 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
potentialunexplored
How do I cheat?
![]() Reputation: 0
Joined: 06 Mar 2023
Posts: 8
|
 Posted: Sat Sep 14, 2024 1:43 pm Post subject: Trouble tracing a value |
 |
|
How's it going folks!👋
I'm trying to create a script that would let me change a value that controls the number of enemies being spawned, which I thought would be easy work, but I find myself in a predicament.
So here's the value I'm looking for, float 1314135, which I purposefully changed to that figure via developer tools provided with the game, for ease of finding it.
Issue is, this is a GetArray function and thousands of addresses go through it so probably not the best place to inject. (And I was unable to reliably differentiate the address I need anyway)
i.imgur. com/HBcuCPJ.png
Then the value shows up here
i.imgur. com/EwHEehc.png
Issue is, when trying to look at it in Memory View it doesn't actually show these instructions. Not sure what's the deal with that.
i.imgur. com/vMDEom7.png
Finally, we make it to a function that actually handles spawns. I've noticed these two very similar instructions, but it seems a lot is going through [esp+28] all the time.
i.imgur. com/SsntZth.png
I tried dissecting data/structures on 017BF874 (esp) but the value of 1314135 is nowhere to be found. Nor dissecting addresses being referenced by nearby instruction yielded any meaningful result.
So that's the gist of it, a bit at a loss what would be a good course of action here. Appreciate your help! |
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 146
Joined: 06 Jul 2014
Posts: 4495
|
| Posted: Sat Sep 14, 2024 7:48 pm Post subject: |
|
|
When breaking and tracing an instruction that accesses multiple addresses, make sure it only triggers when it accesses the address you want by setting an appropriate start condition. An alternative is to do a break-and-trace using a data breakpoint (go to the address of the value in the bottom half of the memory viewer, right click menu; data breakpoints trigger after an instruction has executed).
| potentialunexplored wrote: | | Issue is, when trying to look at it in Memory View it doesn't actually show these instructions. |
The game probably associates that symbol name with multiple addresses. In other words, the mapping from addresses to names is not injective. See your second picture- it seems the same symbol is also defined just beneath that.
When CE tries to do the inverse of that- mapping names to addresses- CE arbitrarily picks one of the addresses associated with that symbol name.
EIP (the instruction pointer) points to the instruction being executed. Go to 6C8DBBFB instead.
| potentialunexplored wrote: | | Finally, we make it to a function that actually handles spawns. I've noticed these two very similar instructions, but it seems a lot is going through [esp+28] all the time. |
ESP points to the thread's stack. ESP+X is a local variable in the function being executed (or possibly a parameter). Local variables are transient- they only live for the duration of the function call.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
potentialunexplored
How do I cheat?
![]() Reputation: 0
Joined: 06 Mar 2023
Posts: 8
|
| Posted: Tue Sep 17, 2024 7:34 am Post subject: |
|
|
Appreciate your reply ParkourPenguin!
Shortly after making this post I realized since this value gets set just once and then it's only read, I could try to see if it's findable via a byte sequence. And it was! Which worked out swimmingly.
However, I'm still interested to see if I can find it via tracing.
| Quote: | | EIP (the instruction pointer) points to the instruction being executed. Go to 6C8DBBFB instead. |
I took a look into EIP here, and it's always this address 6C8DBBFB, which I guess is a good thing.
However, I'm not seeing any connection to what I need in there. Any suggestions?
i.imgur. com/Y4aLZnX.png |
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 146
Joined: 06 Jul 2014
Posts: 4495
|
| Posted: Tue Sep 17, 2024 11:01 am Post subject: |
|
|
| potentialunexplored wrote: | | I took a look into EIP here... |
That's the structure dissect. Using that on code will just result in garbage.
Open the memory viewer, right click in the disassembler (top half), select "Go to address", and enter in 6C8DBBFB (or whatever EIP is if you restarted the game and the code moved).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
