Cheat Engine

[chrisjarram]

Hi guys,

I'm having real problems figuring out the pointer scanner, which I assumed to be pretty self-explanatory at first but never seems to give me useful values so I assume I must be doing something wrong. I've tried looking everywhere for a comprehensive tutorial and can't find anything, plus there appears to be no mention whatsoever of the pointer scanner in the CheatEngine Windows Help? I'd be incredibly grateful if you could help, my boss is giving me grief and I'm tearing my hair out trying to get something meaningful to work though it would seem not too many people here have these problems I am a professional coder and understand all the concepts with structure sizes, pointer depths etc (plus all the tutorials I fully understand), though I've never actually successfully found a pointer path manually despite hours using the 'find out what writes to this /accesses this address / pointer' utility - therefore the pointer scanner seems to be a sensible way forward.

A few questions firstly:

1) Why when I scan is there no meaningful progress report? Always I see the 'Total Pointer Paths Encountered' and 'Of those <x> have a static base' counters increasing, yet the 'Currently At Address <add>' counter never does (e.g. starts with the value 00A958A4 and never increases even if left for hours).

2) I'm using the Default pointer scanner as opposed to the injected version, as when using the injected version, if I close my target app the pointer scanner closes and I lose all the values - however I need to keep the values, obviously, in order to be able to enter the 'new address' for a rescan so I can whittle down the list of pointer paths found the first time. Does this mean I always need to use the default pointer scanner for my purposes? My actual purpose is I need to be able to find a reliable pointer path which I can use with readProcessMemory() in one of my own applications, which outputs certain game values but can realiably find these game values every time the game is restarted (exited fully, then reloaded).

Issues:

An example of where I think I'm going wrong...

1) I use the pointer scanner (with 'only show paths with static addresses') which I leave running a few hours and it finds 10's of thousands of possible paths.
2) I then close my game (exit completely), reload, go through the process of locating my value again in its new address (using 'bigger than / smaller than' etc), and when I've got it I select 'Rescan Memory' in the pointer scanner (with the new address) to remove any paths no longer pointing to the correct address. This still leaves a bunch, though sometimes a tenth of what was there before.
3) Now when I try and manually add one of the addresses in the new pointer scanner list to the cheat engine address list (e.g. one of the entries is 'NoLimitsSimulator.exe+00BBe98', with only one offset, 7C), using 'add address manually' > 'pointer' > Address of pointer = 00BBe98, Offset = 7C, instead of showing me the expected game value cheatengine just shows '??' in the value column. If I try and read '00BBe98' in my own app (using readProcessMemory), I'd expect this to surely contain an integer address value that never changes (which I then add the 7c offset to), but it doesnt - it just contains a value that changes constantly :-/


This is just an example, I seem to run into similar problems every time and I must be fundamentally still doing something wrong - could anyone please possibly be kind enough to spare a little time walking me through it here, or point me to a good tutorial so I can get my head around it properly?

Sorry to be a pain, it looks like it could be a very powerful tool and I have a fast machine to use it with but unfortauntely it seems to be my own brain power letting me down!

Thanks a million in advance, hope you can help!

Chris J

[Dark Byte]

1:
there is no progress report because there's no way to figure out how many entries there are left. Sure, for a level 1 or perhaps even level 2 it might be possible, but those scans are just useless.
For deeper scans it's just impossible (there's no way of figuring out if a level 3 will find more or less entries than for level 2)

2: You never really lose the values of a pointerscan. There's usually a results.ptr file containing the results of the last scan
Also, the default pointerscanner is FASTER than the injected one

issues:
1: 10 thousands entries is really small, dis the level and structure size you specified big enough ?

2: That is good. Of all the initial pointer scans on average only 0.000001% of the results tend to be proper pointer paths that stay valid
Just reload saved games and restart the game a few more times (perhaps even reboot) to filter out the useless ones some more

3: Check what happens when you automatically add one of those addresses. Perhaps you made a typo in the address, or you've reversed the order of offsets
If it's also ?? in ce with adding it automatically, then the pointer is just wrong (and weird that a rescan didn't filter it out)

edit for 3:
I see what you did wrong here
NoLimitsSimulator.exe+00BBe98 does NOT mean the address is 00bbe98
the address is NoLimitsSimulator.exe+00BBe98, which USUALLY equals to 4BBE98 (00400000+00bbe98) (I say usually because the address can change in vista and windows 7 if a specific flag is used in the pe header)

[chrisjarram]

Dark Byte,

You are an absolute lifesaver, do you never stop working!? - that last comment (about the 0x00400000 offset) fixed it completely and my app is now reading the values

One little thing, could you elaborate slightly on the 'pe header' under Vista/7? My app needs to support these O/S's - are you aware if this is this something I might be able to detect / read to ensure compatibility?

Thanks so much again, your reply came back in about the time it must have taken you to type it... I'll be sure to give a paypal donation when I get paid, your software is proving completely indispensible

Kind regards,
Chris J

[Dark Byte]

just get the modulelist and the base address of NoLimitsSimulator.exe
then use that instead of 00400000