View previous topic :: View next topic |
Author |
Message |
NuraIzuto How do I cheat? Reputation: 0
Joined: 28 Oct 2018 Posts: 3
|
Posted: Mon Oct 29, 2018 12:52 am Post subject: Pointer scan confusion |
|
|
This is my first time trying out a multi level pointer scan on a game before.
Anyway this is what came up
260D83E1 - 8B 7D CC - mov edi,[ebp-34]
260D83E4 - 8B 4C B8 0F - mov ecx,[eax+edi*4+0F]
260D83E8 - 8B 44 B8 0B - mov eax,[eax+edi*4+0B] <<
260D83EC - D1 F9 - sar ecx,1
260D83EE - F6 C1 01 - test cl,01
EAX=53F8ADB5
EBX=5EF524D9
ECX=00002D80
EDX=0000004A
ESI=5EF524D9
EDI=0000004A
ESP=0019E78C
EBP=0019E7CC
EIP=260D83EC
I'm not too sure what to do from here,
The offset is probably 133, maybe? Not sure if I'm on the right track.
And I don't know what to point it to considering the EAX is the same address the previous pointer pointed to. (Or I'm using that address as a pointer, I still don't get that part that much).
Anyway it's the same address I used in the previous level of the pointer I've gotten. I can't explain it very well, I can't post images yet. |
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Mon Oct 29, 2018 2:18 am Post subject: |
|
|
search for eax+b which is 53F8ADB5+B = 53F8ADC0, then add 128 as an offset. _________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Oct 29, 2018 2:54 am Post subject: |
|
|
remember that the register state is shown AFTER thebinstruction has been executed, so eax can not be used
but you know that eax+edi*4+0B=x (the address you used find what accesses on)
so eax=x-edi*4+0b
also, edi is quite high so this may not be a very useful path to go (anything above 10 is high) so see if you can find a different path.
also, is this a webbrowser game? because pointers won't work in those _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
NuraIzuto How do I cheat? Reputation: 0
Joined: 28 Oct 2018 Posts: 3
|
Posted: Mon Oct 29, 2018 3:05 am Post subject: |
|
|
Dark Byte wrote: | also, is this a webbrowser game? because pointers won't work in those |
Oh no it's not a browser game, I'll just assume that if the pointers don't work at all in this game, then I wouldn't be able to get to level 2 pointer. |
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1586
|
Posted: Mon Oct 29, 2018 4:23 am Post subject: |
|
|
thanks db for the note, so he must place a break point on previous instruction. _________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Oct 29, 2018 8:18 am Post subject: |
|
|
OldCheatEngineUser wrote: | thanks db for the note, so he must place a break point on previous instruction. |
Or just use basic math _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
NuraIzuto How do I cheat? Reputation: 0
Joined: 28 Oct 2018 Posts: 3
|
Posted: Mon Oct 29, 2018 8:39 am Post subject: |
|
|
I'm still lost on this one. while I did found an address, using the equation provided by DarkByte
eax=x-edi*4+0b
It's not by using the 'find out what accesses this address' address, since that didn't work, it's by using the address of the 2nd level pointer I had. And also I have no idea what I am doing, I just searched the eax results from the calculation and just happened to find one address.
I also don't know what offset to use, which is a problem considering I can't confirm the address I got is the one I want or not.
I have used
EDI*4
+0B
EDI*4+0B
Dark Byte wrote: | also, edi is quite high so this may not be a very useful path to go (anything above 10 is high) so see if you can find a different path. |
I think it's the only thing that works considering that the ones I've been working on are the only ones that have an offset. The others have either just [edi] [eax] or something like that with no offset. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Oct 29, 2018 8:46 am Post subject: |
|
|
An offset of 0 might be better than a variable offset inside an dynamic allocated array which can change depending on hickups on different cpu threads and harddisk speed
Also, an offset of 0 is no different than an offset of 220
Do keep in mind that the VALUE is not the same as an ADDRESS, so if you have ADDRESS 53F8ADB5 and offset 0, then the VALUE to get to that address is 53F8ADB5-0=53F8ADB5
So then you do a scan for the VALUE 53F8ADB5
Though 53F8ADB5 is a weird address and unaligned, so i'd go for 53F8ADB0 or 53F8AD00 and adjust the offset manually (first case offset 5, second case offset b5) _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|