Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


I can't find a valid pointer...

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 149

PostPosted: Sun Mar 19, 2017 4:36 am    Post subject: I can't find a valid pointer... Reply with quote

Hello, I'm trying to find a pointer to the ammunitions address of the player's gun.
This game is protected against cheat engine and it has some other protections... Btw I've managed to freeze the game to scan it with cheat engine (after I've found the ammo address), the fact is that the game is freezed and I can't debug it or I can't perform any other action that involves dynamic stuff, as you may understand :S.
The only viable thing that I'm using right now is the pointerscan, but it doesn't work as it should, since after I've set a level 7 pointer I get a lot of results but all of them are useless after I restart the game, I've tried with level 8 pointer and it takes too much time (with 500,000,000 path/seconds speed )...
Do you know any other way I could use to find a pointer?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Mar 19, 2017 3:18 pm    Post subject: Reply with quote

first make sure that the address you found actually has an effect in the game. (else pointers will be of no use)

and check out http://forum.cheatengine.org/viewtopic.php?t=602561 (using snapshots of previous runs will only leave proper pointer paths)

especially the node limit. that way you can do deeper levels and bigger structsizes

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 149

PostPosted: Sun Mar 19, 2017 4:19 pm    Post subject: Reply with quote

Dark Byte wrote:
first make sure that the address you found actually has an effect in the game. (else pointers will be of no use)

and check out http://forum.cheatengine.org/viewtopic.php?t=602561 (using snapshots of previous runs will only leave proper pointer paths)

especially the node limit. that way you can do deeper levels and bigger structsizes

Ty what you say it's always precious... Btw I already found a valid pointer to this address some time ago, but in that time the game had less protections so I was able to run cheat engine without the need of freezing the game, so I searched for a level 7 pointer then changed the game's map and with some of the pointers that were "valid" I did a level 5 rescan for the first pointer pointed by the module base(plus it's offset) , in the end I had a level 12 pointer which was valid... But now the game is updated...
I will try tomorrow with a node limit of 2 , offset size 10000 , level 12 . Hoping it will not take ages otherwise if there aren't any other methods I will consider to pointerscan with multiple computers as you suggested me before Sad.



Edit: I forgot that I know the module base of this pointer, so I may try to tick thick the option to scan only certain memory pages? Will it work? How could I know which memory pages are assigned to a module that in this case it's a dll file?
Back to top
View user's profile Send private message
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 149

PostPosted: Mon Mar 20, 2017 1:53 pm    Post subject: Reply with quote

bump.
Unfortunately it doesn't work ... I think btw that setting a node limit of 2 cut in pieces my chances to find a valid pointer... not sure but who knows, it doesn't work Sad.
If anybody know how I could do, or has a good method to share, it would be really appreciated
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Mar 20, 2017 2:23 pm    Post subject: Reply with quote

Does attaching the debugger work on the target? If so, you could try SE plugin for injection and attempt to circumvent and/or remove any memory integrity check routines while also eliminating the need for pointer scanning.
Back to top
View user's profile Send private message
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 149

PostPosted: Mon Mar 20, 2017 2:57 pm    Post subject: Reply with quote

++METHOS wrote:
Does attaching the debugger work on the target? If so, you could try SE plugin for injection and attempt to circumvent and/or remove any memory integrity check routines while also eliminating the need for pointer scanning.

Thank you for the reply...
Not sure I got what you mean, btw yes I can attach the debugger but the process is completely freezed (all the threads are suspended).
What's the se plugin? Why should I try to circumvent the memory integrity check routines? How is that gonna remove me the need of pointerscan?
Ty
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Mar 20, 2017 3:04 pm    Post subject: Reply with quote

Why are you freezing the target during attachment of debugger?

SE Plugin == Stealth Edit Plugin

Circumvention for injection will eliminate the need for pointers/pointer scanning altogether. You can hook the instruction and save off the address that you are wanting to manipulate...that way, you will have the correct address every time without having to rely on potentially unreliable pointers.
Back to top
View user's profile Send private message
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 149

PostPosted: Mon Mar 20, 2017 3:14 pm    Post subject: Reply with quote

++METHOS wrote:
Why are you freezing the target during attachment of debugger?

SE Plugin == Stealth Edit Plugin

Circumvention for injection will eliminate the need for pointers/pointer scanning altogether. You can hook the instruction and save off the address that you are wanting to manipulate...that way, you will have the correct address every time without having to rely on potentially unreliable pointers.

Oh right I got what you mean, btw I'm freezing the target because it has a lot of protections, I do it to avoid detection of cheat engine and other tools.
Btw I can't debug the process in this state, maybe you know some method by looking at the memory or some other useful tools?
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Mar 20, 2017 3:54 pm    Post subject: Reply with quote

You could try Ollydbg with plugins. If the target is 64bit, then try x64dbg. Else, try to make CE undetectable.
Back to top
View user's profile Send private message
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 149

PostPosted: Mon Mar 20, 2017 4:09 pm    Post subject: Reply with quote

++METHOS wrote:
You could try Ollydbg with plugins. If the target is 64bit, then try x64dbg. Else, try to make CE undetectable.

but is still not what I'm looking for since I can't debug it... and if you or somebody has another Idea it will be really appreciated... But I think at this point there is'nt much anybody else who knows another technique.
Ty to you and darkbyte , aniway.
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Mon Mar 20, 2017 4:15 pm    Post subject: Reply with quote

I referenced the other tools that you could try in an effort to debug. Some protections target CE, specifically. Additionally, certain detection methods can be circumvented by way of various plugins that are available for programs like Ollydbg.

All that said, are you able to temporarily unpause the target so that results populate the debugger list post-attachment?
Back to top
View user's profile Send private message
Viloresi
Expert Cheater
Reputation: 0

Joined: 02 Feb 2017
Posts: 149

PostPosted: Mon Mar 20, 2017 11:05 pm    Post subject: Reply with quote

++METHOS wrote:
I referenced the other tools that you could try in an effort to debug. Some protections target CE, specifically. Additionally, certain detection methods can be circumvented by way of various plugins that are available for programs like Ollydbg.

All that said, are you able to temporarily unpause the target so that results populate the debugger list post-attachment?

No actually I didn't find a way to do that... If that would be possible it would be awesome
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites