Page 1 of 1
How to retrieve a hidden variable ?
Posted: Sun Apr 19, 2020 12:48 pm
by KevinDA
Hello, in the table with the selected value. I would like to recover edi but below is not its value. How to do ?
Re: How to retrieve a hidden variable ?
Posted: Sun Apr 19, 2020 2:37 pm
by JohnFK
Set a breakpoint to the instruction before yours to retrieve EDI value (CE only shows the register values after the instruction has been executed which in your case overrides EDI).
Re: How to retrieve a hidden variable ?
Posted: Sun Apr 19, 2020 7:45 pm
by KevinDA
How do I do ?
I do not understand
Re: How to retrieve a hidden variable ?
Posted: Sun Apr 19, 2020 8:45 pm
by KevinDA
I would like to get the address of edi.
Isn't there a way to display its value?
example in PHP you echo
Re: How to retrieve a hidden variable ?
Posted: Mon Apr 20, 2020 10:48 pm
by SunBeam
You are in x64 land. You can't get a static address like in x86 where the setup would be this:
mov eax,[805060] == xx 60 50 80 00
Where the endianness gives away the static pointer between the brackets.
In x64 you have to calculate it based on rip, length of instruction and where that DWORD's position is in the instruction.
If your problem is that the address always changes, then use module + offset, just like CE puts it: "WWE2K20_x64.exe+2CC3F18" and not "7FF729203F18". The reason for this is something called ASLR ([Link]). Because of that the module base of WWE2K20_x64.exe will be different with every re-run of the game or every PC reboot.