 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
elusiveness
Newbie cheater
 Reputation: 1
Joined: 16 Feb 2016
Posts: 22
|
 Posted: Thu Dec 29, 2016 2:42 am Post subject: How do you call this feature of CE? |
 |
|
Hi guys!
So here is my problem and how i try to solve it: I have a value displayed on the UI, its updated about 20 or more times per secs. I strongly suspect this value to be the addition of two others values. When i do find out what writes to this address i have the following opcodes:
| Code: |
whatever.exe+371888F - mov eax,[rsp+00000088]
whatever.exe+3718896 - mov rsi,[rsp+58]
whatever.exe+371889B - mov [rdi+000000D0],eax
whatever.exe+37188A1 - mov eax,[rsp+00000090]
whatever.exe+37188A8 - mov [rdi+000000D8],r15d
whatever.exe+37188AF - mov r15,[rsp+38]
whatever.exe+37188B4 - mov [rdi+000000DC],r14d
whatever.exe+37188BB - mov r14,[rsp+40]
whatever.exe+37188C0 - mov [rdi+000000D4],eax
whatever.exe+37188C6 - mov [rdi+000000E0],ebp
whatever.exe+37188CC - mov rbp,[rsp+60]
>>>whatever.exe+37188D1 - mov [rdi+000000E4],r13d
whatever.exe+37188D8 - mov r13,[rsp+48]
whatever.exe+37188DD - mov [rdi+000000E8],r12l
whatever.exe+37188E4 - mov r12,[rsp+50]
whatever.exe+37188E9 - mov [rdi+000000EC],bx
whatever.exe+37188F0 - mov rax,[rdi+00001338]
whatever.exe+37188F7 - mov rcx,[rax+00000840]
|
with all the jumps, i'm not able to know what has written the register r13 before it was used at whatever.exe+37188D1 i obviously doubt its the right way to do this, but i tried to put a breakpoint at the closest top ^ instruction that writes r13 and follow it until whatever.exe+37188D1 which took forever  , and i probably missed the right instruction on the way...
I'm pretty sure a feature like this exists in CE to make things easier, but i don't know which one... if anyone know a good tut, please, share!
Thanks buds! |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25820
Location: The netherlands
|
| Posted: Thu Dec 29, 2016 3:38 am Post subject: |
|
|
"break and trace" perhaps
anyhow, what is your intention when you do know it?
As you said it's an UI value, so not the original, and looking at that code and you saying you get it 20 times a second, it's an network packet you've received, and your state is being updated to reflect what the server thinks it is.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
elusiveness
Newbie cheater
Reputation: 1
Joined: 16 Feb 2016
Posts: 22
|
| Posted: Thu Dec 29, 2016 4:11 am Post subject: |
|
|
| Quote: | | anyhow, what is your intention when you do know it? |
I just want to reach back the point where i can find something like
add r13, xxx
Or something close to it in order to know what [address] or register was added to r13 so i know what value i should search for.
| Quote: | | As you said it's an UI value, so not the original, and looking at that code and you saying you get it 20 times a second, it's an network packet you've received, and your state is being updated to reflect what the server thinks it is. |
Its not really a MP Game, and it only happens when a given windows is open, i've checked, and there is no real packet burst while this windows is open. still some values are saved server side on this game, but i doubt this one is part of these, but i'm just a scrub lmao  . Can you enlighten me, and tell me what make you belive this?
| Quote: | | "break and trace" perhaps |
Thank you very much, is there a good expression to find my instruction with the search option? RIP==xx37188D1 do not work?
edit: nvm found a good youtube tut here: watch?v=NOOWl1eOMKA |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25820
Location: The netherlands
|
| Posted: Thu Dec 29, 2016 5:08 am Post subject: |
|
|
this code looks like it's mainly a copy operation from a stored memory buffer to the location in memory. That's why I think this is server sided
Anyhow, for the stop condition
| Code: |
RIP==getAddress('whatever.exe+37188D1')
|
(or instead of getAddress just use 0x37188D1+whatever.exe. Calculate that yourself first)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
elusiveness
Newbie cheater
Reputation: 1
Joined: 16 Feb 2016
Posts: 22
|
| Posted: Thu Dec 29, 2016 5:45 am Post subject: |
|
|
| Dark Byte wrote: | | this code looks like it's mainly a copy operation from a stored memory buffer to the location in memory. That's why I think this is server sided |
Do you mean its a kind of a downloaded code, and its writted here on the memory from some sort of network buffer? ehh  
| Dark Byte wrote: |
Anyhow, for the stop condition
| Code: |
RIP==getAddress('whatever.exe+37188D1')
|
(or instead of getAddress just use 0x37188D1+whatever.exe. Calculate that yourself first) |
Awesome! thank you! |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
