Some of the time, this is straightforward to work around and inject custom logic because one of the registers may hold some kind of indexing information for example:
original game code:
Code: Select all
mov ecx,[eax+ecx*4] // where ECX could be 0x8 if writing to health, or 0xC if mana
mov [ecx+4],ebx // update value
Code: Select all
...
healthEntryPoint:
cmp ecx,8
jne manaEntryPoint
mov ebx,[customHealthValue]
jmp code
manaEntryPoint:
cmp ecx,C
jne origCode
mov ebx,[customManaValue]
origCode:
mov [ecx+4],eb
...
There are also times that this is not the case, so I just look at the stack trace and decide to just use the calling function as my entry point; however, I've also found that many times, 5 functions in the stack are also generic and it can get really challenging to come up with a reliable conditional check to do a specific thing like modify health. I've found this to be the case in games that use "in-house" game engines and almost every Java game. I know how to use the structure compare/dissect tool to determine other things so I can, for example, only target player units on the map instead of enemies. The problem I have is figuring out what exactly the function is doing given the register values at the time of invocation.
Any tips to on how to approach this in general? I'm looking for more ideas or if there is a another tool within CE that can help with these scenarios.