Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


no offset when search base pointer

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
mben
Newbie cheater
Reputation: 0

Joined: 20 Jan 2018
Posts: 14

PostPosted: Mon Feb 05, 2018 4:17 pm    Post subject: no offset when search base pointer Reply with quote

why when i search the offset of the pointer, return instructions without offset?

i am searching some base address from rise of tomb raider, and when i try to search the pointer came insdtructions like

mov ebx,[r9]<- wat offset i use? this ting keep me away from my goal. any idea?

thanks in advance
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Mon Feb 05, 2018 4:27 pm    Post subject: Reply with quote

From tutorial step 6 wrote:
If the assembler instruction has a calculation (e.g: [esi+12]) at the end then type the value in that's at the end. else leave it 0.
just like in math [x] is the same as [x+0].
Back to top
View user's profile Send private message
mben
Newbie cheater
Reputation: 0

Joined: 20 Jan 2018
Posts: 14

PostPosted: Mon Feb 05, 2018 4:56 pm    Post subject: Reply with quote

FreeER wrote:
From tutorial step 6 wrote:
If the assembler instruction has a calculation (e.g: [esi+12]) at the end then type the value in that's at the end. else leave it 0.
just like in math [x] is the same as [x+0].


ithanks by reply, but if i make that, that keep me searching in circles
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Mon Feb 05, 2018 5:05 pm    Post subject: Reply with quote

perhaps look in the code above it and see if r9 is set with something like lea r9, [r8+14]
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Mon Feb 05, 2018 5:09 pm    Post subject: Reply with quote

mben wrote:
ithanks by reply, but if i make that, that keep me searching in circles


don't mix up the VALUE of a pointer with the ADDRESS of a pointer

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
mben
Newbie cheater
Reputation: 0

Joined: 20 Jan 2018
Posts: 14

PostPosted: Mon Feb 05, 2018 5:23 pm    Post subject: Reply with quote

Dark Byte wrote:
mben wrote:
ithanks by reply, but if i make that, that keep me searching in circles


don't mix up the VALUE of a pointer with the ADDRESS of a pointer


thanks by answer @Dark Byte i mean, by example, the address with the value is AFDCC5
IF i make what acces to this address, the instruction return something like this mov r8,[r8] where r8 have this value AFDCC5 what i have to make in this case? thanks in advance by help a noob like me
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Mon Feb 05, 2018 5:30 pm    Post subject: Reply with quote

in that case the original value of r8 is whatever address you are checking.

Eg. if you have the address 0xDEADBEEF and you find that instruction then the original value of r8 had to be 0xDEADBEEF or it could not have read from the address 0xDEADBEEF and therefore would not have shown up in the list (exceptions for instructions that affect multiple addresses like sse packed float/double moves but I'm not sure of any off the top of my head that'd actually use the same register like this). If there's an offset eg. mov r8, [r8+F] then it's the address minus the offset eg. 0xDEADBEEF - 0xF = 0xDEADBEE0.

If you're really feeling lazy you can open the disassembler for that instruction and set a breakpoint and see the value before the instruction is executed, but if it's an instruction that affects multiple addresses that's likely to break for something else so you'd need to set a conditional breakpoint at which point you could just do the calculation (by opening a calculator or using the lua engine window if nothing else).

edit: also, the more information window might show it properly in the "the address is probably..." part, not actually sure though
Back to top
View user's profile Send private message
mben
Newbie cheater
Reputation: 0

Joined: 20 Jan 2018
Posts: 14

PostPosted: Mon Feb 05, 2018 5:34 pm    Post subject: Reply with quote

FreeER wrote:
in that case the original value of r8 is whatever address you are checking.

Eg. if you have the address 0xDEADBEEF and you find that instruction then the original value of r8 had to be 0xDEADBEEF or it could not have read from the address 0xDEADBEEF and therefore would not have shown up in the list (exceptions for instructions that affect multiple addresses like sse packed float/double moves but I'm not sure of any off the top of my head that'd actually use the same register like this). If there's an offset eg. mov r8, [r8+F] then it's the address minus the offset eg. 0xDEADBEEF - 0xF = 0xDEADBEE0.

If you're really feeling lazy you can open the disassembler for that instruction and set a breakpoint and see the value before the instruction is executed, but if it's an instruction that affects multiple addresses that's likely to break for something else so you'd need to set a conditional breakpoint at which point you could just do the calculation (by opening a calculator or using the lua engine window if nothing else).


thanks by your help, i dont feel lazy maybe something lost sometimes :$ i will try looking more deep the in the assembly code, thanks a lot by help me
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites