 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
grtnd
Newbie cheater
![]() Reputation: 0
Joined: 29 Nov 2015
Posts: 14
|
 Posted: Sun Nov 29, 2015 12:51 pm Post subject: the impossible base pointer |
 |
|
Hello everyone,
I've ran into a problem finding base pointers in this particular game.
usually you can find pointers through pointerscanning, or alternativly through the cheat engine debugger.
neither of these options work in my case and that's because of the ridiciouls complex ways that this game stores it's pointers in.
this game hides it's base-pointers behind walls of register swaps and function calls which is making pointerscan's really difficult.
(i don't know if it intentionally does this)
most of the time, CE gave me pointerscanner error's because i set the maximium offset & level vales too high, and when it didn't, i got nothing of relevance anyway. (because all the rescans filters out everything and i ended up with 0 results)
this is strange because i'm sure my computer has enough resources to do big pointerscans.
anyway, since i couldn't use the pointerscanner i was forced to try and locate the base pointer through memory viewer instead. (the same way we all did before pointerscanning)
so i spent a long time yesterday trying to trace all the opcodes that affected my pointer, of course i couldn't find the original base pointer loading instruction, since the trail never seemed to end but i did find out what i stated above: that the base pointers are buried behind walls of register jumps (mov) and function calls/instruction jumps.
so in summary:
every pointerscan i've done on various different adresses has so far returned me nothing of relevance.
the base pointer is hidden behind ridiculous amounts of register swapping which makes it tricky, if not impossible to find manually.
in detail:
as far as i've managed to trace the pointer, i've found it jumps between around 3 unique registers 6 times while going through around 14 function calls and instruction jumps.
the biggest offset during a register jump (mov) of my pointer i recorded was 0x07DEA4 but since i've found some other unrelated offsets nearby that date slightly higher, i've made the assumption that all the offsets in the mov instructions that handle the pointer in question are under 0x80000
so i decided to give the pointerscan one last try before comming here.
i left all the values at default except for maximium offset which i set at 80000 and max level which i put at 8 (for the time being)
im 95% positive i have enough RAM and disk space as i monetize my memory usage during the scan process, i am also using the 64-bit version of cheat engine, but as always it turns up:
| Quote: | | Error during scan: StaticScanner:Could not convert variant of type (Null) into type (Int64) |
followed by | Quote: | | Unable to open file "C:\Users\xxxxx\Documents\yyyyy.PTR" |
so i'm stuck at this point. pointer scanning apperantly doesn't have enough recources (but i have my doubts on that one) and the register manipulations in the assembly code are simply too large and spread out to find the pointer manually.
i'm sure im not the only one who has run into this at some point, but right now im out of ideas. |
|
| Back to top |
|
 |
Rydian
Grandmaster Cheater Supreme
 Reputation: 31
Joined: 17 Sep 2012
Posts: 1358
|
| Posted: Sun Nov 29, 2015 2:36 pm Post subject: |
|
|
Some games just straight-up don't have traditional pointers.
http://forum.cheatengine.org/viewtopic.php?t=572465
There's two other methods to use, Injection Copies would probably work best for you, though if editing the game code is a no-no an AOB to the structure might work (but is often slower to toggle on).
_________________
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sun Nov 29, 2015 4:35 pm Post subject: |
|
|
Ridiculous offsets like 0x07DEA4 make me think you're targeting a script variable, so have you tried modding the game?
Also, does your game use one of the following engines: renpy (python), rpg maker, kirikiri (japanese visual novels), java, or lua?
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
grtnd
Newbie cheater
![]() Reputation: 0
Joined: 29 Nov 2015
Posts: 14
|
| Posted: Sun Nov 29, 2015 6:30 pm Post subject: |
|
|
| Rydian wrote: | Some games just straight-up don't have traditional pointers.
[can't quote url's yet]
There's two other methods to use, Injection Copies would probably work best for you, though if editing the game code is a no-no an AOB to the structure might work (but is often slower to toggle on). |
i don't suspect that there's anything unusual with this pointer, it may just have a lot of code behind it and needs to vary a lot, so it could just simply be a side effect. however, i read your post about AOB, applied it, and got it to work! i never even knew about these methods until now and reading up on them makes me feel that it would give me the ability do a lot more tampering in games with these methods when pointers aren't a hassle anymore.
so thanks a bunch for your answer! AOB worked flawlessly.
| Gniarf wrote: | Ridiculous offsets like 0x07DEA4 make me think you're targeting a script variable, so have you tried modding the game?
Also, does your game use one of the following engines: renpy (python), rpg maker, kirikiri (japanese visual novels), java, or lua? |
I'm not exacly sure what a "script variable" is, are you referring to "executable memory"? anyway, to my knowledge it's not written in any high level language. most likely it's native C or C++ (seeing as the assembly is static) but could possibly be .NET |
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Sun Nov 29, 2015 7:22 pm Post subject: |
|
|
| grtnd wrote: | | I'm not exacly sure what a "script variable" is, are you referring to "executable memory"? |
No.
Video games often use script interpreters, LUA being the most popular atm.
Cheat engine itself also has a built-in lua script interpreter, which you can bring by pressing ctrl+alt+shit+L. I'm not saying that you can interface between CE's interpreter and the game's, I'm just using CE as an example program using lua scripts.
If you take a simple script like: | Code: | local ScriptVariable=4
local AnotherScriptVariable=3
print(ScriptVariable+AnotherScriptVariable) |
You should see what I meant by script variable. Now you may/should wonder how those are stored in memory, considering script interpreters have their own memory managers. My guess is that it starts with an enormous buffer to hold all variables, or at least all global variables, and various function calls to retrieve where the other variables/members are. 7DEA4 could have been the offset to your variable from the start of that buffer.
In games those scripts are typically shipped as text files stored inside the game's archives.
The point of scripts is that the level designer doesn't need to recompile the whole game (or the proprietary 3rd party game engine...) to add a new quest.
| grtnd wrote: | | most likely it's native C or C++ (seeing as the assembly is static) |
Maybe, but FYI the script interpreter itself is usually written in C/C++ (lua is published in C, with some C++ ports available) and when you're tracing assembly, scripts and their variables are all just blobs of data.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
