Find value by following instruction?

Anything Cheat Engine related, bugs, suggestions, helping others, etc..
Post Reply
daninthemix
Expert Cheater
Expert Cheater
Posts: 128
Joined: Tue Jul 18, 2017 6:31 pm
Reputation: 43

Find value by following instruction?

Post by daninthemix »

I'm trying to hack infinite health on a game.

This instruction writes to the health address:

"engine.exe"+25843

The instruction is simply: mov [esi],ecx

But if I mess with it in any way or nop it, the game crashes.

So is there any way in cheat engine to have it 'find' the health address by following what that instruction accesses? I realize I can do that manually every time I run the game, but that's not ideal.

Thanks

zachillios
Table Makers
Table Makers
Posts: 669
Joined: Fri Mar 03, 2017 9:05 am
Reputation: 378

Re: Find value by following instruction?

Post by zachillios »

daninthemix wrote:
Tue Mar 30, 2021 2:39 pm
I'm trying to hack infinite health on a game.

This instruction writes to the health address:

"engine.exe"+25843

The instruction is simply: mov [esi],ecx

But if I mess with it in any way or nop it, the game crashes.

So is there any way in cheat engine to have it 'find' the health address by following what that instruction accesses? I realize I can do that manually every time I run the game, but that's not ideal.

Thanks
What I would assume you're finding is the display for the address rather than the actual value. And more than likely that display value is shared between a large number of different elements so when you're injecting into, it's crashing. My advice would be look for an alternative instruction to ping off of (open main menu, close it and see if a different instruction hits it) or alternatively just create a pointer for the address. Your third option is to break and trace the instruction and find the value that's purely writing to your HP.

daninthemix
Expert Cheater
Expert Cheater
Posts: 128
Joined: Tue Jul 18, 2017 6:31 pm
Reputation: 43

Re: Find value by following instruction?

Post by daninthemix »

zachillios wrote:
Tue Mar 30, 2021 2:47 pm
daninthemix wrote:
Tue Mar 30, 2021 2:39 pm
I'm trying to hack infinite health on a game.

This instruction writes to the health address:

"engine.exe"+25843

The instruction is simply: mov [esi],ecx

But if I mess with it in any way or nop it, the game crashes.

So is there any way in cheat engine to have it 'find' the health address by following what that instruction accesses? I realize I can do that manually every time I run the game, but that's not ideal.

Thanks
What I would assume you're finding is the display for the address rather than the actual value. And more than likely that display value is shared between a large number of different elements so when you're injecting into, it's crashing. My advice would be look for an alternative instruction to ping off of (open main menu, close it and see if a different instruction hits it) or alternatively just create a pointer for the address. Your third option is to break and trace the instruction and find the value that's purely writing to your HP.
No I'm definitely finding the right address, because if I freeze it I become invincible. I just don't understand why modifying the instruction crashes the game.

User avatar
Rhark
Fearless Donors
Fearless Donors
Posts: 847
Joined: Tue Apr 16, 2019 1:27 am
Reputation: 338

Re: Find value by following instruction?

Post by Rhark »

daninthemix wrote:
Tue Mar 30, 2021 2:53 pm
zachillios wrote:
Tue Mar 30, 2021 2:47 pm
daninthemix wrote:
Tue Mar 30, 2021 2:39 pm
I'm trying to hack infinite health on a game.

This instruction writes to the health address:

"engine.exe"+25843

The instruction is simply: mov [esi],ecx

But if I mess with it in any way or nop it, the game crashes.

So is there any way in cheat engine to have it 'find' the health address by following what that instruction accesses? I realize I can do that manually every time I run the game, but that's not ideal.

Thanks
What I would assume you're finding is the display for the address rather than the actual value. And more than likely that display value is shared between a large number of different elements so when you're injecting into, it's crashing. My advice would be look for an alternative instruction to ping off of (open main menu, close it and see if a different instruction hits it) or alternatively just create a pointer for the address. Your third option is to break and trace the instruction and find the value that's purely writing to your HP.
No I'm definitely finding the right address, because if I freeze it I become invincible. I just don't understand why modifying the instruction crashes the game.
As zachillios already stated, it's probably a shared instruction that is being used by multiple addresses (may not be until they are needed to be written to) but would explain the crashing. You should also post the code around it as it may help explain more as to why it's crashing.

daninthemix
Expert Cheater
Expert Cheater
Posts: 128
Joined: Tue Jul 18, 2017 6:31 pm
Reputation: 43

Re: Find value by following instruction?

Post by daninthemix »

So the interesting thing is that that instruction is actually 2 instructions:

"engine.exe"+25843:
mov [esi],ecx
mov esi,[esp+14]

But noping either causes crashing. Or trying to hard set the value (e.g. mov [esi],10) also causes crashing.

zachillios
Table Makers
Table Makers
Posts: 669
Joined: Fri Mar 03, 2017 9:05 am
Reputation: 378

Re: Find value by following instruction?

Post by zachillios »

daninthemix wrote:
Tue Mar 30, 2021 3:00 pm
So the interesting thing is that that instruction is actually 2 instructions:

"engine.exe"+25843:
mov [esi],ecx
mov esi,[esp+14]

But noping either causes crashing. Or trying to hard set the value (e.g. mov [esi],10) also causes crashing.
So just eyeballing it the first one is definitely a shared instruction. The 2nd one not working is a little odd. Is the 2nd one writing to more than one address?

daninthemix
Expert Cheater
Expert Cheater
Posts: 128
Joined: Tue Jul 18, 2017 6:31 pm
Reputation: 43

Re: Find value by following instruction?

Post by daninthemix »

zachillios wrote:
Tue Mar 30, 2021 3:02 pm
daninthemix wrote:
Tue Mar 30, 2021 3:00 pm
So the interesting thing is that that instruction is actually 2 instructions:

"engine.exe"+25843:
mov [esi],ecx
mov esi,[esp+14]

But noping either causes crashing. Or trying to hard set the value (e.g. mov [esi],10) also causes crashing.
So just eyeballing it the first one is definitely a shared instruction. The 2nd one not working is a little odd. Is the 2nd one writing to more than one address?
I haven't checked - but it's definitely the first one that is writing to the health address. I know this because I did 'Find out what addresses this instruction writes to' and that's basically the quickest way to find out the health address, which you can then freeze.

BTW I noticed the game is on sale on GOG at the moment, so if anyone wants to take a look at it I'll happily gift it to them:

[Link]

User avatar
TheyCallMeTim13
Administration
Administration
Posts: 1541
Joined: Fri Mar 03, 2017 12:31 am
Reputation: 808

Re: Find value by following instruction?

Post by TheyCallMeTim13 »

Go to that instruction line in the memory view window, right click and select "see what addresses this instruction accesses". Like others have said it's likely a shared instructions, meaning other addresses are probably being accessed. If you're NOPing where ESI is set than that's likely a reason as well.

daninthemix
Expert Cheater
Expert Cheater
Posts: 128
Joined: Tue Jul 18, 2017 6:31 pm
Reputation: 43

Re: Find value by following instruction?

Post by daninthemix »

I've actually just found that nop'ing the instruction in memory view does work.

For whatever reason, trying to do this in an auto-assembler script crashes the game.

daninthemix
Expert Cheater
Expert Cheater
Posts: 128
Joined: Tue Jul 18, 2017 6:31 pm
Reputation: 43

Re: Find value by following instruction?

Post by daninthemix »

Fixed it! I guess the game just doesn't like all the boilerplate that gets added in the Auto Assemble template.

This however works perfectly:

Code: Select all

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

"engine.exe"+25843:
nop
nop
 
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
"engine.exe"+25843:
mov [esi],ecx
mov esi,[esp+14]

Post Reply

Who is online

Users browsing this forum: No registered users