Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help seperating me from enimes

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
pharaon
Advanced Cheater
Reputation: 1

Joined: 29 Jun 2012
Posts: 80

PostPosted: Fri Sep 07, 2018 6:47 am    Post subject: Help seperating me from enimes Reply with quote

game is Stronghold Crusader 2 - The Jackal and The Khan

the opcode that write my Gold and enemies Gold is

Code:
StrongholdBase.StrongholdBase::Estate::GetKeep+2A09 - fmul dword ptr [ebp-14]


and that opcode write to only one address that it's value changing continuously
so i can't compare addressee's offsets to separate me from enemies

and when i find our what writes to this address there were too many opcodes that write to this address



Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Fri Sep 07, 2018 10:53 am    Post subject: Reply with quote

sounds like you picked the wrong address.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
pharaon
Advanced Cheater
Reputation: 1

Joined: 29 Jun 2012
Posts: 80

PostPosted: Fri Sep 07, 2018 10:57 am    Post subject: Reply with quote

i back trace it and it's the right one
when i back trace further i get mov ebp,esp

and when i inject it with mov [ebp-14],(float)999
it write the new value for me and the enemies as well

and i don't know how to get my entity address
when i did dissect data for that address all what i get is pointers that it's values keep changing continuously

any idea how to get my entity address
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Fri Sep 07, 2018 11:07 am    Post subject: Reply with quote

still, you can go back in subroutines.
i cant help you much by just writing here, but there are many ways to compare.

- stack
- registers
- memory locations
- other constants related to player

tools:
- dissect data / structure
- dissect compare
- structure spider
...

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
pharaon
Advanced Cheater
Reputation: 1

Joined: 29 Jun 2012
Posts: 80

PostPosted: Fri Sep 07, 2018 11:16 am    Post subject: Reply with quote

correct me if i understand wrong
[ebp-14] is the stack back tracing
further will be mov ebp,esp
further will be add esp,28<<<and that is before the call of
push ebp
mov ebp,esp function

and i get nothing of add esp,28

now how can compare registers from only one address "0123F5C0"
that opcode write to only one address and not only that opcode but hundreds of opcodes write to the same address "0123F5C0"

so do you have any idea or tutorial for such situation to get my entity address
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 20

Joined: 01 Feb 2016
Posts: 1586

PostPosted: Fri Sep 07, 2018 11:27 am    Post subject: Reply with quote

pharaon wrote:
that opcode write to only one address and not only that opcode but hundreds of opcodes write to the same address "0123F5C0"

this cant be right for the real address/value

pharaon wrote:
i back trace it and it's the right one
when i back trace further i get mov ebp,esp

yes, even if the graphical / temp-storage value is back-traced will lead you to the real-value. (only if the real-value gets updated before the graphical / temp-storage value)

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote:
i am a sweetheart.
Back to top
View user's profile Send private message Visit poster's website
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8515
Location: 127.0.0.1

PostPosted: Fri Sep 07, 2018 12:01 pm    Post subject: Reply with quote

[ebp-14] and '0123F5C0' are stack address space based on that info which is not going to be the address you would want to use for actual entity information. Instead, it is something that is just being either allocated or passed around on the stack, so you'd want to trace back further to find where the stack's value is being set. (Breaking on a stack address like you did is going to yield you with tons and tons of usages like your pic shows because everything is using that address.)
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
pharaon
Advanced Cheater
Reputation: 1

Joined: 29 Jun 2012
Posts: 80

PostPosted: Fri Sep 07, 2018 12:05 pm    Post subject: Reply with quote

atom0s wrote:
[ebp-14] and '0123F5C0' are stack address space based on that info which is not going to be the address you would want to use for actual entity information. Instead, it is something that is just being either allocated or passed around on the stack, so you'd want to trace back further to find where the stack's value is being set. (Breaking on a stack address like you did is going to yield you with tons and tons of usages like your pic shows because everything is using that address.)


so what should i do then
as i said i back trace to push ebp
mov ebp,esp

and before that call there's add,esp,28

it's too many calls and on the start of every call is
push ebp
move ebp,esp

so how can i know which is the right since all esp registers is only address with very different value
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8515
Location: 127.0.0.1

PostPosted: Fri Sep 07, 2018 12:14 pm    Post subject: Reply with quote

push ebp
mov ebp, esp

Is just the function prologue preparing the stack and such for use in that function scope.

fmul dword ptr [ebp-14] would be a parameter passed to the function you are currently in, so you'd try to find the start of the func, breakpoint there and find what calls it. Then you should have the call to that function plus any pushes beforehand to find the arguments being passed to the function.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
pharaon
Advanced Cheater
Reputation: 1

Joined: 29 Jun 2012
Posts: 80

PostPosted: Fri Sep 07, 2018 12:28 pm    Post subject: Reply with quote

atom0s wrote:
push ebp
mov ebp, esp

Is just the function prologue preparing the stack and such for use in that function scope.

fmul dword ptr [ebp-14] would be a parameter passed to the function you are currently in, so you'd try to find the start of the func, breakpoint there and find what calls it. Then you should have the call to that function plus any pushes beforehand to find the arguments being passed to the function.


ok i did it previously so my question is what arguments am i suppose to find in beforehand pushes?
is it the amount of my Gold or and address that the Gold amount stored in it
one other thing is that the Gold is encrypted in this game
when i search for the display value address it was nothing related tot he display amount it with totally different value that i find through change/unchanged value

so the most important question for me is what arguments should i be looking for in the previously pushes
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites