Can't find base addres with CE
Hzy, well I really I tried this for hours now and it's just not working, I'm using a small game just for testing purposes (and fast scanning) and this is what I do:
Game: vvvvvv
1. Boot up game, level
2. Boot up CE, attach to vvvvvv.exe
3. Search the "deaths" value (its a 4byte non static value, literally on screen)
4. Find the value "0D39F1CC" (this changes on every restart of game)
5. Right click and use "what writes to this address"
6. Double click the one resulted code line
------------------------
Screenshot up to this point
FULL SIZE (had to shrink to fit 800x800) --> [Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
------------------------
7. Toggle hex and search new scan on "0D39F0A0"
8. I find 5 results but none of them are static addresses.
------------------------
Screenshot up to this point
FULL SIZE (had to shrink to fit 800x800) --> [Only registered and activated users can see links. Click Here To Register...]
[Only registered and activated users can see links. Click Here To Register...]
------------------------
At this point im lost... the tutorial from CE itself gave me just one nice green static at this point while here I get 5 black ones.. this gives me the impression I went wrong somewhere in step 7...
I can provide you with any more information you need but if anyone can nudge me in the right way, thanks a lot causse well I start to believe the tutorial was made to find the result easily while in actual practise this isn't so easy.... (unless I'm very wrong in step7)
Thanks a lot!
DJK
Re: Can't find base addres with CE
Nope, you are in a right way. Just continue searching BA from found values
And read guide "Find BA with CE and OllyDbg", 'coz you can do all job with debugger
Re: Can't find base addres with CE
[esi+eax*4] indicates an array of bytes, in simple terms a list of items in memory. To calculate the offset it would be eax * 4 (hex). For example say if eax = 4 then the offset would be 10 (hex). Which game are you speaking of by the way ?
Re: Can't find base addres with CE
I thought that the "vvvvvv" is just process name example... but this is a game name 8)
web site: thelettervsixtim.es/
And I like description: "VVVVVV is an old-school ultra-sadistic challenge-based puzzle platformer. "
DJK
Maybe, this game like a Battle of the Immortals where you can't ever find static address for speed
-- 2010-11-30, 04:21 --
DJK
Ok, I took 20 min from my lunch. You forgot to notice that this is a flash game. So you should use another cheating approach, but not finding BA for death with CE.
Decompile this game, and check ac3 scripts. You can activate all game mods, nodeathmod etc. Or if you still trying to find death count, check this routine:
Code:
public function deathsequence(param1:mapclass, param2:entityclass, param3:musicclass) : void
{
;
with (false)
{
var _loc_7:* = null * (null ^ null[null === null[true]]);
var _loc_8:String = null;
if (_loc_8 || param2)
{
if (this.supercrewmate)
{
if (_loc_8)
{
}
}
if (this.scmhurt)
{
this.i = param2.getscm();
}
else
{
this.i = param2.getplayer();
}
param2.entities[this.i].colour = 1;
param2.entities[this.i].invis = false;
}
if (this.nodeathmode)
{
param3.fadeout();
this.gameoverdelay = 60;
}
var _loc_4:String = this;
if (_loc_8 || param2)
{
}
var _loc_5:* = this.deathcounts + 1;
if (_loc_8 || param3)
{
_loc_4.deathcounts = _loc_5;
}
if (_loc_8)
{
param3.playef(2, 10);
param2.entities[this.i].invis = true;
if (param1.finalmode)
{
var _loc_4:* = param1.roomdeathsfinal;
var _loc_5:* = this.roomx - 41 + 20 * (this.roomy - 48);
var _loc_6:* = param1.roomdeathsfinal[this.roomx - 41 + 20 * (this.roomy - 48)] + 1;
if (!_loc_7)
{
_loc_4[_loc_5] = _loc_6;
}
this.currentroomdeaths = param1.roomdeathsfinal[this.roomx - 41 + 20 * (this.roomy - 48)];
}
var _loc_4:* = param1.roomdeaths;
;
var _loc_5:* = (null - (null >> (null & (null | param1.roomdeaths * this)))).roomx - 100 + 20 * (this.roomy - 100);
var _loc_6:* = null[(null - (null >> (null & (null | param1.roomdeaths * this)))).roomx - 100 + 20 * (this.roomy - 100)] + 1;
if (_loc_8 || param1)
{
_loc_4[_loc_5] = _loc_6;
}
}
this.currentroomdeaths = param1.roomdeaths[this.roomx - 100 + 20 * (this.roomy - 100)];
if (_loc_8 || this)
{
if (this.deathseq == 25)
{
param2.entities[this.i].invis = true;
}
if (this.deathseq == 20)
{
param2.entities[this.i].invis = true;
}
}
if (this.deathseq == 16)
{
param2.entities[this.i].invis = true;
}
if (_loc_8)
{
if (this.deathseq == 14)
{
param2.entities[this.i].invis = true;
}
if (this.deathseq == 12)
{
param2.entities[this.i].invis = true;
}
}
if (this.deathseq < 10)
{
if (_loc_8 || this)
{
param2.entities[this.i].invis = true;
}
}
if (!this.nodeathmode)
{
if (this.deathseq <= 1)
{
param2.entities[this.i].invis = false;
}
}
else
{
var _loc_4:String = this;
if (_loc_8)
{
}
var _loc_5:* = this.gameoverdelay - 1;
if (_loc_7)
{
;
param2 = _loc_7;
with (null << null == null)
{
}
if (!this)
{
_loc_4.gameoverdelay = _loc_5;
}
}
return;
}// end function