Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Finding the root of a datastructure

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Vindictive
Newbie cheater
Reputation: 0

Joined: 02 Oct 2017
Posts: 13

PostPosted: Mon Nov 06, 2017 6:13 pm    Post subject: Finding the root of a datastructure Reply with quote

In my game I have a table like data structure. It's basically a list of different worlds. Each world has different properties, Example, it's name, number of players in the world, etc.

Using CE I can find dynamic addresses of these properties for the different worlds. But can not find a static address for the individual properties and my understanding is that only the root of the datastructure with have some sort of static pointer pointing to it while all the members (the worlds) of the data structure will be pointed to dynamically.

I hope this makes sense. Put in another way it's just like this forum. Forum is like the datastructure and all the different threads are members of forum and each thread has properties, replies, date created, etc. How do I go about finding the root of a datastructure like this so that I can grab all the information inside the datastructure?

I don't need a written solution I just need to know what to research because pointer scanners don't work but I'm assuming it will once I find the root of the data structure. Is this perhaps a problem for ollydbg?
Back to top
View user's profile Send private message
Prehistoricman
Advanced Cheater
Reputation: 0

Joined: 02 Aug 2016
Posts: 76

PostPosted: Mon Nov 06, 2017 7:40 pm    Post subject: Reply with quote

If you use 'find out what accesses this value' on the world data, you should see the instruction has an offset similar to the one you have in your structure. It may look like:

mov eax, [ecx+F8]

Here, ecx is the base address for your struct
Now open the disassembler at this location to see the assembly that executed before this instruction. You should see that ecx (in my example) got its value from somewhere. If it looks like:

mov ecx, [esp+C]

then your job is a bit harder. You need to find the calling function because 'esp' is the stack pointer. The value for the base of the structure was passed in from somewhere else.
If it looks like:

mov ecx, [ebp+20]

Then you may be more lucky. Here, ebp is the base address for a structure that contains the pointer to the world structure. If you dissect data on this ebp structure, you may find many many pointers to all the worlds.

_________________
Er, hi
Back to top
View user's profile Send private message
Vindictive
Newbie cheater
Reputation: 0

Joined: 02 Oct 2017
Posts: 13

PostPosted: Mon Nov 06, 2017 8:56 pm    Post subject: Reply with quote

I can't post URL's yet but here's the image of what I found if you remove the spaces: https: / / ibb.co / mZMahb

It's a bit different from what you said I might find but I imagine very few things are the same when game hacking. Does this look right to you? I assumed it was 6th opcode because it was the most similar to what you said.

If you think this might be correct, in this case it uses 2 registers how do I go about finding the base?

EDIT:

Something must be wrong because EDI was the address of the property I was seeing what accessed it. EAX is 1 and ECX is an address in memory that is surrounded by ??
Back to top
View user's profile Send private message
Prehistoricman
Advanced Cheater
Reputation: 0

Joined: 02 Aug 2016
Posts: 76

PostPosted: Tue Nov 07, 2017 4:55 am    Post subject: Reply with quote

Yeah this instruction might not be useful. You can see that ecx = 1 here, which means that ecx*4-04 = 0.

What part of the world structure did you look at here? How big is the world structure?

_________________
Er, hi
Back to top
View user's profile Send private message
Cake-san
Grandmaster Cheater
Reputation: 8

Joined: 18 Dec 2014
Posts: 541
Location: Semenanjung

PostPosted: Tue Nov 07, 2017 8:43 am    Post subject: Reply with quote

Based on the image,

If I'm you , I will trace of where [esi+ecx*4-04] get its value because it give the value to [edi+ecx*4-04] which its value is pointer address.

#ps: that ESI hold a stack address, for your information...

_________________
...
Back to top
View user's profile Send private message
Vindictive
Newbie cheater
Reputation: 0

Joined: 02 Oct 2017
Posts: 13

PostPosted: Wed Nov 15, 2017 9:12 pm    Post subject: Reply with quote

Prehistoricman wrote:
Yeah this instruction might not be useful. You can see that ecx = 1 here, which means that ecx*4-04 = 0.

What part of the world structure did you look at here? How big is the world structure?


How can you find out how big a structure is?
Back to top
View user's profile Send private message
Prehistoricman
Advanced Cheater
Reputation: 0

Joined: 02 Aug 2016
Posts: 76

PostPosted: Fri Nov 17, 2017 2:21 am    Post subject: Reply with quote

It can be hard to know. What's the largest offset you've found so far to be useful in the structure?
_________________
Er, hi
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites