 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
BufferOverflow
How do I cheat?
![]() Reputation: 0
Joined: 18 Jan 2015
Posts: 6
|
 Posted: Sun Jan 18, 2015 9:09 am Post subject: Breakpoint to retrieve esi register |
 |
|
Hello,
lets say i have a function that looks like this:
| Code: |
Test.exe+3446A0 - push ebp
Test.exe+3446A1 - mov ebp,esp
Test.exe+3446A3 - movss xmm1,[ebp+08]
Test.exe+3446A8 - push esi
Test.exe+3446A9 - mov esi,ecx
Test.exe+3446AB - movaps xmm0,xmm1
Test.exe+3446AE - movss xmm2,[esi+24]
Test.exe+3446B3 - movss xmm4,[esi+20]
Test.exe+3446B8 - subss xmm0,xmm2
Test.exe+3446BC - xorps xmm3,xmm3
Test.exe+3446BF - comiss xmm0,xmm3
Test.exe+3446C2 - jb Test.exe+3446C9
Test.exe+3446C4 - movaps xmm0,xmm2
Test.exe+3446C7 - jmp Test.exe+3446CC
Test.exe+3446C9 - movaps xmm0,xmm1
Test.exe+3446CC - subss xmm2,xmm1
Test.exe+3446D0 - comiss xmm2,xmm3
Test.exe+3446D3 - jae Test.exe+3446D8
Test.exe+3446D5 - movaps xmm1,xmm0
Test.exe+3446D8 - movaps xmm0,xmm4
Test.exe+3446DB - subss xmm0,xmm1
Test.exe+3446DF - comiss xmm0,xmm3
Test.exe+3446E2 - jb Test.exe+3446E9
Test.exe+3446E4 - movaps xmm2,xmm4
Test.exe+3446E7 - jmp Test.exe+3446EC
Test.exe+3446E9 - movaps xmm2,xmm1
Test.exe+3446EC - movaps xmm0,xmm1
Test.exe+3446EF - subss xmm0,xmm4
Test.exe+3446F3 - comiss xmm0,xmm3
Test.exe+3446F6 - jae Test.exe+3446FB
Test.exe+3446F8 - movaps xmm1,xmm2
Test.exe+3446FB - movss [esi+38],xmm1
Test.exe+344700 - call Test.exe+35E6D0
Test.exe+344705 - movss xmm0,[esi+38]
Test.exe+34470A - mov edx,[eax]
Test.exe+34470C - push ecx
Test.exe+34470D - mov ecx,eax
Test.exe+34470F - movss [esp],xmm0
Test.exe+344714 - call dword ptr [edx+7C]
Test.exe+344717 - pop esi
Test.exe+344718 - pop ebp
Test.exe+344719 - ret 0004
|
The address im after is stored inside the esi register at Test.exe+3446FB so my assumption is that i need to put a breakpoint here, move the esi value to a variable and then remove the breakpoint.
How would i do something like this in C# (or c if c# isn't possible)? |
|
| Back to top |
|
 |
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Sun Jan 18, 2015 11:36 am Post subject: |
|
|
The way i do it in C# is to jump from the instruction address to a cave, copy the register and then jump back.
My class calculates everything for me so basically all i need to do is
Mem.Accessed("Test.exe+3446FB", 5, "esi");
If you want, I could give you a copy of my memory class so you can see how I did it, or use it. At the time when I made it, I couldn't find any tutorials, so i had to work things out for myself.
What is this Test.exe? Can you upload it for me so I could show you an example using that Test app?
_________________
|
|
| Back to top |
|
|
BufferOverflow
How do I cheat?
![]() Reputation: 0
Joined: 18 Jan 2015
Posts: 6
|
| Posted: Sun Jan 18, 2015 11:56 am Post subject: |
|
|
| Pingo wrote: | The way i do it in C# is to jump from the instruction address to a cave, copy the register and then jump back.
My class calculates everything for me so basically all i need to do is
Mem.Accessed("Test.exe+3446FB", 5, "esi");
If you want, I could give you a copy of my memory class so you can see how I did it, or use it. At the time when I made it, I couldn't find any tutorials, so i had to work things out for myself.
What is this Test.exe? Can you upload it for me so I could show you an example using that Test app? |
If you could send the class that would be wonderful! The Test.exe is actually a game that i just renamed. I assume the "5" is the size of the opcode? |
|
| Back to top |
|
|
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Sun Jan 18, 2015 12:14 pm Post subject: |
|
|
Yeah 5 is the size to the next safe place to jump. The number can be different depending on the size of the instruction since a jump requires 5 bytes and some instructions are less or more than 5 bytes. That way the next instruction isn't overwritten and any extra bytes can be nopped. I'll put a sample together for you later. I'm not home atm.
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
