 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
S29JS2933
How do I cheat?
![]() Reputation: 0
Joined: 16 Apr 2013
Posts: 3
|
 Posted: Tue Apr 16, 2013 10:07 am Post subject: Finding out how the memory registery got it's value |
 |
|
Hello. First time here, I mostly do things by myself and learn from a few sources, but this time I seem to be stuck on something that I can't even find on google.
So the instruction is PUSH EBX, on the EBX it has a stored value which changes frequently. The value on the EBX is not an address, so I can't directly go there. Looking up sources on other websites did not help me.
Basically, I'm trying to look for a similar function like "Find out what writes on this address"
but on a Registry Memory value since it changes frequently
Maybe I'm just not doing breakpoints right or something... |
|
| Back to top |
|
 |
S29JS2933
How do I cheat?
![]() Reputation: 0
Joined: 16 Apr 2013
Posts: 3
|
| Posted: Wed Apr 17, 2013 7:01 am Post subject: Re: Finding out how the memory registery got it's value |
|
|
| S29JS2933 wrote: | Hello. First time here, I mostly do things by myself and learn from a few sources, but this time I seem to be stuck on something that I can't even find on google.
So the instruction is PUSH EBX, on the EBX it has a stored value which changes frequently. The value on the EBX is not an address, so I can't directly go there. Looking up sources on other websites did not help me.
Basically, I'm trying to look for a similar function like "Find out what writes on this address"
but on a Registry Memory value since it changes frequently
Maybe I'm just not doing breakpoints right or something... |
Bumping for help |
|
| Back to top |
|
|
eax.qbyte
Advanced Cheater
![]() Reputation: 3
Joined: 25 Jun 2011
Posts: 59
Location: CEDisasmView
|
| Posted: Wed Apr 17, 2013 7:13 am Post subject: requesting enough info |
|
|
Only push ebp is not enough information.
and it is not possible to push ebp on ebx
also pls tell more about the value type.
and of course register values change frequently, but the game has to finally save it some where to use it again if needed. then you can finally find that address which has it's own methods. if you haven't done Cheat Engine tutorials yet, you may find them useful.
_________________
My special thanx to Cheat Engine and its developers. It helps me do the hard and boring but valuable process of understanding the code, easily and with fun. |
|
| Back to top |
|
|
S29JS2933
How do I cheat?
![]() Reputation: 0
Joined: 16 Apr 2013
Posts: 3
|
| Posted: Wed Apr 17, 2013 12:18 pm Post subject: Re: requesting enough info |
|
|
| eax.qbyte wrote: | Only push ebp is not enough information.
and it is not possible to push ebp on ebx
also pls tell more about the value type.
and of course register values change frequently, but the game has to finally save it some where to use it again if needed. then you can finally find that address which has it's own methods. if you haven't done Cheat Engine tutorials yet, you may find them useful. |
Actually in the value type...In this game, it changes colors...
(Like, FF FF FF FF)
(First FF is the transparency. Second FF is red, Third FF is blue, and Fourth FF is green)
| Quote: | | but the game has to finally save it some where to use it again if needed. then you can finally find that address which has it's own methods. |
This is what I'm pretty much trying to figure out myself. Seeing as you can't even do the hex search on the client. I know there's a method I'm missing or something.
I finished the tut like a long while ago, but I'll try it again I guess |
|
| Back to top |
|
|
iroku
Advanced Cheater
![]() Reputation: 0
Joined: 18 Oct 2012
Posts: 54
|
| Posted: Wed Apr 17, 2013 2:35 pm Post subject: |
|
|
mm try to "break and trace instruction" spend like an hour trying to figure it out and what ebx you really want
check tools dissect data/structures on the "check what writes to this address" function and look whats around that function as well.. don't know if it helps |
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Apr 18, 2013 12:08 am Post subject: Re: Finding out how the memory registery got it's value |
|
|
| S29JS2933 wrote: | So the instruction is PUSH EBX, on the EBX it has a stored value which changes frequently. The value on the EBX is not an address, so I can't directly go there.[...]Basically, I'm trying to look for a similar function like "Find out what writes on this address"
but on a Registry Memory value since it changes frequently |
-One method I use is to copy the whole function in notepad, go to the line that contains this push ebx, and search upward for "ebx" until I find an instruction that writes to ebx. It works for small functions but when there are lots of conditional jumps, the instruction you find that way might have been skipped by such jump, so you have to re-run your function to make sure the instruction you found is really the right one.
-One better method, but a bit more cumbersome, is to use ollydbg, put a breakpoint on the first instruction of the function that contains that push ebx, and a breakpoint on the push ebx, wait until the first breakpoint is hit, and do a run trace (+log to file). Then open your trace in notepad, and search upward for "ebx", starting from the bottom. That way you're sure to find the last instruction that wrote to ebx, unless this instruction is before the function you runtraced.
-A quick 'n' dirty 'n' tedious method is to put a breakpoint in CE on the first assembly instruction of your function and press "step over" until your reach your push ebx. You see the registers on the right? Each time one is written in red it mean it has been altered, so jut note the address every instruction that altered ebx: the last one is the one you're looking for. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
