Cheat Engine

[RichardG]

i'm making a trainer for ghost recon 2001 which adds 3rd and 1st person views while making the player model visible. it was necessary to dynamically change the camera position while the player moved so i found the addresses and pointers for the stance(standing crouched, prone) and the binocular readings, to check how far the player was from a wall etc. to prevent the camera from going through said wall.

originally i made code injected scripts that copied the value of the registers to a empty memory space @ the location of the opcodes that wrote to the addresses, for example:

mov [esi+08], edx >> original code for writing the stance value 0,1,2
mov [008de234], edx >> code i added to store the value of stance

i also did this for the opcode which wrote the binocular value.

i then made a 3rd script which compared the values at these addresses to make decisions about when to reposition the camera. this was injected at the opcode which wrote the address for moving the camera forward and back.

cmp [008de234], 00000000 >> if this is true then player is standing
jne "not standing"
mov [esi+14], 0df5a843 >> move the camera to this position

it worked!!!

but not all the time, turns out the address i used [008de234] would some times be over written by the game, messing up my script, i tired to find new empty addresses but same thing happens.

i then thought of accessing the memory locations of stance and binocular directly from the 3rd script using pointers

the stance pointer is level 2
base = 008d2ca8
offset 1 = 130
offset 2 = 8

looks like this in the "change address" box for the pointer:
i added numbers to the ??????? to help you keep track
008d2ca8 -> ????1???
[????1???+130] -> ???2????
???2???? +8 = ????3???
????3??? = stance value

my question:
how do i access the stance value from the pointer in my script?

i tried this:
mov eax, 008d2ca8 >> ???1????
mov eax, [eax+130] >> ???2????
mov eax, [eax+8] >> ????3???
mov eax, [eax] >> value of stance

but it didnt work

for some reason in the change address box for the pointer
this line:
[????1???+130] -> ???2????

if ????1??? = 00000001 then [000000001+130] would = 00000131
but it doesnt, it shows it pointing to a different hex number eg 0000013d

while ????3???+8 is calculated correctly
so my code is pointing to the wrong address using the offsets of the level 2 pointer and i have no idea why

please help

[Zanzer]

[RichardG]

Oh i see now
008d2ca8+130 is the address of the pointer pointing to ???2???
so to get the value of ???2??? you do this [008d2ca8+130]

thanks man i appreciate the help

[Zanzer]

Not sure what your question marks are trying to show.

The code reads like this:
The value at [008d2ca8] contains an address (pointer).
That address +130 contains another address.
That address +8 is the address containing your stance.

If you wanted to add that address to your table, it would be:
[[008d2ca8]+130]+8

[Nemexia55]

sorry, my question is not much related, but how did you scanned it? i mean how did you find its address.
is there a good place in this forum that contains tips for memory scanning?

[RichardG]

thanks for the reply i figured it out now and my code works 100% of the time instead of only sometimes

@Nemexia55
i just did the tutorial that comes with cheat engine, and when i got stuck i went on youtube, where people had uploaded instructional videos of themselves doing the tutorial

hope that helps

[Nemexia55]

Thanks