Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Trying to find pointers to static address

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
oddgamer
Cheater
Reputation: 0

Joined: 19 Jan 2013
Posts: 34

PostPosted: Mon May 13, 2019 11:37 pm    Post subject: Trying to find pointers to static address Reply with quote

Okies, got a game, I can find the value, I can edit it successfully. There's sort of 'two' spots involved, one being a whole number in Double and the other a decimal value in Double (as far as I can tell all numbers are in Double in this thing), with the double counting from the prior value to very very near the new one. Deciding to focus first on the whole number, I did a 'what accesses this address'. Changing the value (XP, incidentally) I found a 'copy memory' type address:

014155CE - C7 47 08 00000000 - mov [edi+08],00000000
014155D5 - C7 47 0C 05000000 - mov [edi+0C],00000005
014155DC - C7 07 00000000 - mov [edi],00000000 <<
014155E2 - 8B 46 0C - mov eax,[esi+0C]
014155E5 - 89 47 0C - mov [edi+0C],eax

EAX=FFFFFFFF
EBX=00000001
ECX=00000000
EDX=39BE83BC
ESI=0056D780
EDI=0E2C1520
ESP=0056D714
EBP=0056D780
EIP=014155E2

Doing a search for the 4-byte value of EDI (0E2C1520) got me a single address, but not a green static one. Okies. So I'm looking for another link. Searching for this one, though, all I get are two really similar 'copy memory' types (even after gaining XP), one of which looks like this.

0141E4A5 - 85 C0 - test eax,eax
0141E4A7 - 74 08 - je Forager.exe+8CE4B1
0141E4A9 - 8B 00 - mov eax,[eax] <<
0141E4AB - 5F - pop edi
0141E4AC - 5E - pop esi

EAX=0E2C1520
EBX=0000032B
ECX=00000234
EDX=39BE83BC
ESI=0DFC0840
EDI=0F8D6DF8
ESP=0056DB30
EBP=0056EFBC
EIP=0141E4AB

Which, if I'm reading this right is telling me to... look for the same value again?? Am I doing something wrong?
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 17

Joined: 01 Feb 2016
Posts: 1543

PostPosted: Tue May 14, 2019 8:35 am    Post subject: Reply with quote

cheat engine show registers after being updated, either look couple instructions above and see what is being moved to eax or place a breakpoint on mov eax,[eax].
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Back to top
View user's profile Send private message Visit poster's website
Dark Byte
Site Admin
Reputation: 378

Joined: 09 May 2003
Posts: 22549
Location: The netherlands

PostPosted: Tue May 14, 2019 11:10 am    Post subject: Reply with quote

Don't look at the registers, only look at the instruction

You did find what accesses on address XXXXXXXX
that showed that the instruction in blabla yyy,[zzz] which can be rewritten as blabla yyy,[zzz+00000000]

so, the offset is 0

so, then do a search for the value of XXXXXXXX-0


Link

at 4:00 for an example where no register values are used

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
OldCheatEngineUser
Whateven rank
Reputation: 17

Joined: 01 Feb 2016
Posts: 1543

PostPosted: Wed May 15, 2019 10:01 am    Post subject: Reply with quote

db is that your channel?
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Back to top
View user's profile Send private message Visit poster's website
Dark Byte
Site Admin
Reputation: 378

Joined: 09 May 2003
Posts: 22549
Location: The netherlands

PostPosted: Fri May 17, 2019 12:18 am    Post subject: Reply with quote

yes
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites