How to retrieve a hidden variable ?

K

KevinDA

Cheater
Joined
Apr 16, 2020
Messages
26
Hello, in the table with the selected value. I would like to recover edi but below is not its value. How to do ?

 
J

JohnFK

Expert Cheater
Joined
Aug 29, 2017
Messages
52
Set a breakpoint to the instruction before yours to retrieve EDI value (CE only shows the register values after the instruction has been executed which in your case overrides EDI).
 
K

KevinDA

Cheater
Joined
Apr 16, 2020
Messages
26
How do I do ?
I do not understand
 
K

KevinDA

Cheater
Joined
Apr 16, 2020
Messages
26
I would like to get the address of edi.
Isn't there a way to display its value?
example in PHP you echo
 
SunBeam

SunBeam

Administrator
Staff member
Administrator
Joined
Feb 4, 2018
Messages
3,496
You are in x64 land. You can't get a static address like in x86 where the setup would be this:

mov eax,[805060] == xx 60 50 80 00

Where the endianness gives away the static pointer between the brackets.

In x64 you have to calculate it based on rip, length of instruction and where that DWORD's position is in the instruction.

If your problem is that the address always changes, then use module + offset, just like CE puts it: "WWE2K20_x64.exe+2CC3F18" and not "7FF729203F18". The reason for this is something called ASLR (https://en.wikipedia.org/wiki/Address_space_layout_randomization). Because of that the module base of WWE2K20_x64.exe will be different with every re-run of the game or every PC reboot.
 
Top