Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


CE values different from in-game values. Help please.
Goto page Previous  1, 2
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Fri Sep 11, 2015 3:05 pm    Post subject: Reply with quote

Increase the final offset in your pointer by 1, 2, and 3, while keeping the 1-byte size.
Change those values and see if they have any impact on your magic find.

For example, the pointer in your screenshot showed the address 0047F938.
Create 1-byte address for 0047F939, 0047F93A, and 0047F93B as well.
Only change the value in those 3 new addresses and see if it has an impact.
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Fri Sep 11, 2015 3:06 pm    Post subject: Reply with quote

Okay which movsx only shows up when you're standing still and have MF on, but aren't changing your gear?
_________________
Back to top
View user's profile Send private message
Tirpitz721
Newbie cheater
Reputation: 0

Joined: 10 Sep 2015
Posts: 14

PostPosted: Fri Sep 11, 2015 3:17 pm    Post subject: Reply with quote

Rydian wrote:
Okay which movsx only shows up when you're standing still and have MF on, but aren't changing your gear?


The "count" keeps going up, at 5k now. I made a new game with the 25% MF ring equipped, I just opened up the character window and inventory window, didn't move or anything.

Will try what Zanzer suggested, if I can figure it out.

*EDIT*

Zanzer wrote:
Increase the final offset in your pointer by 1, 2, and 3, while keeping the 1-byte size.
Change those values and see if they have any impact on your magic find.

For example, the pointer in your screenshot showed the address 0047F938.
Create 1-byte address for 0047F939, 0047F93A, and 0047F93B as well.
Only change the value in those 3 new addresses and see if it has an impact.


That address changes it seems....



changed 2.png
 Description:
 Filesize:  75 KB
 Viewed:  5525 Time(s)

changed 2.png



base.png
 Description:
 Filesize:  807.96 KB
 Viewed:  5533 Time(s)

base.png


Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Fri Sep 11, 2015 4:11 pm    Post subject: Reply with quote

Yes, the address changes. Increase whatever it changes to by 1, 2, and 3.
If you double-click your current pointer, it'll have offsets listed.
You can simply increase the top offset by 1, 2, and 3.
Copy and paste the current table address to make copies.
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Fri Sep 11, 2015 4:27 pm    Post subject: Reply with quote

So my line of thought was something like...
Quote:
Click one of the movsx instructions and then click Show Disassembler. That should target it in the upper half of the memory viewer window. In there, right-click it and Find What Addresses This Instructions Accesses and it should target the proper addresses instead of the middle of them potentially.

Then I was like "oh wait it's actually just byte in the movsx".

So... I guess do that for all four movsx instructions and see if the addresses they're accessing are the same or different?

_________________
Back to top
View user's profile Send private message
Tirpitz721
Newbie cheater
Reputation: 0

Joined: 10 Sep 2015
Posts: 14

PostPosted: Fri Sep 11, 2015 4:30 pm    Post subject: Reply with quote

Not sure I am following you. I double clicked it and this is what it looks like. Sorry I have no idea wtf I am doing, everything is pretty Greek to me. Explain it to me like if I were a five year old Very Happy


Untitled1.png
 Description:
 Filesize:  117.32 KB
 Viewed:  5492 Time(s)

Untitled1.png


Back to top
View user's profile Send private message
panraven
Grandmaster Cheater
Reputation: 62

Joined: 01 Oct 2008
Posts: 960

PostPosted: Fri Sep 11, 2015 4:47 pm    Post subject: Reply with quote

Not sure if this of any use... I saw there seems a pattern in a pic in previous page, so I try to find what the pattern is, this the result.

Code:
0B32F480 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F4A8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F4D0 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F4F8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F520 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F548 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F570 .. .. .. .. .. .. .. 06 .. .. 04 .. .. .. .. .. .. .. .. .. .. .. .. .. .. 06 .. .. 04 .. .. .. .. .. .. .. .. .. .. ..
0B32F598 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 01
0B32F5C0 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 01 .. .. 0A .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F5E8 .. .. .. .. .. .. .. .. .. .. .. .. .. 02 .. .. 08 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..[09].. .. .. .. ..
0B32F610 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F638 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F660 .. 03 .. .. 0C .. .. .. .. .. .. .. .. .. .. .. .. .. .. 01 .. .. 0E .. .. .. .. .. .. .. .. .. .. .. .. .. .. 02 .. ..
0B32F688 03 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F6B0 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 02 .. .. 0D .. .. .. .. .. .. ..
0B32F6D8 .. 01 .. .. .. .. .. 07 .. .. 0D .. .. .. .. .. .. .. .. .. .. .. .. .. .. 01 .. .. 06 .. .. .. .. .. .. .. .. .. .. ..
0B32F700 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F728 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 06 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F750 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F778 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F7A0 .. .. .. .. .. 01 .. .. 09 .. .. .. .. .. .. .. .. .. .. .. .. .. .. 08 .. .. 09 .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F7C8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F7F0 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 05 .. .. ..
0B32F818 .. .. .. .. .. 0B .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F840 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F868 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F890 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 05 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 03 ..
0B32F8B8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F8E0 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F908 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. 04 .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F930 .. 02 .. .. 0F .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..[01].. ..
0B32F958[09].. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F980 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F9A8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F9D0 .. .. 0F 0F 0F 0F 02 0F 0F 0F 0F .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32F9F8 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32FA20 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32FA48 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32FA70 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32FA98 .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..
0B32FACO .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. .. ..

81-byte pattern
90 BB E9 F1 52 49 E9 AE F1 90 BB E9 F1 ... (snip) ... E F1 90 BB E9 F1 52 49 E9 AE F1

restruct to 9x9-byte pattern
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1
90 BB E9 F1 52 49 E9 AE F1

It seems
(display byte - 9-byte-pattern + 256) % 256 => real byte?

If there are an isolated constant pattern of "90 BB E9 F1 52 49 E9 AE F1" from other address, it may be used in some encrypt/decrypt subroutine?

bye~


ADDED:

1. I replace the '00' with '..' so that some more pattern can be easier seen. It seem most logical 'value' in this region is in 3-byte size each, except that of b32f9d0.

2. the 9-byte pattern may be from an addition instead of substration, so that the referenced 9-byte pattern may be '70 45 17 0F 9E B7 17 52 0F', and it is not necessary start from '70 45 17...' or '90 bb e9...'. oops :O

3. there may be some debugger has some xlat function that can be reveal some simple encryption, but I can't find one from google. (I saw this function in heiw.exe but it is not a runtime debugger). .... may be a custom translate function in ce memory view 'display type' option?

bye~

_________________
- Retarded.


Last edited by panraven on Fri Sep 11, 2015 7:12 pm; edited 2 times in total
Back to top
View user's profile Send private message
Tirpitz721
Newbie cheater
Reputation: 0

Joined: 10 Sep 2015
Posts: 14

PostPosted: Fri Sep 11, 2015 4:54 pm    Post subject: Reply with quote

panraven,

Wow no idea how you got all that information, pretty clever. No idea what to do with it either. This stuff is so far over my head I completely lost. I figured all I needed to do was find the pointer and I'd be set for fixing the magic find value... how wrong I was.
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Fri Sep 11, 2015 5:14 pm    Post subject: Reply with quote

Yeah the issue is finding what the value is stored as.

So no luck finding your total MF value by searching for the number when it changes?

_________________
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Fri Sep 11, 2015 5:14 pm    Post subject: Reply with quote

Change the 950 to 951. Click OK. Change the value and see if your MF changes.
Change the 951 to 952. Click OK. Change the value and see if your MF changes again.
Change the 952 to 953. Click OK. Change the value and see if your MF changes again.

If your MF changes at each place, then it is likely as panraven stated. The value is encrypted.
Figuring out how to decrypt it is probably beyond your ability and too complicated for us to walk you through it.
Back to top
View user's profile Send private message
Tirpitz721
Newbie cheater
Reputation: 0

Joined: 10 Sep 2015
Posts: 14

PostPosted: Fri Sep 11, 2015 5:23 pm    Post subject: Reply with quote

Rydian wrote:
Yeah the issue is finding what the value is stored as.

So no luck finding your total MF value by searching for the number when it changes?


So wait, you want me to search for the magic find number represented in game, or the represented value in CE?

Zanzer wrote:
Change the 950 to 951. Click OK. Change the value and see if your MF changes.
Change the 951 to 952. Click OK. Change the value and see if your MF changes again.
Change the 952 to 953. Click OK. Change the value and see if your MF changes again.

If your MF changes at each place, then it is likely as panraven stated. The value is encrypted.
Figuring out how to decrypt it is probably beyond your ability and too complicated for us to walk you through it.


K that's what I thought it was, but I wanted to be sure as to not mess anything up. So I did what you asked, and there was no change in game of the magic find value.
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Fri Sep 11, 2015 6:10 pm    Post subject: Reply with quote

The one represented in-game, were you ever able to find that normally?
_________________
Back to top
View user's profile Send private message
Tirpitz721
Newbie cheater
Reputation: 0

Joined: 10 Sep 2015
Posts: 14

PostPosted: Fri Sep 11, 2015 6:43 pm    Post subject: Reply with quote

Rydian wrote:
The one represented in-game, were you ever able to find that normally?


No I was never able to find that. I used the "unknown value" to start, then increase/decrease when I was changing the rings in game to whittle it down. That's pretty much the problem, the in game value has nothing to do with the value displayed in CE. As I listed in the OP, 174 (byte value) = 0% MF in game.

That's what you were asking right?

When I first started I was looking for the in game stat, which was 21% and 25%. I found them, but when I tried to change the value it crashed the game. This was a head scratcher until I realized what was going on. The values it was finding were the 21% and 25% values on the ring, in my inventory, not the MF value stat on my character.
Back to top
View user's profile Send private message
Zanzer
I post too much
Reputation: 126

Joined: 09 Jun 2013
Posts: 3278

PostPosted: Fri Sep 11, 2015 7:39 pm    Post subject: Reply with quote

If only you knew assembly and could break and trace the instruction to see what it's doing. Smile
It almost appears as if the value is really 4-bytes but the game spread them out in memory in 1-byte chunks.
You simply can't have such a huge value as you've shown using a single byte.
Back to top
View user's profile Send private message
Tirpitz721
Newbie cheater
Reputation: 0

Joined: 10 Sep 2015
Posts: 14

PostPosted: Fri Sep 11, 2015 9:37 pm    Post subject: Reply with quote

Unfortunately it's over my head. How difficult is it to learn? Like are there videos or something a person could watch? That's pretty much how I learned to find the pointer, the power of YouTube.

But you're probably right about it being a 4 byte value. I was never able to get it over 15% MF in game by changing the value in byte. Problem with the 4 Byte value is changing it yields a ridiculously large MF value.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Goto page Previous  1, 2
Page 2 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites