Cheat Engine

++METHOS · Posted: Mon Apr 01, 2013 3:52 pm Post subject: Tomb Raider 2013 Pointers?

For those of you that are working on this game, how are you finding a proper, static base address?

At first, I thought all of my pointers were correct, because they always worked...however...I've noticed that sometimes, if I start a new game and play from the beginning, the addresses might change.

Pointers usually aren't a problem, but this game is proving quite difficult.

Any help would be appreciated.

Thanks.

mgr.inz.Player · Posted: Mon Apr 01, 2013 6:38 pm Post subject:

Yes, there is problem in finding pointers in this form:
.....[[[staticbase]+offset1]+offset2]+....
(note: staticbase can be "XXXXXXXX" or "modulename+YYYYYYYY")

Some games simply don't have those.

But probably there are pointers of this type:
.....[[[base]+offset1]+offset2]+....
base is accessed (read or write) by some opcodes, like for example "mov eax,[esi]" or something like that.

You can always try this:
Do "2 level" pointer scan, "only paths with static address" unticked, do many rescans. But, do NOT restart the game, do NOT load checkpoints, you only move around, shoot, change locations (do NOT use "fast travel" for that), do NOT let Lara die (because it will load checkpoint).

Yes, there will be hundreds. But you can change that. You have found almost stable pointer ("they always worked...however...I've noticed that sometimes"). So you know the most common ending offsets. For example, you have this "almost stable static pointer":
[[[[[[[yourstaticbase]+offset1]+offset2]+offset3]+offset4]+offset5]+offset6]+offset7

So do "2 level" pointer scan with ending offsets:
offset7 - last
offset6 - one before last
And of course, "only paths with static address" unticked.

You should have significantly less pointers

OK, now try first pointer and do "what access". Now choose the option which usually we don't use: "find out what accesses this pointer".

If nothing, try next pointer. And so on.

Give me that "almost stable static pointer", I'll try to find some opcodes to determine nonstatic base for level2 pointer (or maybe level1, level3, level4, ....).

++METHOS · Posted: Mon Apr 01, 2013 9:47 pm Post subject:

mgr.inz.Player-

Thanks for your help. I am still working on this. I will try your way.

mgr.inz.Player · Posted: Tue Apr 02, 2013 7:39 am Post subject:

What's your "almost stable static pointer" ?

++METHOS · Posted: Tue Apr 02, 2013 2:23 pm Post subject:

I trashed what I had before, so I will have to get back to you on this. I will report back when I have more time to look at this. I have been trying your steps on the controller addresses that I found for fly mode. The addresses only changed once, and now, I can't get them to change again...and I can't find any pointers that work for these addresses.

mgr.inz.Player · Posted: Tue Apr 02, 2013 4:40 pm Post subject:

"Maybe this won't work for everyone"
Better do not "cmp" for exact value. Check if value is bigger than 0.5

As for the rest, unfortunately I don't have any controller.

TsTg · Posted: Tue Apr 02, 2013 6:09 pm Post subject:

if you got the base address correctly as you said, then it's a problem with the offsets, some games uses dynamic offsets along with the dynamic addresses, in that case you need to find the other base address that stores the current offset, mostly in instructions like mov dword [eax+ecx*4+100],edx is used with that dma technique

mgr.inz.Player · Posted: Tue Apr 02, 2013 6:30 pm Post subject:

@TsTg, yeah, for example "salvage" is kept inside list (http://www.tutorialhandbook.com/programming/pascal/linked-lists-in-pascal.html), weird.

Alice0725 found a way:
http://forum.cheatengine.org/viewtopic.php?t=563586

++METHOS · Posted: Tue Apr 02, 2013 8:31 pm Post subject: