Multiple value at same memory address ?

Post your topics and discussions here that you can't find a good section for.
Post Reply
User avatar
Posts: 33
Joined: Mon Sep 25, 2017 7:30 pm
Reputation: 8

Multiple value at same memory address ?

Post by MikinaneShindouda » Fri Sep 29, 2017 11:32 am

Hello. I try to make a cheat table for Dungeon Souls game, the value isn't hard to find but the problem is they are come from same memory address
like this:

Code: Select all

DungeonSouls.exe+1289EC - DD 45 00              - fld qword ptr [ebp+00] <<< they are come from this memory address
DungeonSouls.exe+1289EF - 5F                    - pop edi
DungeonSouls.exe+1289F0 - DD 1E                 - fstp qword ptr [esi]
DungeonSouls.exe+1289F2 - 5E                    - pop esi
DungeonSouls.exe+1289F3 - 5D                    - pop ebp
DungeonSouls.exe+1289F4 - B0 01                 - mov al,01 { 1 }
DungeonSouls.exe+1289F6 - 5B                    - pop ebx
DungeonSouls.exe+1289F7 - 59                    - pop ecx
DungeonSouls.exe+1289F8 - C3                    - ret 
DungeonSouls.exe+1289F9 - 8B 55 00              - mov edx,[ebp+00]
DungeonSouls.exe+1289FC - 5F                    - pop edi
DungeonSouls.exe+1289FD - 89 16                 - mov [esi],edx
DungeonSouls.exe+1289FF - 5E                    - pop esi
DungeonSouls.exe+128A00 - 5D                    - pop ebp
DungeonSouls.exe+128A01 - B0 01                 - mov al,01 { 1 }
DungeonSouls.exe+128A03 - 5B                    - pop ebx
DungeonSouls.exe+128A04 - 59                    - pop ecx
DungeonSouls.exe+128A05 - C3                    - ret 
DungeonSouls.exe+128A06 - 8B 45 00              - mov eax,[ebp+00]
DungeonSouls.exe+128A09 - 89 06                 - mov [esi],eax
DungeonSouls.exe+128A0B - 8B 4D 04              - mov ecx,[ebp+04]
DungeonSouls.exe+128A0E - 5F                    - pop edi
DungeonSouls.exe+128A0F - 89 4E 04              - mov [esi+04],ecx
DungeonSouls.exe+128A12 - 5E                    - pop esi
DungeonSouls.exe+128A13 - 5D                    - pop ebp
DungeonSouls.exe+128A14 - B0 01                 - mov al,01 { 1 }

And I try to do the pointer but it doesn't work when restart the game. How do I actually find the real address for the value of cheat I want ?
Thanks in advance!

User avatar
Expert Cheater
Expert Cheater
Posts: 50
Joined: Fri Mar 10, 2017 7:11 pm
Reputation: 5

Re: Multiple value at same memory address ?

Post by FreeER » Fri Sep 29, 2017 12:08 pm

Generally, backtrace. Meaning look at the code that's running using break+trace (or ultimap if you've got an Intel CPU that can use it) and see where that function is getting it's value from. Alternatively find a table/trainer that's doing what you want and see how it works (then try to figure out how you could get to where you were from that point and then imagine doing it backwards as if you were actually doing it on your own), even if a table doesn't work anymore you can probably still get some useful information like the value type and levels used for a pointer, if it's an AOB script with a copy of the game memory then you might be able to construct another aob that's nearly unique (<200 results) and pick through to find a valid one.

The only other choice, other finding somewhere else it's accessed, is to try and do some kind of compare to figure out which value is the one you care about.

Post Reply

Who is online

Users browsing this forum: No registered users