Cheat Engine

[KevinD]

How to get the RSI value as an address without going through the registers each time ?

Hello, I explain my problem :

The starting address of the rax is 00000000000001BF, with the calculation ( lea eax,[rax+rax*4] ) RAX = 00000000000008BB
Then ( lea ecx,[rdx+rax*2] ) RCX = 0000000000001177
Then ( lea esi,[rcx+rcx*4] ) RSI = 0000000000005753
After ( add esi,esi ) RSI = 000000000000AEA6

I would like to recover directly RSI as an address without passing each time by the registers how to make?
Because with the following code it is not stored in any address afterwards.
And if I modify RAX = 00000000000001BF at the beginning the application crashes.
Is there any way to get RSI without going through registers each time ? (Like an address ????)

[TsTg]

these are either just calculating what will be stored in the address in [RSP+50] , that could represent a value of something, or a offset to some address, you need to figure that yourself.

if this code obtains your target everytime with the same numbers in (RAX,RDX,RCX) then you can safely say that RSI will always equal to AEA6.

[KevinD]

And no it is stored nowhere... not even at [RSP+50]

[TsTg]

RSP is just a address in the stack.
to find where the AEA6 going to be stored later, you have to trace
execution further after that routine returns, nothing really useful
in that area of code.

[KevinD]

Don't walk...

[KevinD]

Hello, I would like to know if anyone has a code to retrieve the RAX, RSI, RDI etc... values of an address ???
I would especially like to be able to retrieve them and then modify them as well. (C++)


I found this: https://github.com/coltonon/RegHookEx

I may have found something. But at compile time I have the following error: RegHook.cpp.text+0x20): undefined reference to `decode'

Then I added -c but when I want to open the file. I get a message that there is no access.

I tried to find examples but there are none.