A trick I learned for finding unique compares

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
User avatar
SvT
Table Makers
Table Makers
Posts: 586
Joined: Tue Dec 24, 2019 5:17 am
Reputation: 1834

A trick I learned for finding unique compares

Post by SvT »

I was having trouble with a particular game because a single opcode writes to every useful addresses, as well as thousands of others.
FreeER, on Discord (I think registered here as well) gave me some hints which helped immensely. Hopefully this can help someone else out.

Here is the original code

Code: Select all

code:
  movss xmm0,[rcx+rax*4]
If I add a compare against [rcx+rax*4], who knows how many addresses it will filter out? I checked register states but many of them were the same.

Create a new script

Code: Select all

newmem:
  cmp rax,EA // first compare
  jne code
  movss xmm0,[rcx+rax*4] // "restore" original code, but it's a "new" opcode accessing fewer addresses
  jmp return

code:
  movss xmm0,[rcx+rax*4]
  jmp return
  
Now, activate the script and "Follow" the injection point to the code that you injected.

Code: Select all

cmp rax,000000EA
jne 7FF655580016
movss xmm0,[rcx+rax*4]
jmp 7FF655707900
movss xmm0,[rcx+rax*4]
jmp 7FF655707900
There are two "duplicate" opcodes now, but the first one is only showing the addresses that matched the compare; the rest are going to the original code. In this case, we've filtered out everything except for 30 addresses.

Now we can add a second compare

Code: Select all

cmp rax,000000EA
jne 7FF655580016
cmp r8,00000001
jne 7FF655580016
movss xmm0,[rcx+rax*4]
jmp 7FF655707900
movss xmm0,[rcx+rax*4]
jmp 7FF655707900
Following the same steps, there is only one address being written to.
Now you can create your script.

This "drill down filter" makes some things a lot easier for me now, but I'm sure there are better/more advanced methods.
How do you manage this problem?

Post Reply

Who is online

Users browsing this forum: No registered users