Cheat Engine

km2 · Newbie cheater Reputation: 0 Joined: 16 Sep 2004 Posts: 11

I am not sure if its a pointer in a pointer, because I cannot tell. This is how far I have gotten:
Loaded game, searched for the floating value, and got the address (Address changes every time the game loads or switchs levels).
Used 'find out what access this address" and got a huge list.

In this example, I used the first one listed:

I entered EDX into the 4byte hex search and came out with nothing, next I tried entered the value from the line above it, and still got nothing. I then went back to the large list and tried them all, with no avail. Am I doing something wrong?

Dood · How do I cheat? Reputation: 0 Joined: 31 Dec 2005 Posts: 2

You should of done a 4byte hex scan for the value 0128B2FC.
If you get a bunch of them just try using the first one and click "Add address manually" and click the pointer box, which should change and ask for the pointer address. You put in the address of the first thing in the codelist with the value 0128B2FC and then add the offset, in this case B80. Searching for EDX is not the same as searching for the value 0128B2FC, so you should be searching for the EDX at that particular line of asm. You could also try "find out what writes to this address" since that usually (for me) has fewer addresses than "find out what accesses this address". Hope this helps. I'm still learning about pointers but I seem to get the jist of it.

km2 · Newbie cheater Reputation: 0 Joined: 16 Sep 2004 Posts: 11

That is what I entered already, no results

Dark Byte · Posted: Sun Jan 01, 2006 7:19 am Post subject:

see the instruction above it ?
mov edx,[ebp-18]
edx gets it's value from the address at ebp-18

This is a stack address so not really trustable, but you can try going from there.
But I would suggest setting a breakpoint and then the stacktrace option to find out the caller, and then stepping through the code yourself. Or ue some code injection and save the value of edx somewhere or even freeze the address using the injection

km2 · Newbie cheater Reputation: 0 Joined: 16 Sep 2004 Posts: 11

Dark Byte, can you explain in more detail about stacktrace and caller?
I became instantly confused after looking at the stacktrace list.

zingbats · How do I cheat? Reputation: 0 Joined: 30 Jan 2006 Posts: 5

What if the results of the 4-byte scan are too large to enter the list view box? I cannot think of a way to refine the list.

Dark Byte · Posted: Mon Jan 30, 2006 12:58 pm Post subject:

try increasing the maximum numbr of addresses to show in settings, and hope there is a green address in the list, and hope it's the one you need

zingbats · How do I cheat? Reputation: 0 Joined: 30 Jan 2006 Posts: 5

Makes sense.

I managed to find the location of a float that I want, and the pointer (and offset) to the float.

When a new game is loaded, the location of the float remains the same, but the pointer address changes totally! On the exe restart they both change. How can a trainer be built to overcome this?

I tried doing a "write check" on the pointer to see if there was a pointer that pointed to the other pointer, and I had no such luck.

Do I need to check all the pointers in the 500+ list? None of them keep pointing to the float address when a new game is loaded so it seems pretty pointless (no pun intended Razz

).

Dark Byte · Posted: Mon Jan 30, 2006 2:51 pm Post subject:

but the address stays the same while all level1 pointers change?
thats weird, unless the address you found is already a static address

Zhoul · Posted: Mon Jan 30, 2006 8:31 pm Post subject:

Here's a detailed example of the method DB stated above.

http://forum.cheatengine.org/viewtopic.php?p=27398#27398

zingbats · How do I cheat? Reputation: 0 Joined: 30 Jan 2006 Posts: 5

Leonidas · Posted: Wed Feb 01, 2006 4:21 am Post subject:

Ah, I see, you chose the wrong pointer
at the image of : "The table when a new game is started, but the process isn't " you see most addresses changed, so the ones thatchanged are wrong pointers, but the ones that didn't change have the most chance of being the right pointer. (of course, none of them is a green address, so after a restart it can change, but thats for later)

As you see 042701ce stayed the same, as did 04270224 and 042702e6 (also, I recommend checking fastscan so it filters out 042701ce and 042702e6 because there's 99% chance that those are wrong pointers)

zingbats · How do I cheat? Reputation: 0 Joined: 30 Jan 2006 Posts: 5

Fast scan yields 15 results. None of which remain the same when the game is changed (process = same)

Dark Byte · Posted: Thu Feb 02, 2006 2:33 am Post subject:

then continue scanning the pointer before changing the game.

find oyt whatr accesses the pointer you found, and find that pointer for that, and go on till you've found the base address.

if all offsets are right and the base pointer is correct it will work

bitterbanana · Cheater Reputation: 0 Joined: 28 Nov 2004 Posts: 44

I can tell that there isn't a static pointer for that address. You're going to have to backtrace the assembly command and find out what is writing to edi. If you don't want to get your hands dirty in that, you can always just inject code to write the value of edi to a desired static address.