 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
davethewave_83
Advanced Cheater
![]() Reputation: 0
Joined: 03 May 2006
Posts: 65
|
 Posted: Tue Sep 25, 2012 12:44 am Post subject: Why can't I find this pointer? |
 |
|
It's been a while since i used CE, this version is a lot different than the one I used to use, it's actually a lot easier so it's really no excuse on my part, but I did forget how to manually find a pointer, and the auto pointer search isn't finding it.
Just last night I saved a pointer file full of thousands of pointers, then started a new game today. When I load the original pointer search then re-searched for the new address, it had 0 results.
So then I decided maybe I should manually track this pointer down, but I forget how. I know I right click, find what writes to the address, and there's something to do with the "extra info" screen right?
so if I have
>> 005D6990 - mov [esi+eax*8+000000E8],edi
I would calculate 005D6990 + E8 offset correct?
and then do a hex search 4 byte for 56DA78
but when I do this, it is 0 results.
it also says the value of the pointer needed to find this address is probably 19762F48 but that address points to the wrong value.
automatic pointer scan and manual aren't working, is there anything I can do to find this?
_________________
All hail our glorious leader!
The forum rules make our lives so much easier. We don't have to think anymore, all thanks to our leader!
Don't you agree, comrade ? |
|
| Back to top |
|
 |
unknown_k
Expert Cheater
![]() Reputation: 5
Joined: 24 May 2011
Posts: 211
|
| Posted: Tue Sep 25, 2012 4:37 am Post subject: Re: Why can't I find this pointer? |
|
|
| davethewave_83 wrote: | It's been a while since i used CE, this version is a lot different than the one I used to use, it's actually a lot easier so it's really no excuse on my part, but I did forget how to manually find a pointer, and the auto pointer search isn't finding it.
Just last night I saved a pointer file full of thousands of pointers, then started a new game today. When I load the original pointer search then re-searched for the new address, it had 0 results.
So then I decided maybe I should manually track this pointer down, but I forget how. I know I right click, find what writes to the address, and there's something to do with the "extra info" screen right?
so if I have
>> 005D6990 - mov [esi+eax*8+000000E8],edi
I would calculate 005D6990 + E8 offset correct?
and then do a hex search 4 byte for 56DA78
but when I do this, it is 0 results.
it also says the value of the pointer needed to find this address is probably 19762F48 but that address points to the wrong value.
automatic pointer scan and manual aren't working, is there anything I can do to find this? |
wrong section.
005D6990 + E8 is totally wrong.
esi+eax*8 != 005D6990
it will takes forever to find pointers that way.
try another method or forget about it or dig some auto assembler script tutorials. |
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Wed Sep 26, 2012 10:17 am Post subject: Re: Why can't I find this pointer? |
|
|
| davethewave_83 wrote: |
so if I have
>> 005D6990 - mov [esi+eax*8+000000E8],edi
I would calculate 005D6990 + E8 offset correct?
|
No. The window that shows ">> 005D6990 - mov [esi+eax*8+000000E8],edi" should also tell you the value of esi at this address. I guess it is saying esi=19762F48 which is the value you should scan for. If you're lucky, there will only be one result, but this is unlikely, that's why I agree with unknown_k: it will take forever.
I suggest using the pointerscanner, increasing the pointer level and using pointers must end with offset: the_value_of_eax_above*8+E8.
What game are you trying to hack? Does it use python, lua, RPG maker engine, squirrel, or another interpreter/script engine ? Because in some games the pointer approach simply does not work. |
|
| Back to top |
|
|
jgoemat
Master Cheater
![]() Reputation: 22
Joined: 25 Sep 2011
Posts: 252
|
| Posted: Wed Sep 26, 2012 4:56 pm Post subject: |
|
|
"Single Player Cheat Request" isn't the right forum for a question like this, can someone move it?
| Quote: | >> 005D6990 - mov [esi+eax*8+000000E8],edi
I would calculate 005D6990 + E8 offset correct? |
No, 5D6990 is the address of the instruction that changes your value. If you click on that, you should see at the bottom five instructions around it and the value of registers below that, ESI is the register you are looking for that has the base address, but the offset is really E8+eax*8. If you use the pointer scanner, start with the value ESI and use the type 'address' with no offsets.
005D6990 probably doesn't change (if the module address starts with 00400000 then it probably won't change the next time you start the game), but you would want to use something like 'Game.exe+1D6990' anyway, to find that open the memory viewer and Goto address in the top, that should show address as an offset into the module like that. It might also be handy to copy some of the surrounding code into a text file so you can do an AOB search later if the game is updated. Even if the offsets change, you can replace the bytes that define them with "*" when doing an AOB scan and find the code later.
If you know assembly, try to find out what sets ESI in that code. If you are EXTREMELY lucky you will find something like this earlier in the assembly code, in which case you have the static, "Game.exe+214410", and the offset, B8, which will get you that value of ESI.
| Code: | mov eax,[Game.exe+214410]
mov esi,[eax+b8] |
You can go to this instruction in the disassembly window and right-click to show what addresses this instruction accesses. Since it is an index instruction, it probably accesses several addresses, but if there is only one value of ESI for those, then it only is called for that base pointer and you could use a script like this to store the address in memory, using "SAVED_ESI" as the base address for a pointer or "[SAVED_ESI]" as the address of esi in the structure dissector. Note: if there are multiple values of
ESI, you could enter each of them into the structure dissector to see how the one you care about differs from others. For instance in Galaxy on Fire 2 the same code is called for all ships, but the player's ship has the value '2' at offset 100, and you could alter the script to only store the address if it matches your criteria.
| Code: | // injecting here to store the value of ESI
// Game.exe+1D6990: 89 BC C6 E8000000 - mov [esi+eax*8+000000E8],edi
globalalloc(TEST,$1000) // 4k
[ENABLE]
label(SAVED_ESI)
registersymbol(SAVED_ESI) // so you can use it in tables or as structure dissector addresses
TEST:
SAVED_ESI:
dd 0
label(CODE)
label(RETURN)
CODE:
mov [SAVED_ESI],esi // save the value of ESI
mov [esi+eax*8+000000E8],edi // original code
jmp RETURN
//Game.exe+1D6990: 89 BC C6 E8000000 - mov [esi+eax*8+000000E8],edi
Game.exe+1D6990:
jmp CODE
nop // jmp is 5 bytes, instruction is 7 so add NOPs
nop
RETURN:
[DISABLE]
Game.exe+1D6990:
mov [esi+eax*8+000000E8],edi
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
