Finding Output Stream for Source Engine Developer Console

Want Cheat Engine to do something specific and no idea how to do that, ask here. (From simple scripts to full trainers and extensions)
Post Reply
vertigo103
What is cheating?
What is cheating?
Posts: 3
Joined: Mon Sep 18, 2017 7:42 pm
Reputation: 0

Finding Output Stream for Source Engine Developer Console

Post by vertigo103 » Tue Sep 19, 2017 7:46 pm

So I've looked at a few tutorials and done some searching but haven't been able to find anything specific to my issue.

Basically, I'm trying to find a static address pointer within the Source Engine ( counter strike, tf2, gmod, etc. ) that points to, or at least helps me find the "output" stream for all of the information that gets Printed to the Developer Console in game.


Here is what I tested:

Image


Strings found:
Image


After sending another line:
( appears on same line because i edited the previous string, which messed up the new line character I guess)

Image

how the other addresses changed:

Image


---

Previously I was able to find a somewhat contiguous region where it was writing things, but the area seems to jump around when sending new commands.


When I was able to "see what writes to this" or what "accesses" this, I ran into assembler commands where I didnt know how to get the value of certain parts.

How do I get the value of registers like this:
Image


TL;DR

I'm not sure how to deal with this situation because the region where the information is stored changes so much.

It's not as simple as changing how much ammo a player has since you can't directly edit any lines in console to see what accesses them.

Any suggestions on ways to approach this?

I understand that there may not be a fully contiguous region that the engine always writes to, so I guess I just need to find what is doing the writing, but I'm not sure how to do that.

Thanks

User avatar
seikur0
Expert Cheater
Expert Cheater
Posts: 151
Joined: Sat Aug 26, 2017 10:48 am
Reputation: 104

Re: Finding Output Stream for Source Engine Developer Console

Post by seikur0 » Wed Sep 20, 2017 3:27 pm

bp is just the lower 2 bytes of ebp, so in that case 6B->"k".

You shouldn't bother with these low level string duplication functions, try setting a breakpoint on data write and from there find the calling function/trace back the pointer/create one with aob.

vertigo103
What is cheating?
What is cheating?
Posts: 3
Joined: Mon Sep 18, 2017 7:42 pm
Reputation: 0

Re: Finding Output Stream for Source Engine Developer Console

Post by vertigo103 » Sun Oct 08, 2017 8:23 pm

seikur0 wrote:
Wed Sep 20, 2017 3:27 pm
bp is just the lower 2 bytes of ebp, so in that case 6B->"k".

You shouldn't bother with these low level string duplication functions, try setting a breakpoint on data write and from there find the calling function/trace back the pointer/create one with aob.
(finally had some time to get back to this.)

Ok, so I've been messing with Break Points / Break and Trace - my issue right now is that I'm not exactly sure what I'm looking for.

Im at a point where I can consistently test the same address though - to see what writes to it.

Steps
> Clear the in-game console
> Write a New command <--- Goes to the same address as previous command
> Repeat


Memory View:

Image


So from their I've created a Breakpoint which shows the instruction that writes to the address.

In this image, the instruction Moves the letter M into the address:

Image

After doing a break point and stepping through the "move" sequence a couple times, it's clear that it goes through 100 or 200 instructions between each character that gets copied to the address.

So I'm assuming that at some point the character is Copied from somewhere into the register that is being used in the Copy instruction.

Here's my problem

I'm not totally sure how to trace the character back to the source, or back to a static address that I can use to find it at any time.

Right now I'm trying to use the Break and Trace option - but I'm not familiar enough with it, so I'm looking for some guidance on what I should look for to find the calling function or pointer that I need.


Here is what the Break and Trace Looks like for when I wrote "a4" to the console address:

Image


From what I read on the wiki page, it seems like it could be useful. I'm just not sure what to look for.

Do ALL the instructions shown in the Break and Trace somehow relate to the address that I created the break on? (cause there are a ton - probably because I had it set to 1000)

anyway - thanks for any help! :D

vertigo103
What is cheating?
What is cheating?
Posts: 3
Joined: Mon Sep 18, 2017 7:42 pm
Reputation: 0

Re: Finding Output Stream for Source Engine Developer Console

Post by vertigo103 » Mon Oct 09, 2017 7:07 pm

thank you very much, appreciate the help - I will read through this and test when I get a chance.

Thanks again! :D

Post Reply

Who is online

Users browsing this forum: No registered users