| View previous topic :: View next topic |
| Author |
Message |
deama1234
Master Cheater
![]() Reputation: 3
Joined: 20 Dec 2014
Posts: 328
|
 Posted: Tue Sep 01, 2015 12:02 pm Post subject: Access value with lots of pointers in the way? |
 |
|
Let's say we have "mov [eax],ebx"; I then check out the structure of "eax"; which looks like:
| Code: | 0000 -- 4 bytes -- 10
0004 -- 4 bytes -- 12
0008 -- pointer -- 0123456F
>0000 -- 4 bytes -- 10
>0004 -- 4 bytes -- 12
>0008 -- pointer -- 0156FFFF
>>0000 -- 4 bytes -- 10
>>0004 -- 4 bytes -- 12
>>0008 -- pointer -- 0156FDFF
>>>0000 -- 4 bytes -- 10
>>>0004 -- 4 bytes -- 12
>>>0008 -- pointer -- 0156FDFA
>>>>0000 -- 4 bytes -- 10
>>>>0004 -- 4 bytes -- 12
>>>>0008 -- pointer -- 015BFDFF
>>>>>0000 -- 4 bytes -- 10
>>>>>0004 -- 4 bytes -- 99 // I wanna get this part |
How do I get to "99"?
One way of doing it I think is to get two registers and swap between them until you get to "99"; but if I do it too often it then doesn't work and keeps crashing the game.
E.g.
| Code: | mov ebx [eax+08]
mov ecx [ebx+08]
mov ebx [ecx+08]
mov ecx [ebx+08] //games start crashing around here
... |
So is there an "easier way" of doing this? Or at least a way that doesn't crash games?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25288
Location: The netherlands
|
| Posted: Tue Sep 01, 2015 4:11 pm Post subject: |
|
|
try adding checks if a register is 0
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Smellyhobo101
Newbie cheater
![]() Reputation: 0
Joined: 21 Sep 2014
Posts: 23
|
| Posted: Wed Sep 02, 2015 8:37 am Post subject: |
|
|
I don't think you need to swap registers. Try like this?
| Code: |
mov ebx [eax+08]
mov ebx [ebx+08]
mov ebx [ebx+08]
mov ebx [ebx+08]
|
It might be easier to look at the code that accesses the "99" value and inject there to get your final pointer.
|
|
| Back to top |
|
|
deama1234
Master Cheater
![]() Reputation: 3
Joined: 20 Dec 2014
Posts: 328
|
| Posted: Wed Sep 02, 2015 9:04 am Post subject: |
|
|
| Dark Byte wrote: | | try adding checks if a register is 0 |
Still seems to crash.
| Smellyhobo101 wrote: | I don't think you need to swap registers. Try like this?
| Code: |
mov ebx [eax+08]
mov ebx [ebx+08]
mov ebx [ebx+08]
mov ebx [ebx+08]
|
It might be easier to look at the code that accesses the "99" value and inject there to get your final pointer. |
Well, that works; makes it less confusing lol. Still crashes though.
EDIT: I'm testing this on a game maker game, could it be that?
|
|
| Back to top |
|
|
Smellyhobo101
Newbie cheater
![]() Reputation: 0
Joined: 21 Sep 2014
Posts: 23
|
| Posted: Wed Sep 02, 2015 9:38 am Post subject: |
|
|
I think what dark byte is suggesting is that the pointer chain is breaking somewhere. I've seen pointers that will randomly flicker to different values. One of your pointers may be pointing to unallocated memory momentarily. Which i think would cause a crash.
Could be something else. Where is this code being executed? If you're injecting somewhere you need to preserve the value of ebx and restore it later.
|
|
| Back to top |
|
|
deama1234
Master Cheater
![]() Reputation: 3
Joined: 20 Dec 2014
Posts: 328
|
| Posted: Wed Sep 02, 2015 10:33 am Post subject: |
|
|
Ah, yes; the chain is broken by another address, though it happens less frequently; must've missed it.
Thanks guys.
|
|
| Back to top |
|
|
Rydian
Grandmaster Cheater Supreme
 Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Wed Sep 02, 2015 2:14 pm Post subject: |
|
|
So are you just after that final structure? If so you could find some code that works off of that structure and change the code to copy the base address out to a some new memory with a label.
http://forum.cheatengine.org/viewtopic.php?t=572465
Method 2 here, injection copies.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
