Cheat Engine

drdorianwhite · How do I cheat? Reputation: 0 Joined: 24 Dec 2011 Posts: 9

So, I'm trying to locate a static address that points (eventually) to the dynamic pointer that points to the data I'm interested in.

I followed a tut that showed me to use "Find out what accesses" and then do "More info" to find the register values at that instruction.

CE's suggestion was a register value (EDI) that held an address. I did a search through memory and found nothing for that pointer which made me sad.

The instruction that was accessing looked like this:

FSTP QWORD PTR DS:[EDI+4]

[EDI + 4] was the data (X position of my MMO game) that I wanted to find a static address to. CE said the value of EDI. The search led nowhere so I assumed that either I was totally messing up somehow, missing something, or that the address was calculated before being passed into the register...

The farthesst I could get was to see that the EDI register got its value from the ECX register at the beginning of the sub (fastcall i assume) so it was the value of the first parameter (EBP + 4? my assembly knowledge is really old).

Anyways, I'm looking for the best way to trace back to the static address at this point. The calling sub looks really messy and dont know the best/easiest method of searching for the proper address value that I need to reference to get my value and search for in order to hunt down the static address I so deserve to find Razz

atom0s · Posted: Sat Dec 24, 2011 4:12 pm Post subject:

You would want to add EDI's value to your table and pointer scan for that. But this isn't guaranteed to get you a static address. Especially with it being an MMO.

You could also look at where EDI is being set. Assuming its being passed from a param, set a break on the start of the function and look at the call stack for the return address (or follow it til it returns back to the previous function) to follow the flow back to the function that calls the one you have already.

drdorianwhite · How do I cheat? Reputation: 0 Joined: 24 Dec 2011 Posts: 9

cheers for pointing out the pointer scanner tool. I haven't used it before but get the gist of how it works. i get back a lot of results so, I guess I'm looking for the shortest route (lowest level) to the value im looking for and then test out each candidate by restarting the game and seeing if that static pointer will work...

One other question. I have 5 addresses that give my my x coordinate. so, this complicates things. do I just stick with one and work on that?

Dark Byte · Posted: Sat Dec 24, 2011 6:48 pm Post subject:

After a pointerscan restart the game and do a rescan with the previous pointerscan results
That will filter out the paths that only worked that one time

drdorianwhite · How do I cheat? Reputation: 0 Joined: 24 Dec 2011 Posts: 9

Dark Byte · Posted: Sat Dec 24, 2011 7:54 pm Post subject:

there is a rescan pointers option at the top of the pointerscan window
There fill in the new address (or value that the address contains)

drdorianwhite · How do I cheat? Reputation: 0 Joined: 24 Dec 2011 Posts: 9

btw, how do I load a pointscan file?

Dark Byte · Posted: Sat Dec 24, 2011 9:33 pm Post subject:

in the pointerscan window (you can get to it from memoryview ->tools)
click file->open

Geri · Moderator Reputation: 112 Joined: 05 Feb 2010 Posts: 5627

Maybe this will help a bit.

Link

drdorianwhite · How do I cheat? Reputation: 0 Joined: 24 Dec 2011 Posts: 9