Why would value be stored as x43?

Valatros

Expert Cheater
Mar 7, 2017
50
0
6
#1
I've been playing an early access game (Dragon Cliff, if it matters) and been making myself a table each update, no problem. Most values have been stored as "double", because there's a lot of percentage increases and decreases in the game, so hey, easy find. Each time I found a value, there was two entries for each; one that if edited/locked, immediately changed anyway, and one that worked. This time, there's still an accurate address for the uneditable value, but the one that WORKS is... as the topic title suggests, the amount I have x43. So if I want, say, 10000 gold, I edit this address to 430000 and it works. I can still edit it, so in the end I succeeded, but... why 43? Especially since it wasn't this way until the latest major update (which did change the "caps" on both experience and gold, if it matters), I just can't find anything special about 43. There some programming wizardry that makes this make sense?
 

jungletek

Reality Bytes
Oct 17, 2017
158
6
18
#2
Some naive attempt at anti-cheat, perhaps.
 

SunBeam

RCE Fanatics
Talents
Fearless Donors
Feb 4, 2018
743
397
63
#3
Because your real value is most likely not stored as Double and you edit only part of it; or you edit more than you're supposed to. Browse the location in memory, earn gold, and see what changes. Also stop following others' tutorials.
 
Mar 11, 2017
14
0
1
#4
Thanks for the tip. It seems i still have trouble finding the correct address. Anyone could point me to a tutorial, please?

I use the debuger and try to find the addres that access the money, but none of the addreses change anything.
 

vell

What is cheating?
May 22, 2017
4
0
1
#5
I can't figure this out either. The x43 of the double value is not working for me.
 

Dante

What is cheating?
Jun 18, 2018
4
0
1
#7
Try "Find out what writes to this address" or "Find out what accesses to this address" to your address.
From there you can get values real address or value type.
Ex:
if you see assembly code like that "fld [ecx+60]" your address must be Float. and if you look "Show register states" , you will see what ecx contains then add 60 in hex. you will get real address.
ex: "movss [eax+80],xmm0" again this is float address
"mov byte ptr [ecx+80],00" This is byte address
"mov [ecx+80],eax" This is 4 byte address
"mov dword ptr [ecx+80],eax" This is 8 byte address
I cant remember how to move double values so cant give an example, but you can see an explanation inside memory view of ce.
Good luck🙂
 
Top Bottom