Multiple value at same memory address ?

Sep 25, 2017
33
0
6
#1
Hello. I try to make a cheat table for Dungeon Souls game, the value isn't hard to find but the problem is they are come from same memory address
like this:
Code:
DungeonSouls.exe+1289EC - DD 45 00              - fld qword ptr [ebp+00] <<< they are come from this memory address
DungeonSouls.exe+1289EF - 5F                    - pop edi
DungeonSouls.exe+1289F0 - DD 1E                 - fstp qword ptr [esi]
DungeonSouls.exe+1289F2 - 5E                    - pop esi
DungeonSouls.exe+1289F3 - 5D                    - pop ebp
DungeonSouls.exe+1289F4 - B0 01                 - mov al,01 { 1 }
DungeonSouls.exe+1289F6 - 5B                    - pop ebx
DungeonSouls.exe+1289F7 - 59                    - pop ecx
DungeonSouls.exe+1289F8 - C3                    - ret 
DungeonSouls.exe+1289F9 - 8B 55 00              - mov edx,[ebp+00]
DungeonSouls.exe+1289FC - 5F                    - pop edi
DungeonSouls.exe+1289FD - 89 16                 - mov [esi],edx
DungeonSouls.exe+1289FF - 5E                    - pop esi
DungeonSouls.exe+128A00 - 5D                    - pop ebp
DungeonSouls.exe+128A01 - B0 01                 - mov al,01 { 1 }
DungeonSouls.exe+128A03 - 5B                    - pop ebx
DungeonSouls.exe+128A04 - 59                    - pop ecx
DungeonSouls.exe+128A05 - C3                    - ret 
DungeonSouls.exe+128A06 - 8B 45 00              - mov eax,[ebp+00]
DungeonSouls.exe+128A09 - 89 06                 - mov [esi],eax
DungeonSouls.exe+128A0B - 8B 4D 04              - mov ecx,[ebp+04]
DungeonSouls.exe+128A0E - 5F                    - pop edi
DungeonSouls.exe+128A0F - 89 4E 04              - mov [esi+04],ecx
DungeonSouls.exe+128A12 - 5E                    - pop esi
DungeonSouls.exe+128A13 - 5D                    - pop ebp
DungeonSouls.exe+128A14 - B0 01                 - mov al,01 { 1 }
And I try to do the pointer but it doesn't work when restart the game. How do I actually find the real address for the value of cheat I want ?
Thanks in advance!
 

FreeER

RCE Fanatics
Talents
Mar 10, 2017
90
4
8
#2
Generally, backtrace. Meaning look at the code that's running using break+trace (or ultimap if you've got an Intel CPU that can use it) and see where that function is getting it's value from. Alternatively find a table/trainer that's doing what you want and see how it works (then try to figure out how you could get to where you were from that point and then imagine doing it backwards as if you were actually doing it on your own), even if a table doesn't work anymore you can probably still get some useful information like the value type and levels used for a pointer, if it's an AOB script with a copy of the game memory then you might be able to construct another aob that's nearly unique (<200 results) and pick through to find a valid one.

The only other choice, other finding somewhere else it's accessed, is to try and do some kind of compare to figure out which value is the one you care about.
 
Top Bottom