View previous topic :: View next topic |
Author |
Message |
glf4k How do I cheat? Reputation: 0
Joined: 05 Feb 2018 Posts: 7
|
Posted: Mon Feb 05, 2018 12:50 pm Post subject: Unable to find base address / pointer [State of Decay] |
|
|
Hello everyone, first of all let me introduce myself. I am relatively new to Cheat Engine (but not in computer programming in general). Let's go straight to the point:
My goal is to find base address / static pointer to player inventory, but I am stuck in finding static pointer for first slot.
This is what I have done:
1.) I've found dynamic address for inventory slot (0x1cea758) in the example below.
2.) Did "find out what accessing the address" feature. Found that its moving content of EAX registry to EBX, with an offset 4*EDI. EDI is zero, so offset is 0.
EAX holds address same as dynamic address so I've scan for addresses with values of 0x1cea758.
Found two results:
See attachment 1.png
I did "what accessing the address" for both adresses, first one points correct but is not affected by gameplay. Second one is. (Affected by gameplay I mean when value changes in game it does not do any memory changes in "accessing address")
See attachment 2.png
3.) I did scan for addresses whose value is 0x1d6cc368: Found just one address, but its also not affected by gameplay and points to incorrect value.
See attachment 3.png
What I am doing wrong? Please, help.
Description: |
|
Filesize: |
54.64 KB |
Viewed: |
28240 Time(s) |
|
Description: |
|
Filesize: |
93.41 KB |
Viewed: |
28240 Time(s) |
|
Description: |
|
Filesize: |
501.94 KB |
Viewed: |
28240 Time(s) |
|
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Feb 05, 2018 2:07 pm Post subject: |
|
|
Looks like it points to the correct value to me
19572200->1D6CC358, +10 = 1D6CC368
1D6CC368->1CEAE758. +0*4 = 1CEAE758
You have to add the offset 0 as well to get it to dereference a second time to 1CEAE758.
|
|
Back to top |
|
|
glf4k How do I cheat? Reputation: 0
Joined: 05 Feb 2018 Posts: 7
|
Posted: Mon Feb 05, 2018 2:38 pm Post subject: |
|
|
Thanks for response.
Sorry, but what exactly I am doing wrong?
I did it again but again without success.
Please, take look at the composition below:
1.) Found dynamic address 1CECC758
2.) Found working address using the dynamic address at 1D6D4368 (slot_0 1 ptr)
3.) Scanned what accessing the"slot_0 1 ptr" that I should scan for pointer (1D6D4358) with an offset of 10.
4.) Scanned for the value and found just one address (19562240) holding value (1D6D4358) and the address is not valid (game does not uses the address at all).
5.) When I add pointer with address 19562240 and offset 10, it points to correct address but has incorrect value ?
Value shouldn't be 805306377 as 0x19562240 -> 0x1D6D4358 -> 0x1CECC758 ?
Description: |
|
Filesize: |
114.97 KB |
Viewed: |
28224 Time(s) |
|
|
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Feb 05, 2018 3:00 pm Post subject: |
|
|
You have to add another offset with the value 0.
decimal 485279576 is hex 1CECC758, reading the value at 1CECC758 would give you 805306377 just like slot_0 and "slot_0 1 ptr" do.
Something like
I don't have the game though so I just made that up in paint based on a 2 level pointer in the tutorial.
edit: ah, 1d6cc368's value changed, it's not 1CEAE758 anymore... can't say whether the inventory slot has move so not sure if that's actually wrong or not but.
When I work with pointers I generally use the pointer scanner, or just hook some code to copy the address of what I want somewhere that I can use it. But then I generally only use pointers if I can't create an auto assemble script to do what I want in the first place...
|
|
Back to top |
|
|
glf4k How do I cheat? Reputation: 0
Joined: 05 Feb 2018 Posts: 7
|
Posted: Mon Feb 05, 2018 3:42 pm Post subject: |
|
|
FreeER wrote: | You have to add another offset with the value 0. |
Thank you ! That helped out with the pointer 2.
I am not using pointer scanner because it took too long with billion of results.
Now the 2no pointer shows correct value and when changed, all values in my table change to new value so I think I am on a good way.
The scan of 2nd pointer tells me to scan for another address, but there are no results, whats wrong?
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Mon Feb 05, 2018 3:51 pm Post subject: |
|
|
I would say that the registry for the base is being modified before the instruction, so the base in memory is not the same as the registry value at that point. Just do like @FreeER said and hook that instruction if no other addresses get accessed. You could also try the pointer scanner at that point, a few levels in can make a big difference in scan results and times, just hook the instruction, or save the address for the instruction, for easy access to the address to scan for. But this may be why you find no results after a bit, then your back to hooking the instruction to store the base, which I tend to do just to help in the pointer scanning. But if you like to have real pointers on a table, then it might be worth a shot.
_________________
|
|
Back to top |
|
|
glf4k How do I cheat? Reputation: 0
Joined: 05 Feb 2018 Posts: 7
|
|
Back to top |
|
|
TheyCallMeTim13 Wiki Contributor Reputation: 50
Joined: 24 Feb 2017 Posts: 976 Location: Pluto
|
Posted: Mon Feb 05, 2018 4:20 pm Post subject: |
|
|
Well the address being green tells you that it's a static address, so if you add that to the address list and double click the address in the list, in the edit form you will see an address like "game.exe"+123ABC, this is what you are looking for which mean either you are real close and just need to figure out the right offset, or the offset is calculated and is subjected to changes. If you have not tried the CE tutorial then I think that will get you started, you'll just have to register some memory to store the base to use as a pointer.
Tutorials
Tutorials - Auto Assembler - Injection
Cheat Engine Tutorial Guide x32
Cheat Engine Tutorial Guide x64
EDIT:
I See you found it.
_________________
Last edited by TheyCallMeTim13 on Mon Feb 05, 2018 4:23 pm; edited 1 time in total |
|
Back to top |
|
|
FreeER Grandmaster Cheater Supreme Reputation: 53
Joined: 09 Aug 2013 Posts: 1091
|
Posted: Mon Feb 05, 2018 4:21 pm Post subject: |
|
|
Glad you got that solved,
Have fun hacking!
|
|
Back to top |
|
|
glf4k How do I cheat? Reputation: 0
Joined: 05 Feb 2018 Posts: 7
|
Posted: Mon Feb 05, 2018 4:26 pm Post subject: |
|
|
EDIT
I've ran into another problem I never faced.
I've base address, but I cant change its value, e.g. when I change the value, its immediately rewritten when the game is not paused.
This code (may be game loop) is always refreshing it somehow. Any way how to continue ? Scanning for 0x00000024 will give thousands of results.
Game actual value is Dh, so the code checks if its 13, if true it jumps to another instruction otherwise its putting Dh there.
Description: |
|
Filesize: |
19.78 KB |
Viewed: |
28166 Time(s) |
|
|
|
Back to top |
|
|
sbryzl Master Cheater Reputation: 6
Joined: 25 Jul 2016 Posts: 252
|
Posted: Wed Feb 07, 2018 3:57 pm Post subject: |
|
|
You need to trace it backward. Since the register esi is being moved into your address you can look up and see that value comes from eax. Then look further back to see when the value is entered into eax. Keep looking backward. You may need to go back through multiple functions and stack moves or it might just be a few instructions back.
|
|
Back to top |
|
|
OldCheatEngineUser Whateven rank Reputation: 20
Joined: 01 Feb 2016 Posts: 1587
|
Posted: Wed Feb 07, 2018 7:25 pm Post subject: |
|
|
dont bother yourself, the real value isnt static address.
i played this game on my friends PC, the display value was static address (green) were the original value was different number and i dynamic i think.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
STN wrote: | i am a sweetheart. |
|
|
Back to top |
|
|
|