Solved Following Value game ...

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

ffb.boy.30

Newbie
Full Member
Jun 30, 2013
7
172
0
Hi,
I would like to read a value from a game. On tha main directory of the game I've found a .pdb file and I've extract it ( 350Mo) , In this text file I've found all the variable and declaration of the game.
I've found this

Function : static, [00475E50][0001:00474E50], len = 0000013A, public: virtual bool __thiscall DynamicObjectsProcessor::ExtractState(class NET::BitStream &)
Function attribute:
Function info:
FuncDebugStart : static, [00475E5C][0001:00474E5C]
FuncDebugEnd : static, [00475F81][0001:00474F81]
Data : enregistered ecx, Object Ptr, Type: class DynamicObjectsProcessor * const, this
Data : ebp Relative, [00000008], Param, Type: class NET::BitStream &, o_stream
Data : esp Relative, [FFFFFFC3], Local, Type: bool, objectRecorded
Data : esp Relative, [FFFFFFC4], Local, Type: const unsigned int *, it
Data : esp Relative, [FFFFFFC8], Local, Type: unsigned int, instanceIndex
Data : esp Relative, [FFFFFFD8], Local, Type: class GEM::GVector3, CameraAngle
CallSite : [0x0001:0x00474ef3] 0x00475EF3 void (class GEM::GVector3 &, class GEM::position &)


And Would like to know how can I use cheatengine to track this data :
CameraAngle & Position .

How can do this ?

Thanks you
 

Rake

I'm not your friend
Administrator
Jan 21, 2014
12,510
78,998
2,419
Debug the game with x64dbg or IDA Pro and make it use the .pdb and you will see all the information in the disassembly.
 
Last edited:

ffb.boy.30

Newbie
Full Member
Jun 30, 2013
7
172
0
Hi back again with mytracking data, as you tell me I've open the memory viewer with the info I've found in the .pdb

C++:
Function       : static, [00475E50][0001:00474E50], len = 0000013A, public: virtual bool __thiscall DynamicObjectsProcessor::ExtractPhysicsState(class NET::BitStream &)
                 Function attribute:
                 Function info:
FuncDebugStart :   static, [00475E5C][0001:00474E5C]
FuncDebugEnd   :   static, [00475F81][0001:00474F81]
Data           :   enregistered ecx, Object Ptr, Type: class DynamicObjectsProcessor * const, this
Data           :   ebp Relative, [00000008], Param, Type: class NET::BitStream &, o_stream
Data           :   esp Relative, [FFFFFFC3], Local, Type: bool, objectRecorded
Data           :   esp Relative, [FFFFFFC4], Local, Type: const unsigned int *, it
Data           :   esp Relative, [FFFFFFC8], Local, Type: unsigned int, instanceIndex
Data           :   esp Relative, [FFFFFFD8], Local, Type: class GEM::GVector3, angularVelocity
Data           :   esp Relative, [FFFFFFF0], Local, Type: class GEM::GQuaternion, rotation
Data           :   esp Relative, [FFFFFFCC], Local, Type: class GEM::GVector3, position
Data           :   esp Relative, [FFFFFFE4], Local, Type: class GEM::GVector3, linearVelocity
CallSite       :   [0x0001:0x00474ef3]  0x00475EF3  void (class GEM::GVector3 &, class GEM::GQuaternion &)
Goto address : CamProcess.exe+00475E50 here is what I've found


C++:
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState - 48                    - dec eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+1- 52                    - push edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+2- 89 44 24 24           - mov [esp+24],eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+6- 8B 44 24 48           - mov eax,[esp+48]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+A- 50                    - push eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+B- 89 4C 24 2C           - mov [esp+2C],ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+F- 8D 4C 24 28           - lea ecx,[esp+28]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+13- 51                    - push ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+14- 8D 14 3E              - lea edx,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+17- 52                    - push edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+18- 57                    - push edi
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+19- E8 022FFCFF           - call CamProcess.GEM::GQuaternion::BuildRotation+310
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+1E- 8D 0C 3E              - lea ecx,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+21- 83 C4 14              - add esp,14
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+24- 3B C1                 - cmp eax,ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+26- 74 13                 - je CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3B
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+28- 8B 54 24 24           - mov edx,[esp+24]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+2C- 3B 50 04              - cmp edx,[eax+04]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+2F- 72 0A                 - jb CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3B
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+31- 77 0B                 - ja CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3E
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+33- 8B 4C 24 20           - mov ecx,[esp+20]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+37- 3B 08                 - cmp ecx,[eax]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+39- 73 03                 - jae CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3E
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3B- 8D 04 3E              - lea eax,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+3E- 8D 14 3E              - lea edx,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+41- 3B C2                 - cmp eax,edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+43- 74 57                 - je CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+9C
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+45- 8B 44 2B 10           - mov eax,[ebx+ebp+10]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+49- 8B 54 24 44           - mov edx,[esp+44]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+4D- 8B 5C 2B 14           - mov ebx,[ebx+ebp+14]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+51- C6 44 24 48 00        - mov byte ptr [esp+48],00
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+56- 8B 4C 24 48           - mov ecx,[esp+48]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+5A- 51                    - push ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+5B- 52                    - push edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+5C- 89 44 24 28           - mov [esp+28],eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+60- 8D 44 24 28           - lea eax,[esp+28]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+64- 50                    - push eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+65- 8D 0C 3E              - lea ecx,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+68- 51                    - push ecx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+69- 57                    - push edi
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+6A- 89 5C 24 38           - mov [esp+38],ebx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+6E- E8 AD2EFCFF           - call CamProcess.GEM::GQuaternion::BuildRotation+310
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+73- 8D 14 3E              - lea edx,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+76- 83 C4 14              - add esp,14
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+79- 3B C2                 - cmp eax,edx
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+7B- 74 0F                 - je CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8C
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+7D- 3B 58 04              - cmp ebx,[eax+04]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+80- 72 0A                 - jb CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8C
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+82- 77 0B                 - ja CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8F
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+84- 8B 4C 24 20           - mov ecx,[esp+20]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+88- 3B 08                 - cmp ecx,[eax]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8A- 73 03                 - jae CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8F
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8C- 8D 04 3E              - lea eax,[esi+edi]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+8F- 8B 4C 24 44           - mov ecx,[esp+44]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+93- 83 C0 08              - add eax,08
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+96- 50                    - push eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+97- E8 1410FBFF           - call CamProcess.PhysicsAnimators::ClosestPtSegmentSegment+1D0
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+9C- 8B 44 24 44           - mov eax,[esp+44]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+A0- 8D 54 24 18           - lea edx,[esp+18]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+A4- 3B D0                 - cmp edx,eax
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+A6- 74 13                 - je CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+BB
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+A8- 8B 4C 24 18           - mov ecx,[esp+18]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+AC- 8B 54 24 1C           - mov edx,[esp+1C]
CamProcess.DynamicObjectsProcessor::ExtractPhysicsState+B0- 89 08                 - mov [eax],ecx
How can I read the register I'm not a CE king .

Thanks you
C++:
 

ffb.boy.30

Newbie
Full Member
Jun 30, 2013
7
172
0
I've put a breakpoint at this address . but apparently this breakpoint is not used .
I think it is only used at startup, how can I do to launch my software with CE ?

Thanks you
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
I've put a breakpoint at this address . but apparently this breakpoint is not used .
I think it is only used at startup, how can I do to launch my software with CE ?

Thanks you
Did you breakpoint 'CamProcess.DynamicObjectsProcessor::ExtractPhysicsState' ? Should break then.

I think it's not possible through CE, only with ollyDBG
 

ffb.boy.30

Newbie
Full Member
Jun 30, 2013
7
172
0
Ok so I will try with ollydbg...
I've open the exe with Ollydbg but I don't find the way to put the breakpoint.
I will post as soon I've found something

Thanks you
 

ffb.boy.30

Newbie
Full Member
Jun 30, 2013
7
172
0
How to jump to the right address ?
In CheatEngine you can do Goto address => MyProcess.exe+00475E50
Is there this capability in Ollydbg ?
 

Syperus

RTFM
Meme Tier VIP
Dank Tier Donator
Oct 29, 2012
432
2,638
7
How to jump to the right address ?
In CheatEngine you can do Goto address => MyProcess.exe+00475E50
Is there this capability in Ollydbg ?
By itself no. There might be a plugin that has this type of capability, but I have yet to see it. You will need to get the address from CE and input it into Olly.
 

ffb.boy.30

Newbie
Full Member
Jun 30, 2013
7
172
0
Ok In CE I've MyProcess.exe + 475E50 = 875E50
Myprocess = 400000
But now in Ollydbg this address doesn't exist .
I've found that if I click on the address column it toggle between relative or absolute address but in relative the value max is less than 475E50 and in absolute it look like 75910068.

Should I open the exe with Ollydbg of shoud I attach the process ?


Edit:
If I open the exe the address look good but at this address it is not the same code as the cheatengine memory view

Edit 2 :
Ok it looks good the 875E50 address is not appearing it start at 875E51

Now I will test the breakpoint


Edit 3:
I've put my breakpoint but when I run the debugger the software is launched and works well but it don't stop at the breakpoint .
Is it possible that the breakpoint is not working ?
Or maybe this function is not called , I will try with another one
 
Last edited:

Syperus

RTFM
Meme Tier VIP
Dank Tier Donator
Oct 29, 2012
432
2,638
7
In CE show that address in disassembler. From there right click on that address and click Go to Address. From there it'll give you the address of that current line. Copy that address and put it into Olly. It's a quick n dirty way to get it.
 

ffb.boy.30

Newbie
Full Member
Jun 30, 2013
7
172
0
I've made it like this , on my last post I've made some edit that explain my search

Thanks you
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods