 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
low_density
Expert Cheater
![]() Reputation: 1
Joined: 08 Aug 2009
Posts: 156
|
 Posted: Mon Mar 28, 2011 5:32 am Post subject: How to check if an address points to a valid value |
 |
|
hi, it's me again  need help on this issue, ok first of all, i realise that there's no instant cooldown cheat available in the cheat tables available in the cheat table section for the game Dragon Age Origins, so i've been trying to make my own script to allow instant cooldown for all my units. the problem is, ok, for example, the value of the cooldown timer for a skill is 0x0A123456, the opcode writing to the value is fstp dword ptr [esi+0C]. so i calculated that the esi value is 0x0A12344A. after using the handy and useful code structure dissector, i found out that at [esi+18], that is 0x0A123462, has a value of, like example, 0x0B123458, this value always points to an address that remains the same no matter what. so, the question is, how do i test and see if [esi+18] contains a valid pointer, that is , an pointer that points to a valid value? for my units, all of them have a value at [esi+18], and for the enemies, it is 0x00000000 at [esi+18], not to mention that, the opcode fstp dword ptr [esi+0C] not only handle cooldown timers, but it also handle other stuff. Any help will be gladly appreciated.
EDIT: ok, now i'm super confused with lea. what does it do actually? for example, lea eax,[esi+0C]. If the value stored at esi+0C is , for example, 0x12345678, does lea eax,[esi+0C] loads 0x12345678 into eax, or it loads the value of 0x12345678 into eax? confusing o.O
EDIT2: ok here's the supporting details for my 1st question:
| Code: |
0000 - pointer to ->00ADF604 ->00ADF604 ->00ADF604 ->00ADF604
0004 - pointer to ->00ADF5F0 ->00ADF5F0 ->00ADF5F0 ->00ADF5F0
0008 - Dword 0 0 0 0
000C - Dword 0 0 0 0
0010 - pointer to ->00ADF604 ->00ADF604 ->00ADF604 ->00ADF604
0014 - pointer to ->00ADF5F0 ->00ADF5F0 ->00ADF5F0 ->00ADF5F0
0018 - pointer to ->2A055530 ->2A057CE0 ->00000000 ->00000000
0000 - (4 Bytes) 430700356 430700356 ???????? ????????
|
ok, the value of my esi here, for the first column, is 24D072D4. [esi+18] = 24D072EC, i realise that this address points to a pointer that points to one more value which is common throughout the game, for all of my playable characters, 430700356 (19ABF744 in hex). Problem is, i need to first find out if [esi+18] is a valid pointer, and then if the address in [esi+18] is also a valid pointer. how do i do this? i tried a lot of ways, but i keep crashing at the checking part :/
|
|
| Back to top |
|
 |
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Mon Mar 28, 2011 2:01 pm Post subject: |
|
|
Put the pointer on a register (like eax for example) and use
| Code: | or eax,eax
je originalcode |
or you can also use
| Code: | or eax,eax
jz originalcode |
If the pointer is 0, the script will jump to originalcode or wherever you want.
You could also use cmp eax,0 if you want.
| Quote: | | EDIT: ok, now i'm super confused with lea. what does it do actually? for example, lea eax,[esi+0C]. If the value stored at esi+0C is , for example, 0x12345678, does lea eax,[esi+0C] loads 0x12345678 into eax, or it loads the value of 0x12345678 into eax? |
It will load esi+0C to eax, so the result will be eax="the address where the value is stored" and not the value itself. Otherwise it wouldn't make sense since lea would be the same as mov,[esi+0C]. Mov is saving the value, while lea is saving the address of the value.
| Quote: | | the opcode fstp dword ptr [esi+0C] not only handle cooldown timers, but it also handle other stuff |
Maybe you should look for another code then, which is accessing to the base address or similar. Or make more compares to make sure that you change the cooldown only. I don't know which would be the best because I didn't play the game at all.
_________________
|
|
| Back to top |
|
|
low_density
Expert Cheater
![]() Reputation: 1
Joined: 08 Aug 2009
Posts: 156
|
| Posted: Mon Mar 28, 2011 9:38 pm Post subject: |
|
|
Ok, i tried to make a code like this, but it crashes all day. is there any problems with this?
| Code: | newmem:
fstp dword ptr [esi+0C]
push eax
mov eax,[esi+18]
or eax,eax
je _ExitCD
cmp word ptr [eax],F744
jne _ExitCD
mov [esi+0C],(float)0
_ExitCD:
pop eax
lea ecx,[esi+04]
jmp _BackCD
|
i don't get it. it keeps crashing. does or eax, eax remove the value at eax or? o.O and also. how do you remove a value from the top of the stack?
the original code is
| Code: |
fstp dword ptr [esi+0C]
lea ecx,[esi+04]
|
i check with all the addresses that the opcode changes, only the addresses for my units' cooldown has that address at [esi+18],else others is just 0x00000000 at [esi+18]...
EDIT: i found out that the part that crashes the game is cmp word ptr [eax],F744. it seems like, i can't do anything with the brackets around eax.
for exampe, i tried to use
| Code: |
mov eax,[ecx]
mov [_mydebugadd],eax
|
the game loads the correct address, 19ABF744 into my debug address, but immediately after that, it crashes. when i remove the part where eax has brackets around it, it stopped crashing. my question is, why can't i add brackets around eax? o.o
EDIT 2:
ok i dunno what's the difference, but i finally managed to find out how to stop the crash -.-
| Code: |
mov ecx,[esi+18]
or ecx,ecx
je _ExitCD
lea ecx,[ecx]
mov [_debug1],ecx
cmp ecx,19ABF744
je _ExitCD
|
amazingly, when i changed the script to the one above, it stopped crashing and it's working as anticipated. can anyone tell me what is happening here lol.
|
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 112
Joined: 05 Feb 2010
Posts: 5627
|
| Posted: Tue Mar 29, 2011 2:26 am Post subject: |
|
|
| Quote: | | does or eax, eax remove the value at eax |
No it doesn't change the value on the register.
| Quote: | | how do you remove a value from the top of the stack? |
If you mean for the float, fstp is doing that for you.
As for why is it crashing with eax and not crashing with ecx, good question. Maybe some bug.
This code is saving ecx on ecx, so basically it does nothing.
And probably you should use 44F7AB19 instead.
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
