Page 1 of 1
Find value by following instruction?
Posted: Tue Mar 30, 2021 2:39 pm
by daninthemix
I'm trying to hack infinite health on a game.
This instruction writes to the health address:
"engine.exe"+25843
The instruction is simply: mov [esi],ecx
But if I mess with it in any way or nop it, the game crashes.
So is there any way in cheat engine to have it 'find' the health address by following what that instruction accesses? I realize I can do that manually every time I run the game, but that's not ideal.
Thanks
Re: Find value by following instruction?
Posted: Tue Mar 30, 2021 2:47 pm
by zachillios
daninthemix wrote: ↑Tue Mar 30, 2021 2:39 pm
I'm trying to hack infinite health on a game.
This instruction writes to the health address:
"engine.exe"+25843
The instruction is simply: mov [esi],ecx
But if I mess with it in any way or nop it, the game crashes.
So is there any way in cheat engine to have it 'find' the health address by following what that instruction accesses? I realize I can do that manually every time I run the game, but that's not ideal.
Thanks
What I would assume you're finding is the display for the address rather than the actual value. And more than likely that display value is shared between a large number of different elements so when you're injecting into, it's crashing. My advice would be look for an alternative instruction to ping off of (open main menu, close it and see if a different instruction hits it) or alternatively just create a pointer for the address. Your third option is to break and trace the instruction and find the value that's purely writing to your HP.
Re: Find value by following instruction?
Posted: Tue Mar 30, 2021 2:53 pm
by daninthemix
zachillios wrote: ↑Tue Mar 30, 2021 2:47 pm
daninthemix wrote: ↑Tue Mar 30, 2021 2:39 pm
I'm trying to hack infinite health on a game.
This instruction writes to the health address:
"engine.exe"+25843
The instruction is simply: mov [esi],ecx
But if I mess with it in any way or nop it, the game crashes.
So is there any way in cheat engine to have it 'find' the health address by following what that instruction accesses? I realize I can do that manually every time I run the game, but that's not ideal.
Thanks
What I would assume you're finding is the display for the address rather than the actual value. And more than likely that display value is shared between a large number of different elements so when you're injecting into, it's crashing. My advice would be look for an alternative instruction to ping off of (open main menu, close it and see if a different instruction hits it) or alternatively just create a pointer for the address. Your third option is to break and trace the instruction and find the value that's purely writing to your HP.
No I'm definitely finding the right address, because if I freeze it I become invincible. I just don't understand why modifying the instruction crashes the game.
Re: Find value by following instruction?
Posted: Tue Mar 30, 2021 2:57 pm
by Rhark
daninthemix wrote: ↑Tue Mar 30, 2021 2:53 pm
zachillios wrote: ↑Tue Mar 30, 2021 2:47 pm
daninthemix wrote: ↑Tue Mar 30, 2021 2:39 pm
I'm trying to hack infinite health on a game.
This instruction writes to the health address:
"engine.exe"+25843
The instruction is simply: mov [esi],ecx
But if I mess with it in any way or nop it, the game crashes.
So is there any way in cheat engine to have it 'find' the health address by following what that instruction accesses? I realize I can do that manually every time I run the game, but that's not ideal.
Thanks
What I would assume you're finding is the display for the address rather than the actual value. And more than likely that display value is shared between a large number of different elements so when you're injecting into, it's crashing. My advice would be look for an alternative instruction to ping off of (open main menu, close it and see if a different instruction hits it) or alternatively just create a pointer for the address. Your third option is to break and trace the instruction and find the value that's purely writing to your HP.
No I'm definitely finding the right address, because if I freeze it I become invincible. I just don't understand why modifying the instruction crashes the game.
As zachillios already stated, it's probably a shared instruction that is being used by multiple addresses (may not be until they are needed to be written to) but would explain the crashing. You should also post the code around it as it may help explain more as to why it's crashing.
Re: Find value by following instruction?
Posted: Tue Mar 30, 2021 3:00 pm
by daninthemix
So the interesting thing is that that instruction is actually 2 instructions:
"engine.exe"+25843:
mov [esi],ecx
mov esi,[esp+14]
But noping either causes crashing. Or trying to hard set the value (e.g. mov [esi],10) also causes crashing.
Re: Find value by following instruction?
Posted: Tue Mar 30, 2021 3:02 pm
by zachillios
daninthemix wrote: ↑Tue Mar 30, 2021 3:00 pm
So the interesting thing is that that instruction is actually 2 instructions:
"engine.exe"+25843:
mov [esi],ecx
mov esi,[esp+14]
But noping either causes crashing. Or trying to hard set the value (e.g. mov [esi],10) also causes crashing.
So just eyeballing it the first one is definitely a shared instruction. The 2nd one not working is a little odd. Is the 2nd one writing to more than one address?
Re: Find value by following instruction?
Posted: Tue Mar 30, 2021 3:05 pm
by daninthemix
zachillios wrote: ↑Tue Mar 30, 2021 3:02 pm
daninthemix wrote: ↑Tue Mar 30, 2021 3:00 pm
So the interesting thing is that that instruction is actually 2 instructions:
"engine.exe"+25843:
mov [esi],ecx
mov esi,[esp+14]
But noping either causes crashing. Or trying to hard set the value (e.g. mov [esi],10) also causes crashing.
So just eyeballing it the first one is definitely a shared instruction. The 2nd one not working is a little odd. Is the 2nd one writing to more than one address?
I haven't checked - but it's definitely the first one that is writing to the health address. I know this because I did 'Find out what addresses this instruction writes to' and that's basically the quickest way to find out the health address, which you can then freeze.
BTW I noticed the game is on sale on GOG at the moment, so if anyone wants to take a look at it I'll happily gift it to them:
[Link]
Re: Find value by following instruction?
Posted: Tue Mar 30, 2021 5:06 pm
by TimFun13
Go to that instruction line in the memory view window, right click and select "see what addresses this instruction accesses". Like others have said it's likely a shared instructions, meaning other addresses are probably being accessed. If you're NOPing where ESI is set than that's likely a reason as well.
Re: Find value by following instruction?
Posted: Tue Mar 30, 2021 5:10 pm
by daninthemix
I've actually just found that nop'ing the instruction in memory view does work.
For whatever reason, trying to do this in an auto-assembler script crashes the game.
Re: Find value by following instruction?
Posted: Tue Mar 30, 2021 5:13 pm
by daninthemix
Fixed it! I guess the game just doesn't like all the boilerplate that gets added in the Auto Assemble template.
This however works perfectly:
Code: Select all
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
"engine.exe"+25843:
nop
nop
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
"engine.exe"+25843:
mov [esi],ecx
mov esi,[esp+14]