Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


finding address from a .pdb decompilation

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
sdecorme
Cheater
Reputation: 0

Joined: 07 Sep 2010
Posts: 33
PostPosted: Fri Jun 28, 2013 3:21 pm    Post subject: finding address from a .pdb decompilation Reply with quote
HI,
I have a software that I would like to snif some data .
In the main directory I've found a .pdb file and I've decompiled it.
I've found this

Function : static, [00475E50][0001:00474E50], len = 0000013A, public: virtual bool __thiscall DynamicObjectsProcessor::ExtractState(class NET::BitStream &)
Function attribute:
Function info:
FuncDebugStart : static, [00475E5C][0001:00474E5C]
FuncDebugEnd : static, [00475F81][0001:00474F81]
Data : enregistered ecx, Object Ptr, Type: class DynamicObjectsProcessor * const, this
Data : ebp Relative, [00000008], Param, Type: class NET::BitStream &, o_stream
Data : esp Relative, [FFFFFFC3], Local, Type: bool, objectRecorded
Data : esp Relative, [FFFFFFC4], Local, Type: const unsigned int *, it
Data : esp Relative, [FFFFFFC8], Local, Type: unsigned int, instanceIndex
Data : esp Relative, [FFFFFFD8], Local, Type: class GEM::GVector3, CameraAngle
CallSite : [0x0001:0x00474ef3] 0x00475EF3 void (class GEM::GVector3 &, class GEM::Position &)


And Would like to know how can I use cheatengine to track this data :
CameraAngle & Position .


Thanks you
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25831
Location: The netherlands
PostPosted: Fri Jun 28, 2013 3:31 pm    Post subject: Reply with quote
These are local vars so first need to be initialized by the function first.
Try setting a breakpoint at process.exe+00475EF3 and inspect the stack there. (Also look at the assemblercode there)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
sdecorme
Cheater
Reputation: 0

Joined: 07 Sep 2010
Posts: 33
PostPosted: Sun Jun 30, 2013 3:03 pm    Post subject: Reply with quote
Hi,
How can I set a breakpoint at this address if the game is not launched ?
I suppose I've to launch CE and after the game and I make a pause to search the good address.
Is it the good way ?
Thanks



Happy birthday Dark Byte Very Happy Very Happy Very Happy
Back to top
View user's profile Send private message
sdecorme
Cheater
Reputation: 0

Joined: 07 Sep 2010
Posts: 33
PostPosted: Mon Jul 01, 2013 1:48 pm    Post subject: Reply with quote
Hi back again with mytracking data, as you tell me I've open the memory viewer with the info I've found in the .pdb

Code:

Function       : static, [00475E50][0001:00474E50], len = 0000013A, public: virtual bool __thiscall DynamicObjectsProcessor::ExtractPhysicsState(class NET::BitStream &)
                 Function attribute:
                 Function info:
FuncDebugStart :   static, [00475E5C][0001:00474E5C]
FuncDebugEnd   :   static, [00475F81][0001:00474F81]
Data           :   enregistered ecx, Object Ptr, Type: class DynamicObjectsProcessor * const, this
Data           :   ebp Relative, [00000008], Param, Type: class NET::BitStream &, o_stream
Data           :   esp Relative, [FFFFFFC3], Local, Type: bool, objectRecorded
Data           :   esp Relative, [FFFFFFC4], Local, Type: const unsigned int *, it
Data           :   esp Relative, [FFFFFFC8], Local, Type: unsigned int, instanceIndex
Data           :   esp Relative, [FFFFFFD8], Local, Type: class GEM::GVector3, angularVelocity
Data           :   esp Relative, [FFFFFFF0], Local, Type: class GEM::GQuaternion, rotation
Data           :   esp Relative, [FFFFFFCC], Local, Type: class GEM::GVector3, position
Data           :   esp Relative, [FFFFFFE4], Local, Type: class GEM::GVector3, linearVelocity
CallSite       :   [0x0001:0x00474ef3]  0x00475EF3  void (class GEM::GVector3 &, class GEM::GQuaternion &)


Goto address : CamProcess.exe+00475E50 here is what I've found


Code:

CamProcess.DynamicObjectsProcessor::ExtractPhysicsState - 48                    - dec eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+1- 52                    - push edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+2- 89 44 24 24           - mov [esp+24],eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+6- 8B 44 24 48           - mov eax,[esp+48]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+A- 50                    - push eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+B- 89 4C 24 2C           - mov [esp+2C],ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+F- 8D 4C 24 28           - lea ecx,[esp+28]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+13- 51                    - push ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+14- 8D 14 3E              - lea edx,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+17- 52                    - push edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+18- 57                    - push edi
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+19- E8 022FFCFF           - call CamProcess.GEM::GQuaternion::BuildRotation+310
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+1E- 8D 0C 3E              - lea ecx,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+21- 83 C4 14              - add esp,14
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+24- 3B C1                 - cmp eax,ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+26- 74 13                 - je CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3B
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+28- 8B 54 24 24           - mov edx,[esp+24]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+2C- 3B 50 04              - cmp edx,[eax+04]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+2F- 72 0A                 - jb CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3B
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+31- 77 0B                 - ja CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3E
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+33- 8B 4C 24 20           - mov ecx,[esp+20]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+37- 3B 08                 - cmp ecx,[eax]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+39- 73 03                 - jae CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3E
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3B- 8D 04 3E              - lea eax,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3E- 8D 14 3E              - lea edx,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+41- 3B C2                 - cmp eax,edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+43- 74 57                 - je CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+9C
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+45- 8B 44 2B 10           - mov eax,[ebx+ebp+10]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+49- 8B 54 24 44           - mov edx,[esp+44]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+4D- 8B 5C 2B 14           - mov ebx,[ebx+ebp+14]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+51- C6 44 24 48 00        - mov byte ptr [esp+48],00
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+56- 8B 4C 24 48           - mov ecx,[esp+48]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+5A- 51                    - push ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+5B- 52                    - push edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+5C- 89 44 24 28           - mov [esp+28],eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+60- 8D 44 24 28           - lea eax,[esp+28]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+64- 50                    - push eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+65- 8D 0C 3E              - lea ecx,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+68- 51                    - push ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+69- 57                    - push edi
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+6A- 89 5C 24 38           - mov [esp+38],ebx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+6E- E8 AD2EFCFF           - call CamProcess.GEM::GQuaternion::BuildRotation+310
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+73- 8D 14 3E              - lea edx,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+76- 83 C4 14              - add esp,14
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+79- 3B C2                 - cmp eax,edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+7B- 74 0F                 - je CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8C
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+7D- 3B 58 04              - cmp ebx,[eax+04]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+80- 72 0A                 - jb CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8C
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+82- 77 0B                 - ja CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8F
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+84- 8B 4C 24 20           - mov ecx,[esp+20]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+88- 3B 08                 - cmp ecx,[eax]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8A- 73 03                 - jae CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8F
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8C- 8D 04 3E              - lea eax,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8F- 8B 4C 24 44           - mov ecx,[esp+44]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+93- 83 C0 08              - add eax,08
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+96- 50                    - push eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+97- E8 1410FBFF           - call CamProcess.PhysicsAnimators::ClosestPtSegmentSegment+1D0
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+9C- 8B 44 24 44           - mov eax,[esp+44]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+A0- 8D 54 24 18           - lea edx,[esp+18]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+A4- 3B D0                 - cmp edx,eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+A6- 74 13                 - je CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+BB
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+A8- 8B 4C 24 18           - mov ecx,[esp+18]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+AC- 8B 54 24 1C           - mov edx,[esp+1C]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+B0- 89 08                 - mov [eax],ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+B2- 89 50 04              - mov [eax+04],edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+B5- EB 04                 - jmp CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+BB
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+B7- 8B 44 24 44           - mov eax,[esp+44]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+BB- 8B 4C 24 28           - mov ecx,[esp+28]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+BF- 8B 49 08              - mov ecx,[ecx+08]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+C2- 8B 6C 29 20           - mov ebp,[ecx+ebp+20]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+C6- 8B 55 10              - mov edx,[ebp+10]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+C9- 09 50 18              - or [eax+18],edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+CC- 8B 4D 14              - mov ecx,[ebp+14]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+CF- 09 48 1C              - or [eax+1C],ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+D2- 8B 5C 24 44           - mov ebx,[esp+44]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+D6- F3 0F10 43 28         - movss xmm0,[ebx+28]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+DB- 0F2F 05 7433E100      - comiss xmm0,[CamProcess.exe+A13374]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+E2- 76 2C                 - jna CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+110
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+E4- 8B 53 18              - mov edx,[ebx+18]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+E7- 8B 73 1C              - mov esi,[ebx+1C]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+EA- 8B C2                 - mov eax,edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+EC- 23 05 E0F20E01        - and eax,[CamProcess.exe+CEF2E0]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+F2- 8B CE                 - mov ecx,esi
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+F4- 23 0D E4F20E01        - and ecx,[CamProcess.exe+CEF2E4]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+FA- 0B C1                 - or eax,ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+FC- 75 12                 - jne CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+110
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+FE- 0B 15 A0F20E01        - or edx,[CamProcess.exe+CEF2A0]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+104- 0B 35 A4F20E01        - or esi,[CamProcess.exe+CEF2A4]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+10A- 89 53 18              - mov [ebx+18],edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+10D- 89 73 1C              - mov [ebx+1C],esi
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+110- 8B 4C 24 34           - mov ecx,[esp+34]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+114- 64 89 0D 00000000     - mov fs:[00000000],ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+11B- 59                    - pop ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+11C- 5F                    - pop edi
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+11D- 5E                    - pop esi
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+11E- 5D                    - pop ebp
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+11F- 5B                    - pop ebx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+120- 83 C4 2C              - add esp,2C
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+123- C2 0800               - ret 0008
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+126- CC                    - int 3
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+127- CC                    - int 3
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+128- CC                    - int 3
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+129- CC                    - int 3
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+12A- CC                    - int 3
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+12B- CC                    - int 3
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+12C- CC                    - int 3
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+12D- CC                    - int 3
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+12E- CC                    - int 3
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+12F- CC                    - int 3
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+130- 51                    - push ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+131- 8B 4C 24 08           - mov ecx,[esp+08]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+135- 56                    - push esi
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+136- 8B 35 68B70C01        - mov esi,[CamProcess.CollidableObjectManager::s_collidableObjectProperties]
CamProcess.exe+475F8C                                   - 57                    - push edi
CamProcess.exe+475F8D                                   - 6B F6 68              - imul esi,esi,68


How can I read the register I'm not a CE king .

Thanks you
Code:
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25831
Location: The netherlands
PostPosted: Mon Jul 01, 2013 2:48 pm    Post subject: Reply with quote
I think your pdb is outdated or wrong (check that the filedate of camprocess.exe and the specific .pdb file are exactly the same)


Anyhow, I think the offsets are off by 1d0 or 310, so check
CamProcess.exe+00475c80 ( CamProcess.exe+00475E50-310 )
and
CamProcess.exe+00475b40 ( CamProcess.exe+00475E50-310 )

or scroll up till you see a "int 3"

here's a tip, keep in mind that this functions makes use of esp relative addressing, and PUSH modifies esp

so
Code:

mov eax,[esp+48]
push eax
mov [esp+2C],ecx

will work on different ESP addresses

so if ESP was 10000 at the beginning then
mov eax,[esp+48] would read from 10000+48=10048
push eax decreases ESP with 4 (so ESP turns into fffc )
mov [esp+2c],ecx would then write ecx to fffc+2c=10028
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping


Last edited by Dark Byte on Wed Jul 03, 2013 7:24 am; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
sdecorme
Cheater
Reputation: 0

Joined: 07 Sep 2010
Posts: 33
PostPosted: Wed Jul 03, 2013 6:42 am    Post subject: Reply with quote
what is the filedata ?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25831
Location: The netherlands
PostPosted: Wed Jul 03, 2013 7:24 am    Post subject: Reply with quote
filedate
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
sdecorme
Cheater
Reputation: 0

Joined: 07 Sep 2010
Posts: 33
PostPosted: Thu Jul 04, 2013 2:47 am    Post subject: Reply with quote
Ok,
You're right not the same modified date
I will try to track my data with pointer scan , now I know the structure is will be more easy.
Thanks you
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites