| View previous topic :: View next topic |
| Author |
Message |
sired22
Cheater
 Reputation: 1
Joined: 22 Aug 2006
Posts: 36
|
 Posted: Fri Jun 19, 2009 3:48 pm Post subject: idle curiosity about cheat engine |
 |
|
| I was just wondering but in layman's terms how does the pointer scanner in cheat engine work? I know its job is to find pointers but how does it go about doing that job? |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25832
Location: The netherlands
|
| Posted: Fri Jun 19, 2009 4:53 pm Post subject: |
|
|
there are 2 approaches
1: 'default' (or at least the first one I used) will scan all writable static base address and follow all possible pointer paths in the given region if they point to the final address. (detecting pointer values and following the path up to the given level)
If the final address is detected, it'll add it to the list and continue
2: Reverse pointer scan: It will take the given address and subtract the offset from that. That it'll scan all memory addresses that contain a value ranging from (address-offset) to address. If it finds an address containing that value, it'll then do another range scan for that (address-offset) to address and repeats until the max level has been reached, or it encounters a static address.
If it's a static base, it'll save the path to the list and continue
When the scan is done you'll have a huge .ptr file (results.ptr) which you can then do a rescan on when the game has been restarted to filter the wrong pointer paths out. (the rescan usually takes off 99.9999% of all the pointers it found in the initial scan, so make sure your list is big enough, a scan for a level smaller than 4 or a structsize less than 2kb is usually too small to give a proper path)
edit: for those that don't get it, structsize just means "The biggest offset value possible"
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
sired22
Cheater
Reputation: 1
Joined: 22 Aug 2006
Posts: 36
|
| Posted: Fri Jun 19, 2009 5:05 pm Post subject: |
|
|
isn't there a better way? like tracing the asm that writes or reads to it backwards? kind of like break and trace but it would put the breakpoint 1 instruction above and repeat that every time its triggered until it hits something that loads from a static address?
then again thinking about it i guess not because it could read from a static and go into a loop never needing to reread it. |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25832
Location: The netherlands
|
| Posted: Fri Jun 19, 2009 5:47 pm Post subject: |
|
|
the pointer scan is mainly for situations where you can't debug or inject code
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
sired22
Cheater
Reputation: 1
Joined: 22 Aug 2006
Posts: 36
|
| Posted: Sat Jun 27, 2009 12:32 pm Post subject: |
|
|
I thought i would reuse this thread for my next question instead of making another.
Now i know what a dynamic address is and a static address but how doe's cheat engine's pointer scan know?
you said
" If it finds an address containing that value, it'll then do another range scan for that (address-offset) to address and repeats until the max level has been reached, or it encounters a static address. "
well if it is just checking the memory address's for values how doe's it know a static address from a dynamic one? |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
