View previous topic :: View next topic |
Author |
Message |
hexapod How do I cheat? Reputation: 0
Joined: 21 Oct 2014 Posts: 2
|
Posted: Tue Oct 21, 2014 2:52 pm Post subject: |
|
|
My question is how to convert these Code: | "program.exe"+some_offset | type addresses to code? For example:
http colon //i dot imgur dot com/dnzfqlH.jpg (can't post URLs yet apparently)
I mean, surely I can't use Code: | "Crusaders.exe"+00E3D2A0 | as my address in my code?
Also, can you point me in the direction of a good place to find how to use the "What accesses this address" method for finding base pointers? Seems easier/faster than using pointer scans, but I've been unsuccessful with it, so far. I've seen Fleep's video. In the address for money above I was told 135ECEF8 was probably the base with an offset of 4 and it does not point to the address in question.
Sorry for posting in probably the wrong thread, but I didn't want to start a new thread for something I'm sure gets posted every other day. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25291 Location: The netherlands
|
Posted: Tue Oct 21, 2014 3:03 pm Post subject: Re: FAQ: How to use a pointer |
|
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
hexapod How do I cheat? Reputation: 0
Joined: 21 Oct 2014 Posts: 2
|
Posted: Tue Oct 21, 2014 3:11 pm Post subject: Re: FAQ: How to use a pointer |
|
|
Dark Byte wrote: | Dark Byte wrote: |
(also check out (omit) for help on how to deal with modulename+offset notations) |
|
Of course the example is in Delphi. Why wouldn't it be? Thanks. |
|
Back to top |
|
|
tdr2012 Cheater Reputation: 0
Joined: 02 Nov 2014 Posts: 26
|
Posted: Mon Nov 03, 2014 12:01 pm Post subject: |
|
|
Dark Byte wrote: | Read the 4 byte value stored at 01132380 + 540 (So read the 4 bytes at 11328C0 and use that result for the next step) |
I tried doing all the steps, and I was successful at getting a address that was not a pointer, but, the address I found after adding all the offsets to the "4 byte" values of previous addresses, it ends up being the same address that the (P->064E8268) holds the value in.
So, I just found the same 064E8268 address, but this address changes on next restart. This pointer is only 4-levels. Am I doing the math wrong? Do I start with the address "068A4B20" and add HEX offset d4 to it? Or am I supposed to add the "game.exe+02D86394" first, get its "4 Byte" value, and then add d4 to the DEC value of the "4 bytes"?
It didn't give me a different address that would be a static address. Do I have to add the "4 bytes" value into calculator as a DEC number or add by hex?
I am sorry, I am still trying to understand this, I thought I add the right idea when I added them up the first time.
Last edited by tdr2012 on Wed Nov 12, 2014 12:16 pm; edited 1 time in total |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25291 Location: The netherlands
|
Posted: Mon Nov 03, 2014 1:59 pm Post subject: |
|
|
game.exe+02D86394 is a static address
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
tdr2012 Cheater Reputation: 0
Joined: 02 Nov 2014 Posts: 26
|
Posted: Mon Nov 03, 2014 2:55 pm Post subject: |
|
|
Dark Byte wrote: | game.exe+02D86394 is a static address
Dark Byte wrote: |
(also check out http//forum.cheatengineorg/viewtopic.php?p=5280115#5280115 for help on how to deal with modulename+offset notations) |
|
Thank you. But, will I have to add the base and the offset of game.exe+02D86394 in order to get this static address to drop the P-> symbol?
So, I was able to find the base address of "game.exe", which ended up being 673A0000. I added the offset 02D86394 in HEX and I got a 4 byte value of 152383520 when i added the address. Do I just continue down adding all the offsets?
It didn't give me the non-P-> address after I got the base and added it. Perhaps I am not understanding something? |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25291 Location: The netherlands
|
Posted: Mon Nov 03, 2014 3:17 pm Post subject: |
|
|
so this time game.exe is at 673A0000 (that will change each time the game runs, but is easily looked up) , so 673A0000+02D86394 = 6A126394
Read the 4 byte at 6a126394
add to that value 0xd4
read the 4 byte value at the address that value makes up
add to that value 0x1a4
read the 4 byte value at the address that value makes up
add to that value 0x9c
read the 4 byte value at the address that value makes up
add to that value 0x8 and that value will represent the address you are interested in
And that address will stay the same until you do something in the game that makes it change (e.g map change, restart the game, walk over a border, load a game, get killed, a timed garbage collection, etc...)
So always do this lookup before reading/writing _________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
tdr2012 Cheater Reputation: 0
Joined: 02 Nov 2014 Posts: 26
|
Posted: Tue Nov 04, 2014 12:55 pm Post subject: |
|
|
Dark Byte wrote: | so this time game.exe is at 673A0000 (that will change each time the game runs, but is easily looked up) , so 673A0000+02D86394 = 6A126394
Read the 4 byte at 6a126394
add to that value 0xd4
read the 4 byte value at the address that value makes up
add to that value 0x1a4
read the 4 byte value at the address that value makes up
add to that value 0x9c
read the 4 byte value at the address that value makes up
add to that value 0x8 and that value will represent the address you are interested in
And that address will stay the same until you do something in the game that makes it change (e.g map change, restart the game, walk over a border, load a game, get killed, a timed garbage collection, etc...)
So always do this lookup before reading/writing |
Thanks! It makes sense now. I was able to pull out the static address out of the P-> =D |
|
Back to top |
|
|
|