Cheat Engine

[Misteraaargh]

There is this game that only allows the camera height slider to go upto 20 but with CE you can take it beyond it. The problem is that the address keeps changing. So I tried to go down to the static address but am stuck at a point... Here it is..

Address Found for the cam-height value - 171546a8
I check what accesses this adresss.. and..
The value of pointer needed to find this address is probably 17154500

( Now, See pic below in this sequence - 1.png
0.5.png
2.png)



Now I check what accesses this pointer ( or the new addres I foudn) and this is what I get ( from both)

019BA451 - 8B EC - mov ebp,esp
019BA453 - 8B 45 08 - mov eax,[ebp+08]
019BA456 - 8B 44 81 24 - mov eax,[ecx+eax*4+24] <<
019BA45A - 5D - pop ebp
019BA45B - C2 0400 - ret 0004

EAX=17154500
EBX=00000000
ECX=0D45EF80
EDX=02FD99D0
ESI=00000031
EDI=00000000
ESP=1FE7F6F4
EBP=1FE7F6F4
EIP=019BA45A


The first issue is that I get the same "The value of pointer needed to find this address is probably 17154500" again which leads to the same address as earlier.. There is no multilevel pointer tutorial out there with version 6.2.. only the offset has chaged. And that too is confusing me..

[ecx+eax*4+24] - What do I do with this?

I've tried 1. 17154500*4+24 .
2. I've tried - 171546a8 = ecx+eax*4+24
eax*4 = 171546a8-ecx
eax = (171546a8-ecx)/4
eax = 277D5CA

I've tried so many different things that I no longer remember all of them.. I am badly confused.. ALl I need is someone to guide me from here step by step..

Please help. I've spent all day on this , tried many tutorials out there but none explains my problem...

p.S- when I try to link to Imageshack it say I cannot post URLS yet.. SO attached the pics..

[atom0s]

Try using the pointer scanner features to find deeper pointers then.

Right-click the cam address in your table and choose 'Pointer scan for this address'. You can adjust the depth of the pointers near the bottom. Start with something around 5 and see what you get.

[TsTg]

Depending on your search results:

search a value range from 0D45EF80 to 0D45E000, you should find at least one variable is from static address

[Corruptor]

Mean trick. keep an eye on it:

019BA456 - 8B 44 81 24 - mov eax,[ecx+eax*4+24] <<

EAX=17154500

the eax given in the dump is the eax after the execution of this function, and thus of corse always your pointer. (cause if it wouldnt, something would have gone wrong).
You might calculate what is standing in there with some math skillz using
17154500 = D45EF80 + eax*4 + 24
to get what really has been in eax. eax*4+24 will then be your offset.
Value you will have to search for is propably D45EF80 anyway, as the genius allready pointed out.

[Misteraaargh]

I used the pointer scanner and found what I needed ... Thanks to all the guys trying to help..