View previous topic :: View next topic |
Author |
Message |
Meiyoh Master Cheater Reputation: 1
Joined: 14 Mar 2015 Posts: 400
|
Posted: Sat May 28, 2016 1:27 am Post subject: How to find DMA pointers in Dark Souls 3? |
|
|
It always gives 0 results when scanning for DMA Pointers. How to fix this?
|
|
Back to top |
|
|
Meiyoh Master Cheater Reputation: 1
Joined: 14 Mar 2015 Posts: 400
|
Posted: Sat May 28, 2016 11:37 am Post subject: |
|
|
Better be removed
Last edited by Meiyoh on Sat May 28, 2016 1:40 pm; edited 1 time in total |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4297
|
Posted: Sat May 28, 2016 12:26 pm Post subject: |
|
|
That question is one of the most frequently asked questions on these forums. If you tried to search for your problem to any extent, you'd find it. Not doing so is a waste of everyone's time. If anything, it's insulting to those "who most knows the work with Cheat Engine" that you would be so callous or egotistical as to not even look to see if anyone else has had the same problem (not to mention your baseless accusation of readers' ignorance).
People tend to grow tired of the same issues being posted repeatedly and eventually stop responding to them altogether. The next time anyone makes a topic asking a question and gets no response, this might be why.
Regardless, you should be using the pointer scanner. Increase your max level and/or max offset if needed. Change the advanced settings if you want. Use Google for more information.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sat May 28, 2016 12:39 pm Post subject: |
|
|
Daaaang.
Meiyoh-
After you figure out how to use the pointer scanner, you'll start learning injection. After you figure out injection, you may forget how to use the pointer scanner.
|
|
Back to top |
|
|
Cake-san Grandmaster Cheater Reputation: 8
Joined: 18 Dec 2014 Posts: 541 Location: Semenanjung
|
Posted: Sat May 28, 2016 12:50 pm Post subject: |
|
|
If I'm you, I will always use backtrace method because not all game use static address as a reliable base address which make the pointerscanner pointless and if I can't find the base address , I will use Injection-copy method.( with aobscan & filter added depending on the game )
_________________
...
Last edited by Cake-san on Sat May 28, 2016 12:54 pm; edited 1 time in total |
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4297
|
Posted: Sat May 28, 2016 12:54 pm Post subject: |
|
|
I'm just getting to the point where I don't care anymore. I understand that not everyone knows everything, but there should still be some concepts inherently understood by everyone.
This other topic would be useful if anyone wants to try to use a code injection to get the address. It also contains outdated information on the pointer scanner.
Backtracing is also a good method, but if the OP knew how to do that, this topic wouldn't exist.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Meiyoh Master Cheater Reputation: 1
Joined: 14 Mar 2015 Posts: 400
|
Posted: Sat May 28, 2016 1:34 pm Post subject: |
|
|
Thank you all for the responses. ParkourPenguin I am sorry. You are the only one here who helped me at all with many stuff. Don't take my words here I was speaking to the guys with DS3 Table. They found pointers but never replied to me how they did this I asked them several times no reply. Problem is most people are egoists. They never share info how to do stuff. Isn't it simple to say how you do this. Just the method . If they use some other stuff than "pointer scanner" or MANUAL Pointer scanner via OP Codes and tell their method I will gladly google it if I don't know how to use it. But no reply is ignorance. Injection is hard as most codes have multiple addresses they write/access . So getting to the right address is hard.
PS: I already tried Google nothing useful found.
Other people also report being unable to get pointers for this game.
Anyway. Injection shall do it.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4297
|
Posted: Sat May 28, 2016 3:43 pm Post subject: |
|
|
It's fine. My rant wasn't solely directed at you but at every person asking questions like "How do I hack [multiplayer game]?", "How do I search for a value I can't see?", "How do I get the address a module is loaded at?", etc. I was just venting; don't take it personal or anything.
Assuming you're talking about this table, those pointers in the table aren't static pointers. Some of them are just addresses stored in a registered symbol (plus some offset), and others are actually pointers whose base address isn't static. The creator(s) used code injection to do everything.
To figure out how, all you need to do is look at the script that registers the symbol and assigns something to it. Here's a small snippet of the script "Open":
Code: | {$lua}
autoAssemble([[
aobscanmodule(hack_aob,DarkSoulsIII.exe,48 8B 05 ?? ?? ?? ?? 48 85 C0 74 ?? 48 8B 40 50)
registersymbol(hack_aob)
]])
local addr = getAddress("hack_aob")
addr = addr + readInteger(addr + 3) + 7
unregisterSymbol("addr_02")
registerSymbol("addr_02", addr, true) |
You don't need to have an advanced comprehension of Lua to understand this; any standard programming language will do.
The first call to autoAssemble scans for an AoB and registers the returned address as a symbol. It then takes that address and registers another symbol: that address plus whatever the integer is at the 4 byte wildcards plus 7. Then, the script registers that address, which is the base address used in the memory records. After looking at this it's easy to tell that the aobscan is the real "base address". The game probably calculates what that immediate offset is when it starts up. That offset then leads to where a structure (or some other important data) is stored at. It's pretty common to see this method of an address being stored as an immediate in a game.
The pointerscanner would be hard pressed to find this. You would need to turn off 32-bit alignment which would slow down the scan quite significantly. Even then, you wouldn't be able to find this exact path. Finding it manually by analyzing the assembly would probably be faster. You may need to search for a few things manually (w/o fast scan options), but it's possible if you understand x86.
Meiyoh wrote: | Isn't it simple to say how you do this. |
Sure. It's simple for me to say "find an instruction which accesses that address and backtrace it to find out how the program is getting that address." Of course, that doesn't mean you understand anything I said.
The reason why there aren't any tutorials on this is because it's so specific. If you understand what pointers are, know what the word "backtrace" means, and have a decent comprehension of x86, then you should be able to do this on your own. Otherwise, either start learning or give up.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Meiyoh Master Cheater Reputation: 1
Joined: 14 Mar 2015 Posts: 400
|
Posted: Sat May 28, 2016 4:12 pm Post subject: |
|
|
ParkourPenguin wrote: | It's fine. My rant wasn't solely directed at you but at every person asking questions like "How do I hack [multiplayer game]?", "How do I search for a value I can't see?", "How do I get the address a module is loaded at?", etc. I was just venting; don't take it personal or anything.
Assuming you're talking about this table, those pointers in the table aren't static pointers. Some of them are just addresses stored in a registered symbol (plus some offset), and others are actually pointers whose base address isn't static. The creator(s) used code injection to do everything.
To figure out how, all you need to do is look at the script that registers the symbol and assigns something to it. Here's a small snippet of the script "Open":
Code: | {$lua}
autoAssemble([[
aobscanmodule(hack_aob,DarkSoulsIII.exe,48 8B 05 ?? ?? ?? ?? 48 85 C0 74 ?? 48 8B 40 50)
registersymbol(hack_aob)
]])
local addr = getAddress("hack_aob")
addr = addr + readInteger(addr + 3) + 7
unregisterSymbol("addr_02")
registerSymbol("addr_02", addr, true) |
You don't need to have an advanced comprehension of Lua to understand this; any standard programming language will do.
The first call to autoAssemble scans for an AoB and registers the returned address as a symbol. It then takes that address and registers another symbol: that address plus whatever the integer is at the 4 byte wildcards plus 7. Then, the script registers that address, which is the base address used in the memory records. After looking at this it's easy to tell that the aobscan is the real "base address". The game probably calculates what that immediate offset is when it starts up. That offset then leads to where a structure (or some other important data) is stored at. It's pretty common to see this method of an address being stored as an immediate in a game.
The pointerscanner would be hard pressed to find this. You would need to turn off 32-bit alignment which would slow down the scan quite significantly. Even then, you wouldn't be able to find this exact path. Finding it manually by analyzing the assembly would probably be faster. You may need to search for a few things manually (w/o fast scan options), but it's possible if you understand x86.
Meiyoh wrote: | Isn't it simple to say how you do this. |
Sure. It's simple for me to say "find an instruction which accesses that address and backtrace it to find out how the program is getting that address." Of course, that doesn't mean you understand anything I said.
The reason why there aren't any tutorials on this is because it's so specific. If you understand what pointers are, know what the word "backtrace" means, and have a decent comprehension of x86, then you should be able to do this on your own. Otherwise, either start learning or give up. |
can't give ya rep but i will try it. thanks
|
|
Back to top |
|
|
++METHOS I post too much Reputation: 92
Joined: 29 Oct 2010 Posts: 4197
|
Posted: Sun May 29, 2016 12:49 am Post subject: |
|
|
Meiyoh wrote: | Problem is most people are egoists. They never share info how to do stuff. Isn't it simple to say how you do this. | -Most of these things have already been explained...many, many times over. I have personally explained many things quite repeatedly on this forum. I know that I am not the only one. Anymore, I just quote myself to make a point...but I don't think that people get it. They couldn't be bothered to read or to think for themselves. I can totally understand ParkourPenguin's frustration. He is right, though, to tell you to not take it personally. The venting is a result of many people and many posts, over time.
Meiyoh wrote: | Injection is hard as most codes have multiple addresses they write/access . So getting to the right address is hard. | -It gets easier...but you have to try. You will not regret investing the time to learn.
|
|
Back to top |
|
|
|