Unusual offset instruction?

M

mjolnir07

What is cheating?
Joined
Mar 7, 2020
Messages
3
Hi friends! Long time lurker, been teaching myself how to use cheat engine, but so far only for the real basics for over a decade now.

I've gotten pretty comfortable with finding pointers, but have been having trouble with one since the latest update to the game.
I'm looking for an ammunition pointer, and pointermaps and pointer scans just weren't giving reasonably reliable results, so I decided to
track it down the old fashioned way, and here's what I ran into.


First, the probable pointer address is strangely the same address as the 4byte scan each time. But, and this is important, it isn't actually the pointer.
Second, the probable address turns out zero results in a 4byte hex scan, or over a million results in a 2byte or a single byte scan.
Lastly, the offset instruction looks like this:

mov [rcx+r14*4], esp

I understand that this is probably pretty elementary for a lot of folks, but I've simply never encountered this and had to bypass it before, I suppose it may be because of anti-cheat obfuscation? The game has an online competitive mode (which I cannot access, I am on satellite internet with a laughable ping), but this is for the single-player campaign, so I was hoping that the code would behave differently without an internet connection.


Any tips?
 
M

mjolnir07

What is cheating?
Joined
Mar 7, 2020
Messages
3
I'd like to add here that my primary obstacle is how do you enter r14*4 as an offset into a pointer address?
 
D

DrummerIX

RCE Fanatics
Fearless Donors
Talents
Joined
Mar 22, 2017
Messages
1,750
My guess is that r14 is a specific value when it points to the value you want. Just find out what the value is and it's a constant mathematical equation.

Another option would be to inject some code at that offset instruction and then do the calculation of your pointer there like the following:
Code:
<i>
</i>mov [MyPointer],r14
imul [MyPointer],4
add [MyPointer],rcx
jmp originalcode
You would probably have to compare that r14 is the value you need though to make sure to only update when you need.
 
M

mjolnir07

What is cheating?
Joined
Mar 7, 2020
Messages
3
Oh man, duh, thanks! I knew it would be something obvious and simple that I was somehow overlooking. Also, thanks DrummerIX! Big fan of your work.
 
kantoboy69

kantoboy69

Expert Cheater
Table Maker
Joined
Aug 30, 2019
Messages
90
lea rax, [rcx+r14*4]
 
Dread_Pony_Roberts

Dread_Pony_Roberts

Code Cracker
Table Maker
Joined
Dec 9, 2018
Messages
226
Top