|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
mdockz Cheater Reputation: 0
Joined: 24 Feb 2013 Posts: 41
|
Posted: Fri Aug 04, 2017 12:16 am Post subject: reading registers |
|
|
So I am trying to read a specific register's values at a specific address.
I've hooked into the function and registered a symbol so i can view the data in memory.
is this the best way to do this, without attatching any debuggers.
Thanks.
Here is snippet frrom my script:
Code: |
push ebx //dunno if i should do this when i access registers, i dont want to destroy information that may already supposed to be there.
mov ebx,[esi]
mov [info],ebx
mov ebx,dword ptr [esi+00000004]
mov [info+00000004],ebx
mov ebx,dword ptr [esi+00000008]
mov [info+00000008],ebx
mov ebx,dword ptr [esi+0000000C]
mov [info+0000000C],ebx
mov ebx,dword ptr [esi+00000010]
mov [info+00000010],ebx
mov ebx,dword ptr [esi+00000014]
mov [info+00000014],ebx
mov ebx,dword ptr [esi+00000018]
mov [info+00000018],ebx
mov ebx,dword ptr [esi+0000001C]
mov [info+0000001C],ebx
mov ebx,dword ptr [esi+00000020]
mov [info+00000020],ebx
mov ebx,dword ptr [esi+00000024]
mov [info+00000024],ebx
mov ebx,dword ptr [esi+00000028]
mov [info+00000028],ebx
mov ebx,dword ptr [esi+0000002C]
mov [info+0000002C],ebx
mov ebx,dword ptr [esi+00000030]
mov [info+00000030],ebx
mov ebx,00000000 //dunno if this is to make sure i dont alter data
pop ebx //<----------- or this
|
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Fri Aug 04, 2017 9:11 am Post subject: |
|
|
looks like you're copying from a structure pointed to by esi, not just a register. So, assuming it only has 1 value not say 1 for every enemy in the game, or you only care about the player's etc., you could probably just note down the address in esi and then open that in the data dissector (check tools in the memory viewer).
If it does change and you care about all of them then you could still use the data dissector by checking what addresses an instruction accesses (one that uses esi) and then you can select all of those addresses in the window and right click to open them in a data dissector window.
Oh, and it's the pop ebx that restores the pushed value, moving 0 into it would change the value to 0 regardless of what it was originally. |
|
Back to top |
|
|
mdockz Cheater Reputation: 0
Joined: 24 Feb 2013 Posts: 41
|
Posted: Fri Aug 04, 2017 7:21 pm Post subject: |
|
|
yea i changed it to 0 so that there is no overlapping information (if that would even happen, idk) i just thought it would be to make sure its safely removes all info im putting there, then pop ebx afterwards to restore the pushed value back to ebx.
but i understand what your saying about checking what accesses that instruction but that would attatch the debugger which i dont want to do. Also wouldnt dissecting the data also attatch the debugger?
Thanks. |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Fri Aug 04, 2017 7:31 pm Post subject: |
|
|
Quote: | i just thought it would be to make sure its safely removes all info im putting there | it's unnecessary, all you need is the pop.
Quote: | Also wouldnt dissecting the data also attatch the debugger | Nope. It's much like adding addresses to the address list except that instead of just showing the first 4 bytes at that address it can show a large number of bytes separated into different elements (much like adding an address to the address list then adding another that's 4 bytes after that and then another 4 bytes after that... as many times as you wanted). |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|