Cheat Engine

lucidity

There are a couple of values I want to access but they are contained within an area of memory which is populated by question marks when it is being updated. Do the question marks denote some special kind of block? What is their significance, does it mean the memory is marked as null/empty?

I've found the values I want within that memory region, and get 1-2 million level ~5 pointers when I scan with a max offset of 2048. Upon restarting and rescanning the pointers, none are valid.

Currently, level 9 and a max offset of 4096 still have not been able to find valid pointers after days of scanning... something seems off. I am working on my existing trainer which pulls 6-8 other values out of memory and uses them successfully (so I'm not a total novice).

Most other values had level 1-5 pointers with offsets rarely over 2048. Does anyone know what might be tripping me up?

lucidity · Posted: Wed Jun 08, 2011 9:20 pm Post subject:

While reading another thread I learned the program can be paused via advanced options for pointer scan, which I suspect will help me since it appears the target address changes before the scan is able to pick up valid pointers.

I'll let this run for a while and see how things go.

Radiation · Posted: Wed Jun 08, 2011 10:16 pm Post subject:

maybe the value is found in a dll... try to see if it's inside a dll and maybe the game allocates dlls a different address on restart

lucidity · Posted: Wed Jun 08, 2011 11:17 pm Post subject:

Nope, I'm able to locate the values I want within the .exe memory, but haven't been able to find valid pointers because they were so short-lived (but I didn't realize that and thought they were not stable pointers).

I'm scanning now, have 500 million pointers, but I really want to make sure I get it so I'm going to scan a while longer, heh...

These values have eluded me for some time so I'm going to go a bit overkill

Dark Byte · Posted: Thu Jun 09, 2011 5:34 am Post subject:

just a tip: NEVER use the stop button (this button is only there if the scan took too long, I should actually just delete the pointerscan results if stop is pressed...)
If you don't know how long a scan is going to take, first do a level 2 scan
If that didn't take to long, do a level 4 or 5, and if that was done quickly, do an even higher one
(save to different files each time)

if you do click the stop button, you might not even find the results a level 2 scan would have found

Geri · Moderator Reputation: 112 Joined: 05 Feb 2010 Posts: 5627

Dark Byte · Posted: Thu Jun 09, 2011 9:13 am Post subject:

It is possible that you find something useful but just saying there is quite a big chance you won't (or you find a big level pointer while a level 2 would have sufficed and a chance that it might go invalid during cutscenes or anything else that the path might have gone through)

lucidity · Posted: Thu Jun 09, 2011 9:44 am Post subject:

DarkByte - My "My Cheat Folder" ends up looking like your list there if I don't clean it up often Laughing

With regards to pointerscan, I've noticed that there are files with ".PTR.#" extensions in the directory where the standard ".PTR" files are saved. Some of these files are individually quite large, and collectively they are about 100GB.

If I run a level 1 scan, then a level 2 scan, is the .PTR.0 file saving some data which is then used to jump-start the level 2 scan? Is this what "improve pointerscan with gathered heap data" is, or is the heap data something else?

If not, how can you "save your place" when incrementally doing scans (lv1, then lv2, then lv3 pointers)? Also, regardless of what the the heap data improvements might be, is it a recommended option?

Thanks for the replies, I hope I'm able to finally accomplish this!

Geri · Moderator Reputation: 112 Joined: 05 Feb 2010 Posts: 5627

Oh yes I know, I don't use it for trainers and such. Pointers aren't good for multiversion trainers anyway. Sometimes it is still good for some boring flash game, only for a temporary pointer that I will throw away soon enough.

lucidity · Posted: Thu Jun 09, 2011 10:25 am Post subject:

Dark Byte · Posted: Thu Jun 09, 2011 11:03 am Post subject:

Nah, for people that don't disable the autoupdate and come back a day later and find their game has been patched making the previous pointer not work anymore

as for the .ptr.#, the # defines which thread created that part of the list and when you scroll down in the pointerlist the position defines which .ptr file is shown
the .ptr is just to keep track of the .ptr.#'s

as for saving. You can save a level 1 pointerscan as game-lvl1.ptr, level 2 as game-lvl2.ptr, level3: game-lvl3.ptr

and headpdata is another way to limit the number of results depending on the game. If the game uses heap allocs for everything instead of only big memory allocs then it can be used to find the start address of single objects which can speed up the scan a lot and finds less worthless pointers.
If the game doesn't use it for everything, then having it disabled is best

lucidity · Posted: Thu Jun 09, 2011 11:12 am Post subject:

Thanks Dark Byte. I just ran my second scan on the 900 million pointers and they're all gone; I'm going to try without using heap data now.