Cheat Engine

[DamiPL]

well so i need help w/ offsets. I did the Ce tut and tried to look in the CE tutorial, pointer section and still got a problem.
Heres the pic of the addys

Ce tut gets the addys w/ what writes to this address and in 1 tut DB posted you can use what accesed to the address so i posted both.

So normally i search for EDI value in hex and get a green addy, but whats the offset? Isint it 150??
It does not work, i tried all those in the extra info and None worked.
I have also tried the Calculator Method, Edi+ value and still no. Pointer scanner in Ce did not work eather.

So whats the offset?

[Labyrnth]

The offset is 150 for level one of the pointer.
It is a larger then level one.
So see what writes to the address you found doing the hex scan.
Keep doing this till you get your pointer.


Also a method I use to get pointers, kinda crude but works.
Take the address you found in your first scans.
Subtract the hex scan address "1A5B8328" from the address found in your scans in CE. or reverse the subtraction I can't remember right off hand. The way to know is if you answer is wrong you will get some large ass result like FFFFFFFF blablah, reverse the address's and subtract them again.
But your answer would be the offset.
Example: "Result address from the hex scan of 1A5B8328" + F25A1. <-- That will be a pointer.
I have done this before and do not know for certain if the pointers turn out good everytime like this or not. So far I have had luck doing it.

[DamiPL]

I tried the New method you posted i got these results: i did both ways.
156 << did not work too
FFFFFEAA << i guess this is the wrong one?

and as for multi lvl pointers, doesent the hex scanned addy has to be black? cuz mine is green so this means it does not change? i picked the most at top(green), thats what they sayd in teh tuts i looked. Also i had 1 green addy and 200 other that were black(multi pointer ones??) do i need to look through them all?
I tried that what writes to this address, the green ones and few black one from the hex scan and no addys appear in any of em. Value does not change and its somthing like DBF8. I guess i will leave this addy and try something else.

and thanks for the help Lab, you helped me alot.

[Labyrnth]

That green address is the pointer I bet.
Yes the FFFFFAAblah blah is the wrong one. You understood that much, till I messed you up with my example.
I messed up showing you the example, I used the "value" of the address in that example.
The address you get from the hex scan of 1A5B8328 is what you use in your subtraction.
So the green one you got is probably the one.


Can you post a image of the memory View and scroll up a bit so I can see code above the area.
Also what address "the one you found in your scans" you used to find what writes or access it. So I can show you the subtraction correctly,also can you say what this is dealng with? Ammo health & game?

[DamiPL]

Green addy and offset 150 was the 1st thing i tried and it didint work and
nope, this time i get somthing like 7F95AD1 both ways(lil diff but large #)
Anyways ima just leave this.

uh i dont want to make a new post so heres somthing offtopic if ur bored and could answer:
1.Mind giving me hints on how to find a Unrandomizer? For example in maple story we could get perfect stats and also change the movement of Monsters w/ 1 addy. I need help finding the monster left/right movement.
I tried looking for monsters X choords but it crashes when i modify it.
2.In OllyDbg i found a addy : 006683CB 68 E8507F00 PUSH game.007F50E8 is there any way i can remove that w/o damaging other functions, noping gives a error and what exacly is PUSH in this line.
3. Any way to disable WinLicense softwere? Cabal Online uses that as protection and it closes when a debugger is detected so i cant rly use CE/Olly

Edit: Sry didint notice you edited, if you need any more info tell me
Note: the Other Green Hexed Addys, i dont think they are somthing cuz when i double click the addy it says msseax.m3d+4905 and Not Game.exe+..... The 1st green addy is Game.exe+3A0217 so i think thats it, Addy is Char Y.

[Labyrnth]

The one I want to see in memory view scrolled up a bit is 5b277F
Also looks like your getting a diffent debut address each time, if that is the case you are geting a code shift. And it is also possible your in the other module then the exe like you seen.

[DamiPL]

debut address?and what a code shift?

[Labyrnth]

*debug address is what I meant.

Now is that assembly your on now the same every time you find it?
Also if you go to that same address in the lower window you will see what module it is in.
I noticed you are addng address's to the list.
You got to click the button to manually add it, and tick "pointer" then put the address.

Have you tried to alter 5b2797 mov [esi+00005780],ecx

[Psy]

DAMIPL, are you sure that address you found is the right one? I only ask because it's unaligned. IE. not falling on a 32-bit boundary. A 2-byte long value on 'E' doesn't look right; it hardly ever happens...

[DamiPL]

Yes it is the same everytime and i can even type 005B277F and it still the same.
Heres a ss of teh lower mem:

And Yes i click Add mannualy, on the ss i wanted to show thats its not multi pointer and it does not show any addys, that y i added it.
and alter as in change? to what?

Re:Psych
uh i dont know if its the right one lul,but each scan i get 4 addys(all 4 work untill i restart the game) and i tried to find the pointer for all of them and it does not work, on the sses above i used 5B277F cuz it was the 1s one and had a green addy when i scanned the edi value.
The 4 addys

[Labyrnth]

Look at the assembly on that shit, they are all 4 the same.
Yeah something is a miss here and I'm frankly not seeing it.
What game is this? Cabal ?

[DamiPL]

I cant accualy do anything to Cabal thats y i posted the offtopic question above.
This one is M GhostOnline ( i know theres a sepperate section for it but its kinda dead and since pointers are common in most games so i figured i would post it here)