Cheat Engine

[Sam_Learner]

Hi, I'm new at this and I've read a lot of articles and tutorials related with Cheat Engine. I've tried something but it seems it's not my day.

I'd like to show you what I did, so maybe you can help me.

General explanation: I wanna get the pointer of the structure of a hero in a game called "Dota", from Warcraft 3.

I think it's called "Table" here, but I'm not sure.

Well, what I'm doing to do it is this.

1- First of all I tried to find the memory address of one value inside the structure, for example, HP(Health points).

So, I opened the game (dota), selected a hero, and I opened the process war3.exe.

The hero has (at first), 511 HP, so I typed 511 HP in the Value Bar.

124 addresses appeared, 2 of them green.

So I joined the game and I bought an item which gave me a total of 568 HP. I clicked "Next scan" and 2 values left in the address table (none green).

I copied both to the addresses list.

What I think now: Well, I think one of them is my "Current HP", and the other one is "Max HP".

So I went to the enemy's tower so it attacked me. I stoped the game and I saw that one value changed to my current HP. So now I can change the description, one is "Current HP" and the other one is "Max HP".

So, the guide I read the find the pointer told me that I had to do this.

"Browse this memory region". I did, and then I went to "Tools->Pointer Scan". "Pointer Scanner->Scan for Pointer"

And here is where I get lost. I get more than 10 million of results and I don't know what to do now.

I hope someone can help me. I want to learn more about this.

Thank you in advance.

[Dark Byte]

Restart the game (and your computer if possible)
Then find current hp again.
Then go to memoryview->tools->pointerscan and open the previous pointerscan results (if they aren't open already)
Then do a next scan for the new address

Also, you say "So I joined the game". Usually such a term is used in conjuction with online/multiplayer games. If that is the case, you will not be able to change the value

[Sam_Learner]

I will do what you told me and I'll edit this post with the results.

To the last thing you said, I only want to read memory, so I won't change HP values. I want to gather information about all related to the hero's stats: "HP", "Mana", "Agility", etc.

Well, I'm gonna restar the pc.

Thank you for your fast reply.

EDIT: I've restarted the computer and, amazingly the address is the same, so I get the same scan pointer.

That is confusing me, I supposed I would get a new dynamic address.

[Dark Byte]

It's possible the same address gets used. It all depends on the order of allocations. If the health address is the first thing that gets allocated, there is a big chance it will be at the same location most of the time.

also, war3 is a blizzard game, and they often do memory allocations as if they are working on a console

[Sam_Learner]

So, should I try finding the pointer in other way? I only knew this way, I will investigate more about memory allocations.

EDIT:

I've made this, I don't know if I did well.

Instead of restarting computer or game, I restarted the map. So I "forced" the game to give me another memory address.

Then, I found again HP address (It was a different address). I went to Memory Viewer ->tools -> pointer scan

And then I opened what I scanned before.

Then I clicked on: Pointer Scanner -> Rescan memory, and there I typed my new memory address.

I got only 1 line now. It says this, pls tell me if this is what I'm looking for.

Base Address: "Game.dll"+00AD1A74
Offset 0: 10
Offset 1: C
Offset 2: C
Offset 3: 1E3
Offset 4: 248
Points to: 14E402D0 = 0

[Dark Byte]

Just one line is very little, try a bigger level and/or structsize for a new pointerscan

Also, are you sure the address you did a next scan for was correct? (14e402d0 = 0 looks weird if it's current hp, since that would mean it's dead)

[Sam_Learner]

Mmm, you're right, i did something wrong. I've done it again and now I get...

49,310 pointers which points the current address. All of them have the current hp.

So now, in my current example, I have 449 HP, and there are almost 50K pointers.

What should I do now?

PS: At least they are not more than 10 millions of pointers now

Edit: I don't think they are all different pointers, because a lot of them starts like this:

"Game.dll 00A9A858", and the offsets changes.

Where the offset[0] is 0, this is the game.dll

Re-Edit: Sorry it's not game.dll
"Storm.dll 000555FC"

[Dark Byte]

That looks better. That means you now have 49310 pointer paths that stay valid after a map change and restart

you can filter out a few more wrong ones by doing a delayed rescan so the ones that are only valid when alt tabbed out of the game will get removed as well, but overall you can pick any pointer.

I usually pick the one with the least number of offsets, but in general, every pointer is usable enough.

Another tip: Try "Only filter out invalid pointers" combined with "Repeat rescan until stopped"
Then play the game for a while and when done, click stop.

[Sam_Learner]

MMmm, Ok I've taken one pointer, I've saved it as War3.CT and I've restarted, the game and the program.

I've restarted the map a lot of times and the pointer, in the "Addresses List", always tell me the current HP, so I think I found it.

But there are things I don't understand very well.

For example, this is my addresses list:

Active: Non-crossed
Description: Pointer Current HP
Address: P->156102D0
Type: 4 Bytes
Value: 473

Ok these are the values of a random restarted new game.

1- What does "Active" do? I mean, what is the objective of this?, currently it's not ticked.

2- When I double click "P->156102D0", a new window pop-up with this information:

Address: 156102D0 = 473
Etc..

Pointer (ticked).
< F4 > 156101DC+F4 = 156102D0
< 0 > 111200A8+0 = 156101DC
< 0 > 156101DC+0 = 111200A8
< A8 > 11120000+A8 = 156101DC
< 0 > 0D550000+0 = 11120000

Ok here is what I really don't understand. I've made the adds and I don't understand the adds except the first one, which I can understand.

For example: 111200A8+0 = 156101DC "I don't understand this one".

And finally:

"storm.dll"+000555FC -> 0D550000 (What is this last one address? "0D550000")

Thank you in advance for all your help.

[Dark Byte]

1: Active means freeze the value to what it currently is. (with a possible allow increase/decrease, or freeze to the same value as another address. so if you add the max hp address you can set it to automatically freeze to that)

2: Read from the bottom to top, it's reads the base address and then add an offset to that, and repeats it for each result until the final one, which points to the actual address

"storm.dll"+000555FC -> 0D550000 means that the 4 byte address at "storm.dll"+000555fc has the value 0d550000. (Read it as, it contains a pointer to 0d550000)

[Sam_Learner]

Oh great, this is really great, I knew I like this but now I like it even more

I've made the same process to take the hero's current mana.

I've got the same pointer: "storm"+000555FC, and only one offset was changed: "F8" in Health points and "FC" in Mana points, the rest is the same.

Now here my thoughts (I hope I am right): So "storm"+000555FC is the pointer of the Player 1's Hero's Structure?, and the Offset of that pointer gives you, Health, Mana, Experience, etc??

My second question is:

There is other value inside hero's structure called: "Strength", but for any reason I can't get the Dynamic Address, in other words, I can't do even the first step.

I do as always, I see the value of STR, for example 15, and type it and First Scan, then I upgrade STR and do it with the new value, but all the values that appears are fake, I mean they are not my current STR.

Do you know if there is any other way to find it?

Thank you in advance.

[Dark Byte]

Perhaps strength isn't stored as the value you see, but as the added strength compared to the base stats.

example:
The hero has at the beginning (level 0 or 1) 2 strength

Now, when you gain a level, it stores strength as +1, +2, +3, etc..
So if your hero has 4 strength after a level up, it is stored as 2.

Also, try an unknown initial value scan, and then do a increased value by... scan. That can help a little bit as well. (Don't do it inside the upgrade screen before confirming as it wont be applied to the hero then)

[Sam_Learner]

So now that I have the pointer with the offsets, if I wanna make a script, I must do it with other programming language like AutoIt or AHK or it's possible to make a script with Cheat Engine?

[Dark Byte]

It's possible with CE.
Easiest method is give your addresses hotkeys (rightclick and set hotkey) and then click file->generate generic trainerscript from table
And you can do a lot more if you learn lua and the ce functions and creatw custom guis

[Sam_Learner]

Hehe, I'm a bit confusing about this new language.

I opened the Lua script table and typed this:

Address = ??
s = readFloat(Address)
print(s)

What should I put in the address, because if it has 5 offsets, well I'm not sure how to do it.