Problem scan or something

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
FlipCarloz
Noobzor
Noobzor
Posts: 12
Joined: Sat Jun 16, 2018 5:55 pm
Reputation: 0

Problem scan or something

Post by FlipCarloz » Fri Jun 22, 2018 6:36 pm

I do not know if I'm right or wrong but I can not find the value opcode?

Am I missing something?



but I can change the value.

now, I already tried with pointer but every time I change the map the address changes



there is. one more thing. Why does the scan put me in VCRUNTIME140 and not in game memory?



the game is Fictorum Observer



Code:



VCRUNTIME140.memcpy+110 - 4C 8B 02 - mov r8,[rdx]

VCRUNTIME140.memcpy+113 - 0FB7 4A 08 - movzx ecx,word ptr [rdx+08]

VCRUNTIME140.memcpy+117 - 44 0FB6 4A 0A - movzx r9d,byte ptr [rdx+0A]

VCRUNTIME140.memcpy+11C - 4C 89 00 - mov [rax],r8

VCRUNTIME140.memcpy+11F - 66 89 48 08 - mov [rax+08],cx

VCRUNTIME140.memcpy+123 - 44 88 48 0A - mov [rax+0A],r9l

VCRUNTIME140.memcpy+127 - 49 8B CB - mov rcx,r11

VCRUNTIME140.memcpy+12A - C3 - ret

VCRUNTIME140.memcpy+12B - 8B 0A - mov ecx,[rdx]

VCRUNTIME140.memcpy+12D - 89 08 - mov [rax],ecx <--- THIS

VCRUNTIME140.memcpy+12F - C3 - ret

VCRUNTIME140.memcpy+130 - 8B 0A - mov ecx,[rdx]

VCRUNTIME140.memcpy+132 - 44 0FB6 42 04 - movzx r8d,byte ptr [rdx+04]

VCRUNTIME140.memcpy+137 - 89 08 - mov [rax],ecx

VCRUNTIME140.memcpy+139 - 44 88 40 04 - mov [rax+04],r8l

VCRUNTIME140.memcpy+13D - C3 - ret

VCRUNTIME140.memcpy+13E - 66 90 - nop

VCRUNTIME140.memcpy+140 - 8B 0A - mov ecx,[rdx]

VCRUNTIME140.memcpy+142 - 44 0FB7 42 04 - movzx r8d,word ptr [rdx+04]

VCRUNTIME140.memcpy+147 - 89 08 - mov [rax],ecx

VCRUNTIME140.memcpy+149 - 66 44 89 40 04 - mov [rax+04],r8w

VCRUNTIME140.memcpy+14E - C3 - ret



[URL='https://ibb.co/kLAs9o']image[/URL]
Last edited by FlipCarloz on Fri Jun 22, 2018 6:41 pm, edited 2 times in total.

User avatar
FreeER
RCE Fanatics
RCE Fanatics
Posts: 142
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 12
Contact:

Problem scan or something

Post by FreeER » Fri Jun 22, 2018 7:00 pm

[quote]Why does the scan put me in VCRUNTIME140 and not in game memory?[/quote]

Because the game developer used the memcpy function which comes from the c standard library / runtime and you're running on windows with the (Microsoft) Visual C Runtime version 14.0 (iirc maybe it's 1.40) aka msvc 14.0



This is a pretty generic function that's likely used for many other things all the time, you're almost certainly better off finding out what code is calling it for the value you want (conditional breakpoints can be helpful with that) and hook that code instead.

FlipCarloz
Noobzor
Noobzor
Posts: 12
Joined: Sat Jun 16, 2018 5:55 pm
Reputation: 0

Problem scan or something

Post by FlipCarloz » Fri Jun 22, 2018 7:11 pm

Thanks for the reply. I was wondering why I was using a windows dll and not from outside.

And with regard to conditional breakpoints it seems like the game crashes. Any solution ?

User avatar
FreeER
RCE Fanatics
RCE Fanatics
Posts: 142
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 12
Contact:

Problem scan or something

Post by FreeER » Fri Jun 22, 2018 7:38 pm

maybe hook the code and do the check in assembly, with a nop that is skipped when you don't care, then set a bpt on the nop? Since the normal conditions use lua and that can be slower /shrug

FlipCarloz
Noobzor
Noobzor
Posts: 12
Joined: Sat Jun 16, 2018 5:55 pm
Reputation: 0

Problem scan or something

Post by FlipCarloz » Fri Jun 22, 2018 8:04 pm

hm i see. Thank you.

User avatar
koderkrazy
Fearless Donors
Fearless Donors
Posts: 252
Joined: Sun Jun 17, 2018 2:14 pm
Reputation: 165

Problem scan or something

Post by koderkrazy » Sat Jun 23, 2018 10:09 am

[QUOTE="FlipCarloz, post: 49959, member: 18627"]

I already tried with pointer but every time I change the map the address changes [/QUOTE]

Since this is memcpy function, you might wanna investigate pointer in rdx here, since it is the source of data.

May be it is constant across the maps...

[QUOTE]VCRUNTIME140.memcpy+12B - 8B 0A - mov ecx,[[COLOR=rgb(235, 107, 86)][B][U]rdx[/U][/B][/COLOR]] [COLOR=rgb(184, 49, 47)]<--- value coming from here[/COLOR]

VCRUNTIME140.memcpy+12D - 89 08 - mov [rax],ecx <--- THIS

VCRUNTIME140.memcpy+12F - C3 - ret[/QUOTE]

FlipCarloz
Noobzor
Noobzor
Posts: 12
Joined: Sat Jun 16, 2018 5:55 pm
Reputation: 0

Problem scan or something

Post by FlipCarloz » Sat Jun 23, 2018 10:15 am

[QUOTE="koderkrazy, post: 50006, member: 18664"]Since this is memcpy function, you might wanna investigate pointer in rdx here, since it is the source of data.

May be it is constant across the maps...[/QUOTE]



hey. Thanks for the reply. I got a trainer. It works fine with pointeiros

Post Reply

Who is online

Users browsing this forum: No registered users