Checking if a register has a fix value

Section's for general approaches on hacking various options in games. No online-related discussions/posts OR warez!
Post Reply
User avatar
STN
Founder
Founder
Posts: 2473
Joined: Thu Mar 02, 2017 7:48 pm
Reputation: 122

Checking if a register has a fix value

Post by STN » Wed Apr 19, 2017 12:17 am

Recreating Geri's tutorials and articles before his site got wiped out. Wealth of information in it!
-----

If you have made cheats for some time now, you have probably noticed that you can use many codes to calculate a value, not just the one that is accessing to it. It happens many times that you find a code where a register can be used to calculate the address that you need, for example a register is holding the address of your health somewhere in the code etc. In those cases, it is very important to make sure that the register is always pointing to your health only and not holding any other value at the specific code. For this, you can do some manual debugging but to make sure that you don't mess up anything, you can also use a small script to check if the value of the register is changing or not. So to make my work easier, I have made this script and I post it here in case someone want to use it. If you don't know how to use it, you probably don't need it yet.

In this example, the script is checking if EAX always have the same value at a specific code. The code that I am using is from the tutorial of CE 6.1. In the example, EAX is holding the value of your health in step 2, thus it would not be suitable to calculate an address, but it is fine for an example for illustrating. So here is the script that you need to add to a table:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(logging_register)
label(checking_register)
label(exit)
globalalloc(regcheck,4)
globalalloc(regcheck_counter,4)
globalalloc(recordtime,4)

regcheck:
dd EEEEEEEE

regcheck_counter:
dd 0

recordtime:
dd 1

newmem: //this is the original code here now
mov eax,[ebx+00000458]

logging_register:
cmp [recordtime],1
jne checking_register
mov [recordtime],0 //this code will run only once
mov [regcheck],eax //recording register value

checking_register:
cmp eax,[regcheck] //checking stored value with register
je exit //if it's ok, quit
inc [regcheck_counter] //if not ok, increase regcheck_counter value


exit:
jmp returnhere

00421138:
jmp newmem
nop
returnhere:




[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
00421138:
mov eax,[ebx+00000458]
//Alt: db 8B 83 58 04 00 00



If this is done and you have activated your script, you also have to add regcheck_counter to your table to see the value, or you can just jump to that address in the memory browser. By going to regcheck value, you can also see what was the value that was logged for the register.

Now if you are at step 2 in the tutorial and you don't do anything, regcheck_counter = 0. This means that EAX has always the same value. If this value would be an address, you could think at first sight that this a good register to use for your purposes, but now click on Hit me and regcheck_counter will start to increase, indicating that EAX register's value has been changed compared to the first recorded value. In this case, you could conclude that EAX cannot be used to calculate your address as the value is sometimes different than what you need.

I am not sure that everyone will understand the purpose of this script but those who will can use this example to change it for the code that they want to examine. It is a good way to test a register automatically instead of manual debugging so you can play for some time without hitting breakpoints all the time, freezing your gameplay.

Here is a table with the code and address for the tutorial.
shared_register_check.zip
(739 Bytes) Downloaded 24 times
Also here is a video for demonstration:


Peace!
Geri

Post Reply

Who is online

Users browsing this forum: No registered users