Cheat Engine

puzzbone · How do I cheat? Reputation: 0 Joined: 13 May 2013 Posts: 5

If i have a base pointer address as:

"NAME.exe"+AF6DE

and an instruction as:

mov esi,[esi+000016BC]

assuming its a multi level pointer, is there a way to get to the memory address from only this information?
I know the first offset would be "16BC" but how would you find the next offset and so on.

I am asking this as I know i could nop the instruction or use code injection but it would be detectable if I played in a game with an anti-cheat system in place, so i would want to build the base pointer so i could just change the value and freeze it.

I also know I could find the base pointer from the value address but ive been having trouble finding it, and i have found the base pointer online so i was wanting to work from that.

Gniarf · Posted: Wed May 22, 2013 10:38 pm Post subject:

Just to be sure we speak about the same thing: in [[[[game.exe+123]+147]+258]+369] ,I call:
-game.exe+123 the base pointer.
-147 the first offset.
-369 the last offset because it's the last one the program uses to access your value.

I assume you meant that 16BC was the last offset, and let's say that the variable you want to hack is at address 0x12345678.
A simple and stupid way to find the pointer to your variable is to use the pointerscanner and specify "pointer must end with offset" 16bc, and set struture size to something bigger than 5820 (=0x16bc). Then do a rescan specifying "base pointer must be in range" the_hex_value_of("NAME.exe"+AF6DE)-1 to the_hex_value_of("NAME.exe"+AF6DE)-1.

If pointerscans with structure size 5821+ are unbearably slow, you can revert to structure size 2048 and scan for address 0x12345678-16BC, but you'll lose the ability to rescan using the "by value" mode.

If I'm mistaken and 16BC was really your first (and not last) offset, use a 5821+ structure size, and use the "must start with offsets" rescan option.

puzzbone · How do I cheat? Reputation: 0 Joined: 13 May 2013 Posts: 5

Turns out its not the base pointer at all that ive got. Just the address i csn use to nop the function.

The game im using is walking dead survival instinct but i can seem to find the base pointer while using the debugger or pointerscan.
Im making a c++ hack and need the base pointer and offsets to make it work

Gniarf · Posted: Thu May 23, 2013 6:59 am Post subject:

puzzbone · How do I cheat? Reputation: 0 Joined: 13 May 2013 Posts: 5

the "NAME.exe"+AF6DE is the address of that function mov, esi[esi+000016BC], so if i nop this i get unlimited ammo with no reload.

i used 2048 and 4 level pointer.

i prefer using the debugger method though and adding each pointer to the cheat table seperately untill you get the base pointer

Gniarf · Posted: Thu May 23, 2013 12:05 pm Post subject: