 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Dameningen
How do I cheat?
![]() Reputation: 0
Joined: 01 Apr 2012
Posts: 4
|
 Posted: Sun Jul 08, 2012 3:07 pm Post subject: How to write value to an address while the op code is known? |
 |
|
Say, if I find out an op code that control my character's item slots, how could I directly change it's value by AA?
The code control the value is:
the initial value is 10, but I want it to be 25.
I tried:
but didn't work, more over, it crash. And then, I wrote many weird, useless
code made game crash or did nothing.
Finally, I got this problem done by entering the game, right key on the code, selecting "Find out address this code access for", changing the slot, I got the value and address...
Any idea?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 472
Joined: 09 May 2003
Posts: 25871
Location: The netherlands
|
| Posted: Sun Jul 08, 2012 3:52 pm Post subject: |
|
|
Is the value a 4 byte or a float?
Anyhow, as you guessed, use find out what addresses this code accessess. But don't only( access the value you want, but actually play the game a bit and then check the list.
If there is more than one address see if you can find a way to distinguish between the address you need and the others (registers, data in pointers, stack, etc...)
Then do a code injection that checks that and only then set the value if it is a match
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Dameningen
How do I cheat?
![]() Reputation: 0
Joined: 01 Apr 2012
Posts: 4
|
| Posted: Tue Jul 10, 2012 3:14 am Post subject: |
|
|
| Quote: | | Is the value a 4 byte or a float? |
It's a 4 byte value.
| Quote: | | Anyhow, as you guessed, use find out what addresses this code accessess |
Thanks, but that value (10) is a variable one, so I get different address every time.
I also tried finding the pointer, but the result was a mess...so I used AA, pray for a better solution.
I might type down following codes(cause they got deleted after all), but none of one works, even more, when I reload it crashed....
| Code: |
push esi
mov [esi+10],25
pop esi
|
| Code: |
push eax
mov eax,25
mov [esi+10],eax
pop eax
|
| Code: |
push eax
mov eax,25
push esi
mov [esi+10],eax
pop esi
pop eax
|
Any suggestions?
|
|
| Back to top |
|
|
Fresco
Grandmaster Cheater
![]() Reputation: 4
Joined: 07 Nov 2010
Posts: 600
|
| Posted: Tue Jul 10, 2012 4:58 am Post subject: |
|
|
| Dameningen wrote: | [...]but none of one works, even more, when I reload it crashed....
[...] |
if the original code writes to only one address that code above will work no matter what, so, like Dark Byte says, "you need to find something to distinguish the other addresses from the one that you want to change"
| Dameningen wrote: | [...] | Code: |
push esi
mov [esi+10],25
pop esi
|
[...] |
this above obviously doesn't work:
if you push esi; esi becomes 0, and the result will be 0+10 = 10, so it basically means write 25 to address 10, witch in most cases in not allocated, therefore writing to an unallocated space would result into a game crash.
| Dameningen wrote: | [...] | Code: |
push eax
mov eax,25
mov [esi+10],eax
pop eax
|
[...] |
pushing eax and storing 25 in eax, then storing eax into the pointer then popping eax is just as you write an immediate:
the code above is the same as:
witch is a lot faster to execute than the code you wrote 
| Dameningen wrote: | [...] | Code: |
push eax
mov eax,25
push esi
mov [esi+10],eax
pop esi
pop eax
|
[...] |
well read above for this one.
it's just wrong. the actual result will be write 25 in address 10
| Dameningen wrote: | | [...]Any suggestions? |
yes: complete the tutorial in ce 6.2 last step
after you finish the tutorial you'll figure out that if a code writes to multiple addresses, you fist have to find a "way" that identifies the address that you want to modify and then write the value: like this:
| Code: | original code: //mov [eax+10],ebx// it writes to 20 addresses.
//now when [eax+5] = ABC, it means that [eax+10] is the address i want: just do this:
alloc(newmem,2048)
label(noppedcode)
newmem:
pushfd //save flags to compare function
cmp [eax+5],ABC //if [eax+5] = abc jump to do nothing
je noppedcode //if [eax+5] = abc jump to do nothing
mov [eax+10],ebx //if [eax+5] is not = abc run originalcode
noppedcode: //label
nop //do nothing
popfd //restore flags
ret //return from where newmem was called
address of code:
call newmem //break the normal course of the code and execute custom code newmem at this point.
newmem will then return the execution from where it was called |
_________________
... Fresco |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
