Cheat Engine

Molgos · How do I cheat? Reputation: 0 Joined: 22 Apr 2016 Posts: 2

Hi, sorry, my question is probably stupid, but can you help me with a asm script ?

The original code is :
originalcode:
mov [edi],edx
mov eax,[esi+1C]

If i add this after :
mov [myprog.exe+3B3444], edi

I've got on cheat engine, this value for [myprog.exe+3B3444] = 876602800 (= 0x343FE5B0)
(Not a fixed one, it can probably change)
But it's not what i want, i want into myprog.exe+3B3444, the same value than in 0x343FE5B0
Any idea how to do it ?

Thanks.

++METHOS · Posted: Fri Apr 22, 2016 4:26 pm Post subject:

Please rephrase your question. I have no idea what you're asking.

Molgos · How do I cheat? Reputation: 0 Joined: 22 Apr 2016 Posts: 2

I will try to put screenshot to explain but i don't have the right to post screenshot, so please remplace [dot] by a dot.

imgur[dot]com/a/kBvQe

On my prog, 0x3355E5B0 got this value : 1052366
[See first screenshot]
(It's not always 0x3355E5B0 who hold it, and the value change constantly)

So, if i get what's write to this adress i got that :
[See 2nd screenshot]

I want to stock the same value that go on 0x3355E5B0 on an other variable, i can use prog+3B3444 to hold it. (So, in this instance i want that prog+3B3444 got the value 1052366 on the first screenshot)

[See 3nd screenshot]
If i execute this injection, where i added : mov [prog+3B3444], edi after the original code, i've got this value on [prog+3B3444] : 861267376

[See last screenshot]
861267376 decimal = 0x3355E5B0, so that's the adress of the first screenshot.
How can i change the asm to put on [prog+3B3444] the current value (1052366) of 0x3355E5B0 instead of the adress itself ?

++METHOS · Posted: Fri Apr 22, 2016 7:22 pm Post subject:

Please use a different image site...imgur sucks and I can't view the pictures without allowing hundreds of scripts first.

Have you completed the CE tutorial?

Thanks.

Molgos · How do I cheat? Reputation: 0 Joined: 22 Apr 2016 Posts: 2

tof.canardpc[dot]com/view/de08a844-4f9e-4169-bbb7-425b96f3b2f8.jpg

tof.canardpc[dot]com/view/0c093c67-0c02-4b94-8eae-978c273e00df.jpg

tof.canardpc[dot]com/view/0a3bc838-8181-4485-8905-33388d9b3e5d.jpg

tof.canardpc[dot]com/view/19c08e5f-865e-4860-a7ba-dc1a7ed43713.jpg

++METHOS · Posted: Fri Apr 22, 2016 9:45 pm Post subject:

ParkourPenguin · Posted: Fri Apr 22, 2016 9:49 pm Post subject:

Just look at the assembly code and you should see exactly what's wrong.
mov [edi],edx - moves the value in the edx register into the memory location at the address edi.

So, if you just want the value, use the edx register instead since that's the new value. However, it might be better to store the address like you are doing. Treating it like a pointer will make sure you can get values that are written to this address by another instruction. Of course, if you only care about the values this instruction writes to the address, then just pass it by value.