Finding a pointer the "easy way" failing?

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
kliqx_dgcd
What is cheating?
What is cheating?
Posts: 3
Joined: Fri Jan 15, 2021 1:47 pm
Reputation: 4

Finding a pointer the "easy way" failing?

Post by kliqx_dgcd »

Hi!

This might be a really, really stupid question, but... I can barely even use CE, learning pointers and that stuff already took me way longer than it should've.
Now, I'm currently trying to get the pointer for the HP value in the prologue of Fights in Tight Spaces, but trying the "tutorial way" of getting the pointer address always fails.

The result of the initial scans is usually 14 addresses, all of which do have the correct current HP. Some of those are "written to" every frame, and all the others also only have operations like mov ecx,000000D4 and there's no pointer guess displayed below the "copy memory" explanation of what the instruction does.
I also have no idea what the ecx part is, the only thing I know is that the instruction moves 000000D4 into ecx, whatever that may mean :?
Image

I suspect it has something to do that whatever is accessed by ecx is in GameAssembly.dll+8F36AD and not somewhere in FightsInTightSpaces.exe, but I really have no idea.

Can anyone explain why this isn't working and maybe also what stuff like ecx is? I've also seen a few others like that in Memory Viewer, like edx, rcx, rdi or rax, to name quite a few.

sbryzl
Expert Cheater
Expert Cheater
Posts: 143
Joined: Sat Mar 04, 2017 4:47 am
Reputation: 90

Re: Finding a pointer the "easy way" failing?

Post by sbryzl »

In this particular case, the value in ECX register is used as a counter to write bytes pointed to by RSI register to a location pointed to by RDI register, so RCX is the number of bytes left to write.

The indicator for this is the following instruction "repe movsb". This is the instruction that enacts the process after registers are loaded with the necessary values.
It is described here: [Link]

Code: Select all

REP MOVS m8, m8	ZO	Valid	N.E.	Move RCX bytes from [RSI] to [RDI]

Post Reply

Who is online

Users browsing this forum: No registered users