| View previous topic :: View next topic |
| Author |
Message |
blaziken1991
How do I cheat?
![]() Reputation: 0
Joined: 04 Mar 2019
Posts: 5
|
 Posted: Mon Mar 04, 2019 12:12 pm Post subject: Need help with finding hex address |
 |
|
Hello,
I need to find address in HxD editor of certain value and all I know is that this value address is 13FFE0058 in Cheat Engine.
Could someone help me finding this address in HxD? I woud like to change it's value from 0 -> 1 permanently.
I could find 13FFE00 address in HxD but there is no 58 anywhere.
Thanks.
|
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Mon Mar 04, 2019 1:24 pm Post subject: |
|
|
it could be simpler if you find the offset from module data, then using CFF explorer or similar tools to look at data sections.
if data is readable and writable then it should be in .data section, otherwise its readable and it will be inside .rdata.
section names can be changed to anything, so its better to look at optional header to find RVA to data and section flags.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
salumor
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jan 2019
Posts: 87
|
| Posted: Mon Mar 04, 2019 1:27 pm Post subject: |
|
|
Are you sure about that address? 36 Bits is .... imo very unlikely. This often indicates to an actual 4 Byte address, and the first 4 Bits dropped. So it would be 3F FE 00 58.
EDIT: I just noticed - you did see something at (i guess 1 3F FE 00 00? or was it rly just 1 3F FE 00?). You could basically check, if it's a 32Bit game/app or 64 if you didn't check now. Easiest ways: Check for opcodes that indicate 64Bit (rax, r11 & Co), or use Task Manager, check Details tab, locate Process and Platform row.
Btw. Why do you need HxD to make it permanent? You can also Patch with CE.
|
|
| Back to top |
|
|
blaziken1991
How do I cheat?
![]() Reputation: 0
Joined: 04 Mar 2019
Posts: 5
|
| Posted: Mon Mar 04, 2019 1:59 pm Post subject: |
|
|
| salumor wrote: | Are you sure about that address? 36 Bits is .... imo very unlikely. This often indicates to an actual 4 Byte address, and the first 4 Bits dropped. So it would be 3F FE 00 58.
EDIT: I just noticed - you did see something at (i guess 1 3F FE 00 00?). You could basically check, if it's a 32Bit game/app or 64 if you didn't check now. Easiest ways: Check for opcodes that indicate 64Bit (rax, r11 & Co), or use Task Manager, check Details tab, locate Process and Platform row.
Btw. Why do you need HxD to make it permanent? You can also . |
Hey. Thanks for reply,
I am not sure about anything tbh. I've used CE only few times in my life.
I've found ready to go mod for Dark Souls 3 which enables poise feature (its turned off by default by devs for whatever dumb reason).
This mod is just prepared command for CE which have address
I have no idea how to make this change permanently but from what I've read you cant do it via Cheat Engine. If you don't mind helping me I would appreciate help 
i.ibb.co/XCMS8Xv/ds.png
this is a code to change value
Last edited by blaziken1991 on Mon Mar 04, 2019 2:03 pm; edited 1 time in total |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Mon Mar 04, 2019 1:59 pm Post subject: |
|
|
| salumor wrote: | Are you sure about that address? 36 Bits is .... imo very unlikely. This often indicates to an actual 4 Byte address, and the first 4 Bits dropped. So it would be 3F FE 00 58.
Btw. Why do you need HxD to make it permanent? You can also Patch with CE. |
it wouldnt be 3F FE 00 58 (wrong), VA is different from raw address. (or file offset)
he should look at the offset from section base, also i assumed the address and it value are within the module. (if its dynamic, then more work is required)
a comment:
patching permanently using CE is difficult (CE is bad when it comes to patching exe's)
if its for personal use then do a temporary patch (and save as a cheat table), and if you are going to distribute it (the executable) then yeah a permanent patch is required.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
blaziken1991
How do I cheat?
![]() Reputation: 0
Joined: 04 Mar 2019
Posts: 5
|
| Posted: Mon Mar 04, 2019 2:05 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | | salumor wrote: | Are you sure about that address? 36 Bits is .... imo very unlikely. This often indicates to an actual 4 Byte address, and the first 4 Bits dropped. So it would be 3F FE 00 58.
Btw. Why do you need HxD to make it permanent? You can also . |
it wouldnt be 3F FE 00 58 (wrong), VA is different from raw address. (or file offset)
he should look at the offset from section base, also i assumed the address and it value are within the module. (if its dynamic, then more work is required)
a comment:
patching permanently using CE is difficult (CE is bad when it comes to patching exe's)
if its for personal use then do a temporary patch (and save as a cheat table), and if you are going to distribute it (the executable) then yeah a permanent patch is required. |
personal use only, I just don't want to turn on CE everytime I open a game to activate this "cheat"
Sorry I am not pro in CE so I need more clear tips what to do
i.ibb.co/XCMS8Xv/ds.png
I think this is cheat table you are mentioning .CT extension.
this is code from mod I downloaded, I have to change value from 0 to 1 here.
i.ibb.co/BL1CzDW/sss.png
I am assuming its not same address as in CE?
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Mon Mar 04, 2019 2:20 pm Post subject: |
|
|
no, not the same.
and the cheat table you have sets the 5th bit (turning it from 0 to 1), you could see how that table work (where they got the address from) and do something similar using CFF or any tool.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
blaziken1991
How do I cheat?
![]() Reputation: 0
Joined: 04 Mar 2019
Posts: 5
|
| Posted: Mon Mar 04, 2019 2:28 pm Post subject: |
|
|
| Quote: | no, not the same.
and the cheat table you have sets the 5th bit (turning it from 0 to 1), you could see how that table work (where they got the address from) and do something similar using CFF or any tool. |
Can't I find somewhere in that table address to hex so I can change it permanently in HxD?
All I want is to make this change permanent not temporary.
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Mon Mar 04, 2019 2:36 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | | VA is different from raw address. (or file offset) |
VA: Virtual Address
also read my first post.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
blaziken1991
How do I cheat?
![]() Reputation: 0
Joined: 04 Mar 2019
Posts: 5
|
| Posted: Mon Mar 04, 2019 2:42 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | | OldCheatEngineUser wrote: | | VA is different from raw address. (or file offset) |
VA: Virtual Address
also read my first post. |
I didnt understand a thing from your first post
like I said I am not using those programms often so I am not similar with them
"module data" "data sections" "r.data" "RVA" "section flags"
0 idea what it does even mean.
|
|
| Back to top |
|
|
salumor
Advanced Cheater
![]() Reputation: 0
Joined: 14 Jan 2019
Posts: 87
|
| Posted: Mon Mar 04, 2019 2:46 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | it wouldnt be 3F FE 00 58 (wrong), VA is different from raw address. (or file offset)
he should look at the offset from section base, also i assumed the address and it value are within the module. (if its dynamic, then more work is required)
a comment:
patching permanently using CE is difficult (CE is bad when it comes to patching exe's) |
Yeah it would be just in CE during that time. 2 major mistakes: 1st) I didn't know it's DS3. That indeed does seem to be 64 Bit game.
2nd) I am drunk. So I for whatever reason I mixed up tools a bit. I always did patch with x96dbg, not CE. *facepalm*
So generally OldCE is right, the Offset is def. the most interesting. The question may remains as I read into the area if a static pointer has been found or if there is more work needed to be done.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
