Not dissect data structure (every time I search dissect code tutorials it always leads to dissect structure) but the dissect code feature. For the life of me I cannot find the XYZ scale for player and npcs in Silent Hill 2 PC Enhanced Edition. I've tried searing for 3 consecutive floats (1s, 2s, 10s, 100s) via group scan and viewing memory around the player structure. Also changed all values above and beneath player structure using dissect data structure tool. Stephen Chapman stated we could use dissect code to try and find references to scale. Maybe I'll try enumerating dlls and symbols and search for scale.
01FB1000 is the base address for the player struct. NPCs follow just after this base and their health is a +2CC offset apart from James and continues as such from each other ~20 more jumps. It looks like the developers put the xyz scale no where near the structures of player and npcs.
I tried using dissect code but nothing happens (unless cheat engine is saving the file somewhere) so my question is how to use dissect code.
How do I use dissect code?
- Gear2ndGandalf
- Expert Cheater
- Posts: 131
- Joined: Mon Aug 23, 2021 11:27 pm
- Reputation: 135
Re: How do I use dissect code?
Within the memory viewer you can press Ctrl + J (Dissect code) which prompts the user to select the modules you want to dissect. Once completed, Cheat Engine will have effectively linked references and show them in a similar way to a decompiler. At least that's my understanding of it, should anyone know better feel free to correct me.
Re: How do I use dissect code?
@Gear2ndGandalf: 'Dissect code' will not help you with that (see below)
As for coordinates: I tend to try and find the Z-coordinate (or 3D speaking the Yval), basically going up/down. However: while this value is +/- for (probably) most games AND float, that is not always the case. I came across a few games using doubles, and in one particular case the height value was "in reverse"; iow - = up and + = down (~ go figure)
Tips:
a. if you can climb a rope, then use that to your advantage; as X-Y_values will not change
b. if Zval keeps failing, try X or Y (keeping in mind that these can be reversed as well, depending the location of the 0,0,0 center_pt)
c. if the game comes with a map AND waypoint, then finding the waypoint coordinates is much faster (and far more accurate... in most cases ), as you'll be concentrating on X- or Y-val.
And once you've got that one, place your player in proximity to get "estimated" (~ between) coordinates.
As for using a particular tool: you might want to look into 'structure spider'. It is basically an "extension" to structure dissect in that it allows you to compare several levels deep(er) (~ dissect structure only works in the 'root' when comparing/locking values).
Note: I do not have much experience with the tool, mainly because i never really had the need for it... (if you have done your share of pointer scanning, then this tool works in a similar manner ~ takes some trial & error though)
Sidenote:
'dissect code' will not help you with that. what it basically does, is twofold (at least, that is why i use it now and then):
1. create a list of strings (although for this i prefer using [x32/64dbg] as it is much faster/more flexible
2. it will parkour the code and add 'links' at the start of all calls/subroutines/ jmps(?), making it a lot easier to find the routes that lead to the current subroutine. (you should definitely try this on a x32 game, just to get a feeling !)
WHEN do you want to use this: in those situations where debugging does NOT return back to the caller's location
Exception: calls/jmps through register values (as these won't be "registered")
TIP: if you plan to use this more frequently, know that you can save the dissect_code info (via some lua coding ~ when closing the table and/or reloading game, you'll loose that info !). For details: have a look at the design menu in one of my tables...
ps:
a) for x64 games, this can be a very slow process (talking +1hr and more here)
b) x64dbg offers similar feature(s), via plugin(s) if i recal well; and obviously not forgetting the master of xref_erencing IDA
As for coordinates: I tend to try and find the Z-coordinate (or 3D speaking the Yval), basically going up/down. However: while this value is +/- for (probably) most games AND float, that is not always the case. I came across a few games using doubles, and in one particular case the height value was "in reverse"; iow - = up and + = down (~ go figure)
Tips:
a. if you can climb a rope, then use that to your advantage; as X-Y_values will not change
b. if Zval keeps failing, try X or Y (keeping in mind that these can be reversed as well, depending the location of the 0,0,0 center_pt)
c. if the game comes with a map AND waypoint, then finding the waypoint coordinates is much faster (and far more accurate... in most cases ), as you'll be concentrating on X- or Y-val.
And once you've got that one, place your player in proximity to get "estimated" (~ between) coordinates.
As for using a particular tool: you might want to look into 'structure spider'. It is basically an "extension" to structure dissect in that it allows you to compare several levels deep(er) (~ dissect structure only works in the 'root' when comparing/locking values).
Note: I do not have much experience with the tool, mainly because i never really had the need for it... (if you have done your share of pointer scanning, then this tool works in a similar manner ~ takes some trial & error though)
Sidenote:
'dissect code' will not help you with that. what it basically does, is twofold (at least, that is why i use it now and then):
1. create a list of strings (although for this i prefer using [x32/64dbg] as it is much faster/more flexible
2. it will parkour the code and add 'links' at the start of all calls/subroutines/ jmps(?), making it a lot easier to find the routes that lead to the current subroutine. (you should definitely try this on a x32 game, just to get a feeling !)
WHEN do you want to use this: in those situations where debugging does NOT return back to the caller's location
Exception: calls/jmps through register values (as these won't be "registered")
TIP: if you plan to use this more frequently, know that you can save the dissect_code info (via some lua coding ~ when closing the table and/or reloading game, you'll loose that info !). For details: have a look at the design menu in one of my tables...
ps:
a) for x64 games, this can be a very slow process (talking +1hr and more here)
b) x64dbg offers similar feature(s), via plugin(s) if i recal well; and obviously not forgetting the master of xref_erencing IDA
- Gear2ndGandalf
- Expert Cheater
- Posts: 131
- Joined: Mon Aug 23, 2021 11:27 pm
- Reputation: 135
Re: How do I use dissect code?
Thanks for your replies! How do I get x32/64dbg is that a plugin for Cheat Engine?
Re: How do I use dissect code?
x64dbg
An open-source x64/x32 debugger for windows.
[Link]
An open-source x64/x32 debugger for windows.
[Link]
Who is online
Users browsing this forum: No registered users