 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
abystus
Expert Cheater
 Reputation: 1
Joined: 09 Dec 2010
Posts: 140
|
 Posted: Wed Apr 11, 2012 6:27 pm Post subject: Multi-Level Pointer Issue |
 |
|
So recently I've run into an issue where the pointer that I find under "Find what writes to this address" does not return any results when searching for it's register value in a 4 byte Hexadecimal search. The tutorial (Step 8) is very simple, straight forward, and works every time.
An example game would be "America's Army 1" for infinite ammunition in the single player training mode. I do the following:
| Code: |
- Find the Address (black addy).
- Find out what writes to the address (only one listing when I shoot).
- I notice the register inside the mov instruction, and double click the instruction (notice what it tells me I should be searching for, and also the value of the register which are usually the same).
- Search for the value of the register as a new search (Hex checked and 4 bytes).
- No results returned.
|
I guess my question is, am I doing something wrong? Also, are there games out there that just don't work the same as the tutorial when reversing to base address? Any help is appreciated in guiding me to the light...
Edit:
I'm running 64 bit Win 7 using the 32 bit 6.1 application if it makes a difference.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25806
Location: The netherlands
|
| Posted: Wed Apr 11, 2012 6:36 pm Post subject: |
|
|
Don't use find what writes. Use find what accesses
Also, manually check the register and the instruction in front. Perhaps a calculation is done on that registers which you need to apply
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
abystus
Expert Cheater
Reputation: 1
Joined: 09 Dec 2010
Posts: 140
|
| Posted: Wed Apr 11, 2012 7:22 pm Post subject: |
|
|
| Dark Byte wrote: | Don't use find what writes. Use find what accesses
Also, manually check the register and the instruction in front. Perhaps a calculation is done on that registers which you need to apply |
I tried that way as well. While it does return a result on the register, it doesn't have a static value in the results. The pointer (1 of the 2 results) is constantly changing values every second, and the second changed to all zeros shortly after displaying.
The two instructions that show when I fire:
mov eax,[ebx]
| Code: |
10142D32 - FF 15 A8612110 - call dword ptr [GNatives+108]
10142D38 - 8B 54 24 10 - mov edx,[esp+10]
10142D3C - 8B 03 - mov eax,[ebx] <<
10142D3E - 2B C2 - sub eax,edx
10142D40 - 5E - pop esi
EAX=00000012
EBX=0F9F2CB0
ECX=0F9F2A00
EDX=00000001
ESI=0018BE58
EDI=0018B544
ESP=0018B508
EBP=0F9F2A00
EIP=10142D3E
|
mov [ebx], eax
| Code: |
10142D3E - 2B C2 - sub eax,edx
10142D40 - 5E - pop esi
10142D41 - 89 03 - mov [ebx],eax <<
10142D43 - 8B D8 - mov ebx,eax
10142D45 - 8B 44 24 10 - mov eax,[esp+10]
EAX=00000011
EBX=0F9F2CB0
ECX=0F9F2A00
EDX=00000001
ESI=0018BE58
EDI=0018B544
ESP=0018B50C
EBP=0F9F2A00
EIP=10142D43
|
Snip of ASM:
| Code: |
FPlane::TransformBy+3F317 - -
FPlane::TransformBy+3F318 - 8B 4E 08 - mov ecx,[esi+08]
FPlane::TransformBy+3F31B - 56 - push esi
FPlane::TransformBy+3F31C - 89 46 0C - mov [esi+0C],eax
FPlane::TransformBy+3F31F - FF 14 95 A0602110 - call dword ptr [edx*4+GNatives]
FPlane::TransformBy+3F326 - 8B 56 0C - mov edx,[esi+0C]
FPlane::TransformBy+3F329 - 42 - inc edx
FPlane::TransformBy+3F32A - 8B C2 - mov eax,edx
FPlane::TransformBy+3F32C - 89 56 0C - mov [esi+0C],edx
FPlane::TransformBy+3F32F - 80 38 42 - cmp byte ptr [eax],42
FPlane::TransformBy+3F332 - 75 10 - jne FPlane::TransformBy+3F344
FPlane::TransformBy+3F334 - 8B 4E 08 - mov ecx,[esi+08]
FPlane::TransformBy+3F337 - 40 - inc eax
FPlane::TransformBy+3F338 - 6A 00 - push 00
FPlane::TransformBy+3F33A - 56 - push esi
FPlane::TransformBy+3F33B - 89 46 0C - mov [esi+0C],eax
FPlane::TransformBy+3F33E - FF 15 A8612110 - call dword ptr [GNatives+108]
FPlane::TransformBy+3F344 - 8B 54 24 10 - mov edx,[esp+10]
FPlane::TransformBy+3F348 - 8B 03 - mov eax,[ebx]
FPlane::TransformBy+3F34A - 2B C2 - sub eax,edx
FPlane::TransformBy+3F34C - 5E - pop esi
FPlane::TransformBy+3F34D - 89 03 - mov [ebx],eax
|
Both of these have no offset, and also no odd calculation before it (other than the sub eax,edx) I did notice a register was popped (ESI), but it wasn't EBX so I neglected it. Thanks for the help thus far.
|
|
| Back to top |
|
|
abystus
Expert Cheater
Reputation: 1
Joined: 09 Dec 2010
Posts: 140
|
| Posted: Sun Apr 15, 2012 10:46 pm Post subject: |
|
|
| This was easily solved with the pointer scanner. Dark Byte you are the man! Even the tutorial (step 8) was easily torn down with it. This is by far one of the most useful things I've used in Cheat Engine yet. Keep up the great work!
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
