View previous topic :: View next topic |
Author |
Message |
µnKn0wn_H4CK3r How do I cheat? Reputation: 0
Joined: 04 Jun 2012 Posts: 3
|
Posted: Wed Jun 06, 2012 7:55 am Post subject: Can't find pointer base of a non-static address |
|
|
Hi
Until now, I had to deal only with static (green) addresses.
But now I have to work with non-static (black) addresses.
From what I understand, I have to find the "pointer base" of the address I want to change.
I watched a tutorial on YouTube (can't post the link) but I can't find the value of the pointer.
- I find the non-static address and add it to the CT
- Right click -> Find out what accesses this address
- Click -> More Informations
- Copy the value after -> The value of the pointer needed to find this address is probably
- Search for the value in CE (don't forget to check Hex)
But there are no results...
Help please ?
Thanks.
|
|
Back to top |
|
|
Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
Posted: Wed Jun 06, 2012 10:29 am Post subject: |
|
|
you're doing a wrong procedure ...
for a fast and more simple way i suggest you to use the pointer scanner ...
right click the address you are interested in finding the base pointer and hit "pointerscan for this address" click ok ... and it will automatically scan for base addresses (don't let 'em finish because it will take like years ... wait at least 10 minutes, 15 for slower processors and then click stop) the pointerscanner will then try to find the offsets that brings to your address.
restart the game, find the address (right click the code and -> find out what addresses this instruction accesses [the code must be original]), click again pointerscan for this address but this time, load the last saved pointerscan file and look for a rescan option. do this process of restarting the game and rescanning till you see in the pointerscan list the same result (random base addresses + whatever offsets that always bring to your address).
double click your lucky number and the pointer should automatically add to your cheat table.
as for the manual scan ... i suggest you to do the tutorial yourself ... install ce 6.2, in help menu hit ce tutorial.
the basic explanation is this:
1) find the address of your value (ex: health)
2) right-click health and hit "what ACCESSES this address" -> go in game and change (ex: health value) -> do it with the game not cheat engine.
3) a menu should pop up with a list (with one or more selections [if one is better]) -> double click two or three selections, compare them:
watch out for theese two things:
1) there is a writing that says: the value of the address needed to find the pointer is probably XXXXXXXX ... in all selections ... XXXXXXXX should be the same (if not *read |||MORE||| below)
2) the offset :
an instruction should be like mov [ebx+13],eax
in this case the value of ebx is the value of the base pointer and 13 is the offset ...
mov [ecx+eax*12],ebx
in this other case ecx is the value of the base pointer and eax*12 is the offset ... (down below the "extra info window" you can see what eax is equal to [ex: eax=0000000A]) now with a hex calculator do ... A*12 = B4 ... your offset is B4
... once you realize that all the 3 extra info have the same info ... and are equal the these two things listed before you can proceed and write down ... offset 0 = your offset ... i suggest to use cheat engine's table extra button down right of main ce window or just windows notepad
now right click the XXXXXXXX (the address needed to find the pointer is probably XXXXXXXX) and hit "copy easy guess to clipboard"
4)now do a 4 byte scan, exact value, hex checkbox checked. (search for the value in the clipboard)
you'll find some addresses ... now i really have no clue on wich to pick ... choose one that has your lucky number in it or just select the first one.
5) repeat steps 2 to 4 (in step 2 this time right click the new address not the original (health))
6) you will finally see a green address. and have a list of offsets
7) click add address manually -> hit "pointer" checkbox and click add offset till you see the number of offsets that you have: (ex 4 offsets)
off 0 = a
off 1= 2
off 2 = 0c
off 3 = 5
insert the GREEN ADDRESS the long inputbox and the last offset near it
going up insert the second-last offset ... like this
< a >
< 2 >
< c >
< 5 >
XXXXXXXX (GREEN ADDRESS) not value
insert a description ... this is the pointer that brings to health
hit ok ... you're all set.
save cheat table
|||MORE|||
when you pick the selections be careful ...
a good instruction have the square brackets in the left:
like this: sub [ebx+00000464],eax
not like: mov eax,[ebx+00000464] this is good too, but most of the time if you have more selections pick the one with the square brackets on the left *in ce tutorial there are 4 selections (at one point) ... 3 with square brackets on the right and only one that is the good one on the left.
anyways if you want to be sure you must do a three like this:
split base(y) into two x1 and x2
then split x1 into whatever pointer value you find or whatever offset ... and so on till you get a green address ... be careful with the offset history of the path you followed to find that green address.
_________________
... Fresco |
|
Back to top |
|
|
µnKn0wn_H4CK3r How do I cheat? Reputation: 0
Joined: 04 Jun 2012 Posts: 3
|
Posted: Sat Jun 09, 2012 9:30 am Post subject: |
|
|
Fresco,
Thank you very much for your explanations .
I did what you said and I found the pointer base of the nickname in Modern Warfare 3 Multiplayer.
Picture:
Code: | http://img15.hostingpics.net/pics/567604pointerscan.png |
Now how do I get the address of the nickname in C#?
I know how to read/write in process memory but how do I read the value at "iw5mp.exe"+059AAD68?
I have no problem with 059AAD68 but how do I find what "iw5mp.exe" is?
|
|
Back to top |
|
|
Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
Posted: Sat Jun 09, 2012 12:35 pm Post subject: |
|
|
i'm very glad to see that you succeed in finding the pointer.
for that c# thing ...
there have been other discussions about it in this forum, so maybe a little bit of research with google will help you out.
i don't know very much about c but i know that you have to get the game.exe address then sore the number into a variable add the offset of the pointer to that variable using hex calculations and then the variable will hold the true base address hex value... then you'll have to add the offsets and voila!
a faster way to make your trainer is to use the trainer maker built in cheat engine ... it's a lot easier.
_________________
... Fresco |
|
Back to top |
|
|
renoturks Newbie cheater Reputation: 0
Joined: 05 Jun 2012 Posts: 22 Location: Brazil...Praia Grande =D
|
Posted: Sat Jun 09, 2012 1:56 pm Post subject: |
|
|
In my case, i have 5 instructions, and the Count are going up very fast...
the instructions are:
00479C2F - 8B 4F 0C - mov ecx,[edi+0C]
0047E235 - 8B 48 0C - mov ecx,[eax+0C]
0047E267 - 8B 4F 0C - mov ecx,[eax+0C]
00445545 - 8B 4E 0C - mov ecx,[esi+0C]
0043299C - 8B 41 0C - mov eax,[ecx+0C]
What should i Do? like you said here? Its is the "same thing" ?
|
|
Back to top |
|
|
µnKn0wn_H4CK3r How do I cheat? Reputation: 0
Joined: 04 Jun 2012 Posts: 3
|
Posted: Sat Jun 09, 2012 6:28 pm Post subject: |
|
|
Fresco wrote: | i'm very glad to see that you succeed in finding the pointer.
for that c# thing ...
there have been other discussions about it in this forum, so maybe a little bit of research with google will help you out.
i don't know very much about c but i know that you have to get the game.exe address then sore the number into a variable add the offset of the pointer to that variable using hex calculations and then the variable will hold the true base address hex value... then you'll have to add the offsets and voila!
a faster way to make your trainer is to use the trainer maker built in cheat engine ... it's a lot easier. |
I just found how to get it! Actually, it's very easy!
Snippet to get the base address of a process:
Code: | IntPtr processBaseAddress = System.Diagnostics.Process.GetProcessesByName("process_name")[0].Modules[0].BaseAddress; |
.NET Framework and Process class are so powerful .
Thank you for your help Fresco.
|
|
Back to top |
|
|
Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
Posted: Mon Jun 11, 2012 4:38 am Post subject: |
|
|
renoturks wrote: | In my case, i have 5 instructions, and the Count are going up very fast... [...] |
what do you mean ?
is that the list of codes that accessed the address ??
if so ... i can clearly see that the offset is:
0c = C ...
now duble click the first one and write down the value of the probably pointer
do that for for all the 5 instructions
you shuld have
offset for all = C
and some values
00479C2F - 8B 4F 0C - mov ecx,[edi+0C] here the value of edi
0047E235 - 8B 48 0C - mov ecx,[eax+0C] here the value if eax
... and so on
edi, eax ... and the other values of 'base address pointer' should be the same, if so you have what you wanted : offset and value of pointer
eax and edi are value of pointers ...
... if eax or edi or value of the other 'value of base address' are different then you'll have to split your work into two or more different paths.
i hope that cleared any doubts you had.
_________________
... Fresco |
|
Back to top |
|
|
renoturks Newbie cheater Reputation: 0
Joined: 05 Jun 2012 Posts: 22 Location: Brazil...Praia Grande =D
|
Posted: Mon Jun 11, 2012 7:44 am Post subject: |
|
|
Thank you Fresco, i think i understand, i'll try to do it now =D
|
|
Back to top |
|
|
Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
|
Back to top |
|
|
renoturks Newbie cheater Reputation: 0
Joined: 05 Jun 2012 Posts: 22 Location: Brazil...Praia Grande =D
|
Posted: Tue Jun 12, 2012 9:48 pm Post subject: |
|
|
Now i'm confused, the value of the pointer needed to find this adress is probanly XXXXXXXX but it changes thge last 4 digits every time i go to another battle x.x
I think that's because of the place that i'm fighting...
what heck...i think i'll give up....
|
|
Back to top |
|
|
Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
Posted: Sat Jun 16, 2012 10:58 am Post subject: |
|
|
you can't find that pointer of a unit in a strategy game, where you create the unit
you'll have to auto assemble the code that decreases your unit's health or whatever and then check if the unit is yours or enemy's.
the last step of cheat engine 6.2 tutorial teaches you how to do that.
_________________
... Fresco |
|
Back to top |
|
|
blackkenny How do I cheat? Reputation: 0
Joined: 23 Jun 2012 Posts: 1
|
Posted: Sat Jun 23, 2012 2:24 pm Post subject: |
|
|
Hello Fresco,
i followed your instruction but got problems on the 4. step:
Quote: |
4) now do a 4 byte scan, exact value, hex checkbox checked. (search for the value in the clipboard)
you'll find some addresses ...
|
My problem is i find nothing.
I tried it often but always the same.
Do you know what I am doing wrong?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sat Jun 23, 2012 2:37 pm Post subject: |
|
|
Just an fyi:A pointer for a unit in a strategy game is possible. There is often a path to the currently highlighted unit
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Fresco Grandmaster Cheater Reputation: 4
Joined: 07 Nov 2010 Posts: 600
|
Posted: Sun Jun 24, 2012 9:22 am Post subject: |
|
|
Dark Byte wrote: | [...]A pointer for a unit in a strategy game is possible. There is often a path to the currently highlighted unit |
yes there is, but unfortunately you can't find any pointer that would bring to a specific unit. what if the unit doesn't exist yet or died ?
for what we know about any strategy game it could be possible to find the pointer for the unit number.
i mean let's say you train ten solders. > the pointer points to the fifth one, and if it dies then the pointer points to the next solder, till you have only 4 solders and there's no more "the fifth solder".
but that's unlikely, and by the way, what would one do with a pointer that points to the selected unit, maybe an auto assemble code that activates god mode for the selected unit ? what if there are two selected units or more than two, where would the pointer point then ?
that's unlikely too, for the pointer to point to the currently selected unit, so in conclusion i'd say that you would be a fool to search for pointers in any strategy game with the manual way.
i think the only way to find pointers in any strategy game is to use pointer scan, it it finds anything...
the better way to solve this is the last step of the tutorial in ce 6.2 !
you could do whatever you want with all your units with that kinda of code
_________________
... Fresco |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Sun Jun 24, 2012 11:03 am Post subject: |
|
|
I did this in command and conquer red alert 3 and wh40k:dawn of war
I found the pointer to the selected unit
Then I added a hotkey that makes use of that to set the unit's health to the bugged health value for godmode (0xffffffff/ NaN)
And I bound another hotkey to that address so it would set the health to 0 (or 0.000001)
that way I could decide which particular unit to make invulnerable and which ones to kill.
I do like godmode in strategy games, but only on 1 or 2 units, and perhaps 1 building
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|