Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Help me in this case: Pointer Of Offset
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
cold_moon
How do I cheat?
Reputation: 0

Joined: 08 Sep 2011
Posts: 9

PostPosted: Sun Oct 02, 2011 6:55 am    Post subject: Help me in this case: Pointer Of Offset Reply with quote

HELLO EVERYBODY Very Happy!
Please help me solve this:

The OpCode is: MOV ECX,DWORD PTR DS:[EAX+ECX*8+4]
My address require the offset is [EAX+ECX*8+4]. The problem is CE just can add offset is constant but in my case EAX and ECX hold the address change every i restart the game and i have the pointer of them are:
EAX = [[Game.dll+0xACE5E0]+0xC]
ECX = [[[[Game.dll+0xAE54CC]+0x3C4]+0x130]+0x124]+0xC0]
Total for my address: [[[Game.dll+0xACE5E0]+0xC]+[[[[[Game.dll+0xAE54CC]+0x3C4]+0x130]+0x124]+0xC0]*8+0x4]

How can i add this offset to my address??? Shocked Shocked Shocked
Btw, is there a solution to tiny offset or calculate to combine it.

Thanks for your attention.
Back to top
View user's profile Send private message
haunted5
Cheater
Reputation: 1

Joined: 23 Aug 2011
Posts: 35

PostPosted: Sun Oct 02, 2011 7:42 am    Post subject: Reply with quote

I would like to know this aswell. I came across a game recently that had similar code to yours where 2 variables were pointer addresses.

Although I couldnt add the real offsets to the cheat table, I worked around it by performing a pointer scan at a lower offset.

In my case, the code similar to [EAX+ECX*8+4] was used by too many addresses. So i did a pointerscan 1 level above that. So in your case

[[Game.dll+0xACE5E0]+0xC]+[[Game.dll+0xAE54CC]+0x3C4]

I think you have the code where the pointer is at the above offset. If you find out what the address is at that level by 'Find out what addresses this code uses' option and then do a pointerscan that is ending in 0x3C4. After that just reload saves and restart the game and keep using 'Find out what addresses this code uses' option to find the right address at the above offset level and keep rescanning the pointerscan. This is how I worked around it but hopefully someone can answer your original question as I would like to know about it too.
Back to top
View user's profile Send private message
cold_moon
How do I cheat?
Reputation: 0

Joined: 08 Sep 2011
Posts: 9

PostPosted: Sun Oct 02, 2011 11:51 am    Post subject: Reply with quote

Thanks haunted5.

But base on your method, we can do it easier by Pointer Scan from start. Very Happy

I rarely use result of Pointer Scan because it have to many result although i rescanned several times, all work in "the computer do the scan" but when i take them to another computer (my laptop), all wrong (maybe because i scan with Maximum offset value = 2048, it not big enough, scan with bigger value like 63352 make my computer suspend or very lag)

Anyone have solution for my problem. I expect for it. Rolling Eyes

To Dark Byte,etc... who CE coder: If can, i suggest the function similar "Use Complex Address" of MHS (Memory Hacking Soft) in CE. Razz
Back to top
View user's profile Send private message
Geri
Moderator
Reputation: 112

Joined: 05 Feb 2010
Posts: 5627

PostPosted: Sun Oct 02, 2011 12:22 pm    Post subject: Reply with quote

Quote:
To Dark Byte,etc... who CE coder: If can, i suggest the function similar "Use Complex Address" of MHS (Memory Hacking Soft) in CE.


You can use module+address form for giving addresses.
And you can type in addresses in complex form, CE will make a pointer with it, showing the address where it points.

_________________
My trainers can be found here: http://www.szemelyesintegracio.hu/cheats

If you are interested in any of my crappy articles/tutorials about CE and game hacking, you can find them here:
http://www.szemelyesintegracio.hu/cheats/41-game-hacking-articles

Don't request cheats or updates.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 474

Joined: 09 May 2003
Posts: 25954
Location: The netherlands

PostPosted: Sun Oct 02, 2011 2:15 pm    Post subject: Reply with quote

Alternatively, use lua to set the address

But really, what kind of sick code is [EAX+ECX*8+4] if ECX is a pointer as well.

Is this an emulator? (flash, java, .net )
If it is just an index instead of a pointer then I would suggest trying a different approach. the "ECX pointer" gives you the current index for whatever you are looking into that array.
Isn't there a pointer in that region that points to the path needed to find EAX+ECX*8+4 ?

_________________
Tools give you results. Knowledge gives you control.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
gameplayer
Advanced Cheater
Reputation: 2

Joined: 26 Jun 2011
Posts: 97
Location: Vietnam

PostPosted: Sun Oct 02, 2011 9:07 pm    Post subject: Reply with quote

Dark Byte. You're really smart. I have been successful with the different approach. These guys seem to play warcraft III. The ecx is actually a offset. However, the ecx is belong to a structure that contains another pointer of hero's information. This part of hero's structure is pointed by [[[[Game.dll+0xAE54CC]+0x3C4]+0x130]+0x124]+1F0] in my playing version 1.24.4.6387. I used to attemp to find the final pointer but fail because of the changing offset. I'd been given up for a long time before I read this thread. I still wonder how the game separate hero's information. I've just found the experience, skill points, base strength (not work in campaign), and base agility (not work in campaign). I hope someone else could find more valuable information.
Back to top
View user's profile Send private message
cold_moon
How do I cheat?
Reputation: 0

Joined: 08 Sep 2011
Posts: 9

PostPosted: Mon Oct 03, 2011 3:01 am    Post subject: Reply with quote

Omg, probability of 1 person read my post is war3 player not less but this person also hack war3 game and know this offset belong to war3 game with in exact version and know what the offset do and etc .... I think the probability is 0.00...1. BUT IT HAPPENED. I post the real offset and thinking about percent of some one recognize this offset use for war3 game and what it do. Last night, i dream it happened. I very very surprising and amazing when today, the probability occurred. Hello @gameplayer, i hope you can complete your unfinished work Cool (value of [[[[Game.dll+0xAE54CC]+0x3C4]+0x130]+0x124] not only point to the hero it also point to any unit you selected by click in it, i call it is "UnitIndexValue" so you can use it to change any unit you want following structure UnitIndexValue + Offset of value you want like HP, MP, attack damage e.t.c. and it can use forever in 1.24.4.6387 version with any map, local or single, i haven't tried campaign yet). In my ability, if i can help you something, discuss with me and we can exchange some knowledge. I'm always willing.

@Geri, I already do that before post this question. With constant offset CE can do but with variable offset, CE can't.

@Dark Byte, can you exam code of Lua Script for my case, i just know AA Scripts.

In the past, when i approached to use Lua Script, the first i try is AOBScan. Code:

addr = AOBScan("Array byte off opcode like 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0")
showMessage(addr)

I choose these binary in address i had known but the message show up different my address. Was i wrong in code's structure or something else?

After that problem, i didn't try lua anymore until ... now Very Happy. Please exam me the code for set address has variable offset Very Happy

Reason edit: Fix some spelling Embarassed


Last edited by cold_moon on Mon Oct 03, 2011 6:50 am; edited 3 times in total
Back to top
View user's profile Send private message
haunted5
Cheater
Reputation: 1

Joined: 23 Aug 2011
Posts: 35

PostPosted: Mon Oct 03, 2011 5:06 am    Post subject: Reply with quote

Hi cold_moon,

I think you misunderstood what I was trying to say. I was just mentioning a pointerscan at a lower offset because if your pointer has over 6 offsets it can take very long time and disk space. I remember a pointerscan I did for trying to find a pointer that had 8/9 offsets, it was taking too long but the main problem was it was taking 70+ GB and was still climbing. I was running out of any the free space I had on the computer so had to stop it.

Thats why I mentioned pointerscan at a lower offset. Im sure there will be a valid pointer that points to the what you are looking for but probably it will have around 10 offsets.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 474

Joined: 09 May 2003
Posts: 25954
Location: The netherlands

PostPosted: Mon Oct 03, 2011 6:04 am    Post subject: Reply with quote

untested and might need some modifications, but this is the general idea
Code:

EAX=readInteger("[Game.dll+ACE5E0]+C")
ECX=readInteger("[[[Game.dll+AE54CC]+3C4]+130]+124]+C0")
Address=EAX+ECX*8+4

mr=addresslist_getMemoryRecordByDescription(getAddressList(), "Entry you want to change")
memoryrecord_setAddress(mr, Address)


Perhaps put it in a timer to continuously set the value, or use writeInteger(address, value) to set the value immediately (writeFloat if it's a float of course)

---
Also, for the pointerscan, remember that there are multiple paths, even those you've never seen.
I assume this is because you want to find the currently selected unit. The method I usually take it going with access only (so not find what writes) This way I can find the code used by the rendering of the health value in the units info box, which coincidentally is the same code used for the currently selected unit.

Another method would be to do a pointerscan of the selected unit, then select another unit and do a rescan for this address (or value)
If that fails, try one level higher, and if that doesn't take too long, another level again. If it does take too long, try a smaller structsize. (Or a smaller level with a bigger structsize)

and not sure if war3 is the same as star3 but there a lot of memory is in static locations. To scan there disable the option to stop traversing a path when a static has been found

Quote:

In the past, when i approached to use Lua Script, the first i try is AOBScan. Code:

addr = AOBScan("Array byte off opcode like 8B 44 24 10 89 6C 24 10 8D 6C 24 10 2B E0")
showMessage(addr)

AOBScan does not return a string or a number, but it returns a StringList object
strings_getText(addr) will return the strings as one whole list and strings_getString(addr,0) will return the first address

Also, the byte array might be used for other units as well

_________________
Tools give you results. Knowledge gives you control.

Like my help? Join me on Patreon so i can keep helping


Last edited by Dark Byte on Mon Oct 03, 2011 8:24 am; edited 1 time in total
Back to top
View user's profile Send private message MSN Messenger
cold_moon
How do I cheat?
Reputation: 0

Joined: 08 Sep 2011
Posts: 9

PostPosted: Mon Oct 03, 2011 7:32 am    Post subject: Reply with quote

Thanks for all.

I will immediately retry pointerscan with method of Dark Byte and haunted5, also start to learn Lua Script (I started to like it hehe). Good health for everyone.
Back to top
View user's profile Send private message
cold_moon
How do I cheat?
Reputation: 0

Joined: 08 Sep 2011
Posts: 9

PostPosted: Wed Oct 05, 2011 7:48 am    Post subject: Reply with quote

Hi everyone.

I have problem with lua: What script command to change caption or text color?

Ex: I want to change color caption of CELabel1 in UDF1 form. I use control_setColor(UDF1_CELabel1_Caption, clWhite) but it show Access violation error (i think i wrong in code structure again). Help me.

@Dark Byte, i had solved the complex offset with your code. Thanks you very much. Mr. Green
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 474

Joined: 09 May 2003
Posts: 25954
Location: The netherlands

PostPosted: Wed Oct 05, 2011 11:40 am    Post subject: Reply with quote

To change caption you use control_setCaption. (e.g: control_setCaption(UDF1_CELabel1,"WEEE"); )

As for color it's something I forgot to add in 6.1, you can't change the color of a label's text with code (I didn't export the Font property)
What you can do is have 2 labels with the same text and make one visible and hide the other...

_________________
Tools give you results. Knowledge gives you control.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
cold_moon
How do I cheat?
Reputation: 0

Joined: 08 Sep 2011
Posts: 9

PostPosted: Wed Oct 05, 2011 1:06 pm    Post subject: Reply with quote

Dark Byte. You are so kind.

Sorry for disturb again. Is there command to convert Decimal -> Hexadecimal and command to convert String to Int like ParseInt in C. For Dec2Hex, i use command getNameFromAddress and of course, the result is string same as an address has 8 digits.

Thanks for your help.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 474

Joined: 09 May 2003
Posts: 25954
Location: The netherlands

PostPosted: Wed Oct 05, 2011 2:31 pm    Post subject: Reply with quote

decimalvalue=tonumber( "0x" .. hexstring )

also check
http://forum.cheatengine.org/viewforum.php?f=125
and
http://forum.cheatengine.org/viewforum.php?f=126

_________________
Tools give you results. Knowledge gives you control.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
gameplayer
Advanced Cheater
Reputation: 2

Joined: 26 Jun 2011
Posts: 97
Location: Vietnam

PostPosted: Wed Oct 05, 2011 9:55 pm    Post subject: Reply with quote

I've found more information about the war3 heroes. The game cause many trouble with the next scan because the values seem to be inactive. Most of the cases, I've been successful with the first scan only and then make some guesses. I don't really know how the game do the trick. I've released a table. The hero's structure has been splitted into 4 parts. The first part contains level, base intelligence. The second part contains health's info. The third part contains mana's info. The final part (major part) contains a lot of other info such as attack, armor, experience, skill points, and so on. If anyone have more info, please share with me.
Code:
EAX=readInteger("[Game.dll+ACE5E0]+C")
ECX=readInteger("[[[[[Game.dll+AE54CC]+3C4]+130]+124]+1F0]+74")
if ECX~=nil then
Address=readInteger(EAX+ECX*8+4)
level=Address+0x78
intelligence=Address+0xF8
mr=addresslist_getMemoryRecordByDescription(getAddressList(), "Level")
memoryrecord_setAddress(mr,level)
mr=addresslist_getMemoryRecordByDescription(getAddressList(), "Intelligence")
memoryrecord_setAddress(mr,intelligence)
end
ECX=readInteger("[[[[[[Game.dll+AE54CC]+3C4]+130]+124]+1F0]+30]+A0")
if ECX~=nil then
Address=readInteger(EAX+ECX*8+4)
health=Address+0x78
healthregeneration=Address+0x7C
maxhealth=Address+0x84
mr=addresslist_getMemoryRecordByDescription(getAddressList(), "Health")
memoryrecord_setAddress(mr,health)
mr=addresslist_getMemoryRecordByDescription(getAddressList(), "Health Regeneration")
memoryrecord_setAddress(mr,healthregeneration)
mr=addresslist_getMemoryRecordByDescription(getAddressList(), "Max Health")
memoryrecord_setAddress(mr,maxhealth)
end
ECX=readInteger("[[[[[[Game.dll+AE54CC]+3C4]+130]+124]+1F0]+30]+C0")
if ECX~=nil then
Address=readInteger(EAX+ECX*8+4)
mana=Address+0x78
manaregeneration=Address+0x7C
maxmana=Address+0x84
mr=addresslist_getMemoryRecordByDescription(getAddressList(), "Mana")
memoryrecord_setAddress(mr,mana)
mr=addresslist_getMemoryRecordByDescription(getAddressList(), "Mana Regeneration")
memoryrecord_setAddress(mr,manaregeneration)
mr=addresslist_getMemoryRecordByDescription(getAddressList(), "Max Mana")
memoryrecord_setAddress(mr,maxmana)
end
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites