| View previous topic :: View next topic |
| Author |
Message |
qx0r
Newbie cheater
![]() Reputation: 0
Joined: 01 Jan 2013
Posts: 14
|
 Posted: Wed Jan 02, 2013 12:12 am Post subject: Automatic Pointer Scanner - Cannot find base address |
 |
|
Hi,
First of all, I wish you a happy new year!
I'm trying, unsuccesfully, to find the base address of a pointed value with the Automatic Scanner.
The game is a Flash game, on browser (chrome).
I can find the value location, and I can modify it with right effect in game.
I tried the "pointerscanner" with these "scanoptions":
All first 4 checkboxes checked;
Number of thread: 2;
Max Offset value: 2048;
Max Level: 5;
The research took less than a minute, and many addresses were found but no one was right after I restart game or reboot windows.
Now i'm trying with "Max level = 10" but it is taking much more time!
Any help is appreciated.
Thanks.
|
|
| Back to top |
|
 |
Misteraaargh
Newbie cheater
![]() Reputation: 0
Joined: 20 Dec 2012
Posts: 14
|
| Posted: Wed Jan 02, 2013 4:27 am Post subject: |
|
|
| Try after unchecking the fourth option..
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Wed Jan 02, 2013 4:50 am Post subject: |
|
|
Also, instead of going to level 10, try level 6 or 7 first
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
qx0r
Newbie cheater
![]() Reputation: 0
Joined: 01 Jan 2013
Posts: 14
|
| Posted: Tue Feb 26, 2013 7:46 pm Post subject: |
|
|
It's me again. Same problem.
This is what is happening:
I have a 8th level pointer scan list; when i filter the pointers to find the good ones i always find something matching, even if i restart the browser, but after some time the pointed value change location.
If i redo the scan from the pointers list i find again some other pointers matching but always they will become useless.
What to do?
Any help is appreciated, please, i want to learn!
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Feb 26, 2013 7:59 pm Post subject: |
|
|
Do the pointers in your pointer list change during game-play? If so, you can try rescanning the address multiple times (without restarting the game and without restarting CE). This may save you quite a bit of time. I am currently working on a game that is like this, and I can find a good pointer without restarting the game at all. Sometimes I have to scan 20 times, but it's still a lot quicker. Most importantly, it has proven reliable for this particular game. Not all games are like this, however. Some games may take a very long time to narrow down a reliable pointer...restarting your computer between scans and/or scanning from a different computer altogether is not totally unheard of.
As long as you are not presented with zero results after doing a rescan, and as long as the results are decreasing each time, you should eventually find a good pointer.
Just keep at it.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Tue Feb 26, 2013 8:17 pm Post subject: |
|
|
I also recommend saving the whole site to disk and run it from there, or better find a standalone player, as the time notation on the site can cause changes as well.
Or try level 14
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
qx0r
Newbie cheater
![]() Reputation: 0
Joined: 01 Jan 2013
Posts: 14
|
| Posted: Tue Feb 26, 2013 8:49 pm Post subject: |
|
|
@GNIREENIGNE
My aim is to find a base address that never changes and a list of offsets that point to the dinamically allocated data, always.
If, in my list, a first scan excludes some pointers and at the second scan it accepts them, I think that my list have no good pointers.
@Dark Byte
I tried to save the *.swf file and reproduce locally; it shows something but never goes forward. I'm searching something for this right now.
For the scan-list, you think is not enought 8th level? This is why i get pointers behaves like that?
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Wed Feb 27, 2013 1:40 am Post subject: |
|
|
Personally I wouldn't recommend using the pointer scanner to hack a flash game. I get the feeling they have a big variable buffer somewhere that will make you need insane structure sizes, and last time I tried to hack a flash game I found a strange construct:
| Code: | mov ecx,dword [eax+14] //if !([eax+14]&4) then [eax+C] is NULL and there is an
test ecx,4 //alternate way of getting ecx
jnz Main_GetPlayernameBySum
mov ecx,dword [eax+8]
jmp Main_GotPlayername
Main_GetPlayernameBySum:
mov ecx,dword [eax+C]
mov ecx,dword [ecx+8]
add ecx,dword [eax+8]
Main_GotPlayername:
//here, ecx=(char*)PlayerName |
What this code shows it that sometimes the pointer to my data is [eax+8] and sometimes [[[eax+C]+8]+[eax+8]]. Dunno if it was specific to my game or if this is part of flash's weird memory management, but personally whenever I need to hack a flash game I go for the code editing (find out what writes...) approach with aob scan(s).
BTW: did anyone ever get a working pointer with a static base for a flash game ?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed Feb 27, 2013 2:24 am Post subject: |
|
|
| qx0r wrote: |
If, in my list, a first scan excludes some pointers and at the second scan it accepts them, I think that my list have no good pointers. |
Hmm. Are you sure you are doing it right? You must open each previous scan and overwrite it with a new scan by rescanning for the new address, preferably under a new name.
Since it is a flash game, there really is no telling. You might be wise to follow what others are suggesting.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25796
Location: The netherlands
|
| Posted: Wed Feb 27, 2013 5:37 am Post subject: |
|
|
Oh yes, deselect the option that pointers must be aligned. I'm not sure if they still do this(slow), but in the past they stored pointers unaligned (to specify special cases)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
qx0r
Newbie cheater
![]() Reputation: 0
Joined: 01 Jan 2013
Posts: 14
|
| Posted: Wed Feb 27, 2013 12:44 pm Post subject: |
|
|
| GNIREENIGNE wrote: |
Hmm. Are you sure you are doing it right? You must open each previous scan and overwrite it with a new scan by rescanning for the new address, preferably under a new name.
Since it is a flash game, there really is no telling. You might be wise to follow what others are suggesting. |
I'm sorry, i badly explained, my english is not very good! 
This is what i do after i get a list of pointers:
1) Rescan to remove bad pointers and save the new list to a new file
2) Iterate this until i get some stable pointers overwriting the new list (to remove bad pointers faster i do something in game, like opening menu, playing etc...)
3) Save the few stable pointer/s i found to CE address list
Now, these pointers i found remains stable for some time, even if i restart browser. After that they become useless.
The problem is that if i narrow down again the main list, i find everytime something matching, but doesn't remain stable for ever; in other words: in my huge list, every time i launch the game, there are always some good pointer that remains available for some time.
@Gniarf
I've already spent a lot of time trying to get something manually, but seems impossible, atleast for me. I stuck after 5-6 levels. This is why i wanted to try the auto-scan. The debugger shows me a LOT of istructions i hardly understand.
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed Feb 27, 2013 1:10 pm Post subject: |
|
|
It sounds like you just need to keep at it to narrow in on a good pointer.
How many addresses are in your list now? How many after you restart the game and do a rescan? As long as the total number of addresses keeps decreasing and does not yield 0 results, you should eventually find a reliable pointer.
As DB suggests, some of the scan options can be (and should be) changed, depending on the process that you are attaching to. In your case, I'm not sure if it's necessary or not, but for older games, like SNES roms, for example, many of the scan settings have to be changed in order to yield any scan results at all.
|
|
| Back to top |
|
|
qx0r
Newbie cheater
![]() Reputation: 0
Joined: 01 Jan 2013
Posts: 14
|
| Posted: Wed Feb 27, 2013 1:46 pm Post subject: |
|
|
Wah.. now i'm trying with all 4 option unchecked. Will see..
@Dark Byte
I have found a bug: in "Rescan pointerlist" window, if i check "Value to find", i can't write more that 8 characters. (CE 6.2)
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed Feb 27, 2013 2:19 pm Post subject: |
|
|
You didn't answer my questions. I probably would not have made those changes to the scan options just yet.
Regarding the bug...write out the value in Hex. You can use your windows calculator to convert the decimal to hex, or, just change the view-as option for that value in your cheat list.
|
|
| Back to top |
|
|
qx0r
Newbie cheater
![]() Reputation: 0
Joined: 01 Jan 2013
Posts: 14
|
| Posted: Wed Feb 27, 2013 3:07 pm Post subject: |
|
|
I have around 500M paths, after the first rescan it shows something about ~200 paths, but none of these remains valid after a second scan.
A new scan from the main list will find again other temporarily valid paths. 
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
