 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
slark
How do I cheat?
![]() Reputation: 0
Joined: 28 Feb 2015
Posts: 7
|
 Posted: Sat Feb 28, 2015 4:09 pm Post subject: Understanding where values are copied to |
 |
|
Hello. In my scenario, certain values residing in certain addresses are being accessed and copied to other addresses.
For example, I have n values residing in n different addresses, and a debugger attached to discover which opcodes are accessing those addresses.
The result is always:
| Code: | 5ED04AE0 - 66 8B 08 - mov cx,[eax]
5ED41CA3 - 0FB7 0B - movzx ecx,word ptr [ebx]
5ED41CC0 - 0FB7 44 73 02 - movzx eax,word ptr [ebx+esi*2+02] |
with each of them detailed as:
5ED04AE0:
| Code: | EAX=04935F52
EBX=4A9BE500
ECX=0000004B
EDX=04935F54
ESI=4A9BF010
EDI=4A9BF010
EBP=0041CE88
ESP=0041CE88
EIP=5ED04AE3
Probable base pointer =04935F52
5ED04AD6 - lea edx,[eax+02]
5ED04AD9 - lea esp,[esp+00000000]
5ED04AE0 - mov cx,[eax]
5ED04AE3 - add eax,02
5ED04AE6 - test cx,cx |
5ED41CA3:
| Code: | EAX=00000000
EBX=04935F52
ECX=0000004B
EDX=04935F54
ESI=4A9BF010
EDI=0041CEA4
EBP=0041CE80
ESP=0041CE70
EIP=5ED41CA6
Probable base pointer =04935F52
5ED41C9D - ret 000C
5ED41CA0 - mov ebx,[ebp+0C]
5ED41CA3 - movzx ecx,word ptr [ebx]
5ED41CA6 - xor esi,esi
5ED41CA8 - test cx,cx |
5ED41CC0:
| Code: | EAX=00000065
EBX=04935F52
ECX=0041CE7C
EDX=00000000
ESI=00000000
EDI=0041CEA4
EBP=0041CE80
ESP=0041CE70
EIP=5ED41CC5
Probable base pointer =04935F52
5ED41CBA - push edi
5ED41CBB - call scaleformui_4.dll+418E0
5ED41CC0 - movzx eax,word ptr [ebx+esi*2+02]
5ED41CC5 - inc esi
5ED41CC6 - test ax,ax |
Now I understand that these operations copy values to other addresses, but I am having trouble understanding which are the destination addresses. I have tried myself to track them, but whenever I do, the expected value is not found (i.e. the value that's supposed to be copied there).
Could anyone please shed some light over this?
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sat Feb 28, 2015 4:25 pm Post subject: |
|
|
You need to track where the corresponding ECX/CX and EAX/AX registers go, if they go anywhere.
The little code you posted looks like they may be checking if the value is negative.
What they do after the test is for you to track.
Depending on the type of value this is, using Find out what accesses this address should show you where it reads the value (the code you found) and then where it finally writes a value back to the same address.
For example, you would see the mov cx,[eax] that you already found and the next instruction found by CE may be mov [eax],cx.
The game reads the current value, increases or decreases the value, and then write it back to memory.
Or if you found an instruction used for display, the end result may be converting the number into a string and printing it to the screen.
Something you should never need to track.
What are you tracking? What are you expecting? What are you actually seeing?
|
|
| Back to top |
|
|
slark
How do I cheat?
![]() Reputation: 0
Joined: 28 Feb 2015
Posts: 7
|
| Posted: Sat Feb 28, 2015 4:39 pm Post subject: |
|
|
| Zanzer wrote: | | What are you tracking? What are you expecting? What are you actually seeing? |
My project doesn't involve making any changes to the memory, only observing values. I am trying to determine the final address that holds the name of the currently selected unit in a game.
Whenever I selected a different unit, a box in the game displays the name of the selected unit. I have managed to find the address that holds the name, but that doesn't help because the value is being stored/moved to a different address each time a different game character is being selected.
So I thought to myself that I should look for addresses which store the name of the units and see which ones are being accessed when the units are actually selected (which I have managed to achieve as explained in the original post), in an attempt to find my way to the destination address from there.
That's why I am interested in knowing where the read values are being sent to, but I am quite new to this (started learning Cheat Engine less than a week ago) and I am having difficulties in understanding certain things. Thank you for your response, and any further help is much appreciated.
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sat Feb 28, 2015 4:57 pm Post subject: |
|
|
Do you already have the base pointer for the selected unit?
Are you already using it to show some numerical value about the select unit?
In that same memory region, I expect you will find a pointer address to the unit's name.
So for example, when you find out what access the selected unit's health, you may find:
So the base pointer of the selected unit is at EDI while the health is at offset 0xAC.
Close by that EDI base address, I would expect to see a pointer to the unit's name.
|
|
| Back to top |
|
|
slark
How do I cheat?
![]() Reputation: 0
Joined: 28 Feb 2015
Posts: 7
|
| Posted: Sat Feb 28, 2015 8:32 pm Post subject: |
|
|
The issue isn't finding the unit's name (as a string placed at an address I can always identify), I'm having problems with finding the currently selected unit's name which is text displayed in a box.
I think am too low skilled to properly explain what I've got and what I'm actually trying to do. Think I need to learn a bit more before asking for help.
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sat Feb 28, 2015 9:42 pm Post subject: |
|
|
You simply want to be able to find the address of the string containing the currently selected unit's name
When you select a new unit, you want it to automatically find the new unit's name.
You first need to find code that deals with the currently selected unit's base address.
It is much easier to first start by finding a numeric value related to a unit.
Find out what instructions access this address when you select the unit.
That is the code you need to hook so that it updates your name pointer.
By the way, what game is this?
|
|
| Back to top |
|
|
slark
How do I cheat?
![]() Reputation: 0
Joined: 28 Feb 2015
Posts: 7
|
| Posted: Sun Mar 01, 2015 3:32 am Post subject: |
|
|
| Zanzer wrote: | | You simply want to be able to find the address of the string containing the currently selected unit's name |
Right, fact is I can find the address, but the value (character name text) is always placed into a new address when a different unit is selected, and the old address that used to host the character's name gets filled with random data. After that happens, based on a pattern I have discovered even from the beginning, I can find the new address that hosts the character's name, yet it all repeats- when I select a different unit, the unit's name is being placed in yet another new address. According to what the instructions say, it seems that the name is being copied to a new address and the old one is left to be filled by other dynamic data.
The game is Dota2 and I am not trying attempting any hacks, I only want to create a logging system similar to the in-game one, but focused on other aspects of the game.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
