2024 3:27 pm    Post subject: Reply with quote

It would be better if you copied and pasted text rather than images. Use shift + left click to select a range of instructions, Ctrl+C to open the copy window, then copy addresses and opcodes (instructions). Comments might be important too; bytes probably aren't important.

You've only posted part of the function. This makes it much harder to speculate what that section of code is doing. The values of all the registers at any point in the loop would be useful too.

That looks like a weird way of moving several contiguous values within the array (like std::copy in C++). "Weird" because it's unrolled and moves 2 elements in 1 loop iteration. After the final instruction in that image, `mov edx,r11d`, edx and r15 will be set to the index of every other element in the array. Maybe the array semantically stores pairs of 4-byte values.

If this is some mono game, try enabling mono features in the menu of the main CE window then go to that code in the disassembler. The class / function name might say what it does.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
ionut_baluca
Newbie cheater
Reputation: 0

Joined: 08 Jan 2016
Posts: 20

PostPosted: Mon Dec 02, 2024 4:15 pm    Post subject: Reply with quote

ParkourPenguin wrote:
It would be better if you copied and pasted text rather than images. Use shift + left click to select a range of instructions, Ctrl+C to open the copy window, then copy addresses and opcodes (instructions). Comments might be important too; bytes probably aren't important.

You've only posted part of the function. This makes it much harder to speculate what that section of code is doing. The values of all the registers at any point in the loop would be useful too.

That looks like a weird way of moving several contiguous values within the array (like std::copy in C++). "Weird" because it's unrolled and moves 2 elements in 1 loop iteration. After the final instruction in that image, `mov edx,r11d`, edx and r15 will be set to the index of every other element in the array. Maybe the array semantically stores pairs of 4-byte values.

If this is some mono game, try enabling mono features in the menu of the main CE window then go to that code in the disassembler. The class / function name might say what it does.


Game is played on brower, no mono feature.

This is a big chunk on memory view around that function:


Code:
2522258AF503 - mov [rcx+38],edx
2522258AF506 - mov r15d,[r15+3C]
2522258AF50A - mov [rcx+3C],r15d
2522258AF50E - add r8d,40 { 64 }
2522258AF512 - cmp r8d,r11d
2522258AF515 - jbe 2522258AF480
2522258AF51B - mov edx,r12d
2522258AF51E - cmp r9d,r8d
2522258AF521 - jbe 2522258AF65B
2522258AF527 - nop word ptr [rax+rax+00000000]
2522258AF530 - nop word ptr [rax+rax+00000000]
2522258AF539 - nop dword ptr [rax+00000000]
2522258AF540 - cmp rsp,[r13-60]
2522258AF544 - jbe 2522258AF769
2522258AF54A - lea r11d,[rdx+04]
2522258AF54E - mov r12d,edx
2522258AF551 - mov r12d,[rbx+r12]
2522258AF555 - mov r15d,r8d
2522258AF558 - mov [rbx+r15],r12d
2522258AF55C - add r8d,04 { 4 }
2522258AF560 - cmp r8d,r9d
2522258AF563 - jae 2522258AF581
2522258AF569 - lea edx,[r11+04]
2522258AF56D - mov r11d,[rbx+r11]
2522258AF571 - mov [rbx+r8],r11d
2522258AF575 - add r8d,04 { 4 }
2522258AF579 - cmp r8d,r9d
2522258AF57C - jb 2522258AF540
2522258AF57E - mov r11d,edx
2522258AF581 - mov edx,r11d
2522258AF584 - jmp 2522258AF65B
2522258AF589 - cmp edi,04 { 4 }
2522258AF58C - jb 2522258AF658
2522258AF592 - lea r8d,[rdi-04]
2522258AF596 - cmp r8d,eax
2522258AF599 - jb 2522258AF658


And this is the code that's interesting me the most:



Code:
2522258AF540 - cmp rsp,[r13-60]
2522258AF544 - jbe 2522258AF769
2522258AF54A - lea r11d,[rdx+04]
2522258AF54E - mov r12d,edx
2522258AF551 - mov r12d,[rbx+r12]
2522258AF555 - mov r15d,r8d
2522258AF558 - mov [rbx+r15],r12d
2522258AF55C - add r8d,04 { 4 }
2522258AF560 - cmp r8d,r9d
2522258AF563 - jae 2522258AF581
2522258AF569 - lea edx,[r11+04]
2522258AF56D - mov r11d,[rbx+r11]
2522258AF571 - mov [rbx+r8],r11d
2522258AF575 - add r8d,04 { 4 }
2522258AF579 - cmp r8d,r9d
2522258AF57C - jb 2522258AF540
2522258AF57E - mov r11d,edx
2522258AF581 - mov edx,r11d


For some reason if I do a code injection to move 1.000 resources into r12d register that subsequently will move that value into [rbx+r15] game will just crash and I have no idea why.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 148

Joined: 06 Jul 2014
Posts: 4586

PostPosted: Mon Dec 02, 2024 5:25 pm    Post subject: Reply with quote

That code almost certainly accesses more than one address. You can try doing what's done in step 9 of the CE tutorial, but that's easier said than done in practice.

If that's a javascript game, use your browser's javascript tools to hack it; otherwise, see if the developer has a downloadable desktop version available.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
ionut_baluca
Newbie cheater
Reputation: 0

Joined: 08 Jan 2016
Posts: 20

PostPosted: Tue Dec 03, 2024 1:03 pm    Post subject: Reply with quote

ParkourPenguin wrote:
That code almost certainly accesses more than one address. You can try doing what's done in step 9 of the CE tutorial, but that's easier said than done in practice.

If that's a javascript game, use your browser's javascript tools to hack it; otherwise, see if the developer has a downloadable desktop version available.


Well, seems the game have some protection stuff because once i "Find out what addresses this instruction accesses" it spams me with thousands of addresses even with game paused. After I did that, the current Collected Coins address stopped working too and didn't increase it's value anymore. How does someone hack that stuff.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites