View previous topic :: View next topic |
Author |
Message |
pharaon Advanced Cheater Reputation: 1
Joined: 29 Jun 2012 Posts: 80
|
Posted: Fri Sep 07, 2018 6:47 am Post subject: Help seperating me from enimes |
|
|
game is Stronghold Crusader 2 - The Jackal and The Khan
the opcode that write my Gold and enemies Gold is
Code: | StrongholdBase.StrongholdBase::Estate::GetKeep+2A09 - fmul dword ptr [ebp-14]
|
and that opcode write to only one address that it's value changing continuously
so i can't compare addressee's offsets to separate me from enemies
and when i find our what writes to this address there were too many opcodes that write to this address
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Fri Sep 07, 2018 10:53 am Post subject: |
|
|
sounds like you picked the wrong address.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
pharaon Advanced Cheater Reputation: 1
Joined: 29 Jun 2012 Posts: 80
|
Posted: Fri Sep 07, 2018 10:57 am Post subject: |
|
|
i back trace it and it's the right one
when i back trace further i get mov ebp,esp
and when i inject it with mov [ebp-14],(float)999
it write the new value for me and the enemies as well
and i don't know how to get my entity address
when i did dissect data for that address all what i get is pointers that it's values keep changing continuously
any idea how to get my entity address
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Fri Sep 07, 2018 11:07 am Post subject: |
|
|
still, you can go back in subroutines.
i cant help you much by just writing here, but there are many ways to compare.
- stack
- registers
- memory locations
- other constants related to player
tools:
- dissect data / structure
- dissect compare
- structure spider
...
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
pharaon Advanced Cheater Reputation: 1
Joined: 29 Jun 2012 Posts: 80
|
Posted: Fri Sep 07, 2018 11:16 am Post subject: |
|
|
correct me if i understand wrong
[ebp-14] is the stack back tracing
further will be mov ebp,esp
further will be add esp,28<<<and that is before the call of
push ebp
mov ebp,esp function
and i get nothing of add esp,28
now how can compare registers from only one address "0123F5C0"
that opcode write to only one address and not only that opcode but hundreds of opcodes write to the same address "0123F5C0"
so do you have any idea or tutorial for such situation to get my entity address
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Fri Sep 07, 2018 11:27 am Post subject: |
|
|
pharaon wrote: | that opcode write to only one address and not only that opcode but hundreds of opcodes write to the same address "0123F5C0" |
this cant be right for the real address/value
pharaon wrote: | i back trace it and it's the right one
when i back trace further i get mov ebp,esp |
yes, even if the graphical / temp-storage value is back-traced will lead you to the real-value. (only if the real-value gets updated before the graphical / temp-storage value)
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8515 Location: 127.0.0.1
|
Posted: Fri Sep 07, 2018 12:01 pm Post subject: |
|
|
[ebp-14] and '0123F5C0' are stack address space based on that info which is not going to be the address you would want to use for actual entity information. Instead, it is something that is just being either allocated or passed around on the stack, so you'd want to trace back further to find where the stack's value is being set. (Breaking on a stack address like you did is going to yield you with tons and tons of usages like your pic shows because everything is using that address.)
_________________
- Retired. |
|
Back to top |
|
|
pharaon Advanced Cheater Reputation: 1
Joined: 29 Jun 2012 Posts: 80
|
Posted: Fri Sep 07, 2018 12:05 pm Post subject: |
|
|
atom0s wrote: | [ebp-14] and '0123F5C0' are stack address space based on that info which is not going to be the address you would want to use for actual entity information. Instead, it is something that is just being either allocated or passed around on the stack, so you'd want to trace back further to find where the stack's value is being set. (Breaking on a stack address like you did is going to yield you with tons and tons of usages like your pic shows because everything is using that address.) |
so what should i do then
as i said i back trace to push ebp
mov ebp,esp
and before that call there's add,esp,28
it's too many calls and on the start of every call is
push ebp
move ebp,esp
so how can i know which is the right since all esp registers is only address with very different value
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8515 Location: 127.0.0.1
|
Posted: Fri Sep 07, 2018 12:14 pm Post subject: |
|
|
push ebp
mov ebp, esp
Is just the function prologue preparing the stack and such for use in that function scope.
fmul dword ptr [ebp-14] would be a parameter passed to the function you are currently in, so you'd try to find the start of the func, breakpoint there and find what calls it. Then you should have the call to that function plus any pushes beforehand to find the arguments being passed to the function.
_________________
- Retired. |
|
Back to top |
|
|
pharaon Advanced Cheater Reputation: 1
Joined: 29 Jun 2012 Posts: 80
|
Posted: Fri Sep 07, 2018 12:28 pm Post subject: |
|
|
atom0s wrote: | push ebp
mov ebp, esp
Is just the function prologue preparing the stack and such for use in that function scope.
fmul dword ptr [ebp-14] would be a parameter passed to the function you are currently in, so you'd try to find the start of the func, breakpoint there and find what calls it. Then you should have the call to that function plus any pushes beforehand to find the arguments being passed to the function. |
ok i did it previously so my question is what arguments am i suppose to find in beforehand pushes?
is it the amount of my Gold or and address that the Gold amount stored in it
one other thing is that the Gold is encrypted in this game
when i search for the display value address it was nothing related tot he display amount it with totally different value that i find through change/unchanged value
so the most important question for me is what arguments should i be looking for in the previously pushes
|
|
Back to top |
|
|
|