Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Guides: Pointer Scanner + Injection Copies + AOB To Data
Goto page Previous  1, 2, 3, 4, 5, 6  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials
View previous topic :: View next topic  
Author Message
Kawaii desu ne
How do I cheat?
Reputation: 0

Joined: 13 Sep 2016
Posts: 7

PostPosted: Fri Sep 16, 2016 5:51 am    Post subject: Reply with quote

So I have a problem doing this with a game. I have multiple resources that are not too far away from each other. For example: Wood = 0F77C1F8 and Stone = 0F77C230 and Wool = 0EEBEB30.

My problem is, that the instruction that adds resources has no offset.
Just an add [eax],ecx. Heres what I see. Red is the add instruction.

Code:

"Game.exe"+93417: 8B CE                 -  mov ecx,esi
"Game.exe"+93419: 6A 00                 -  push 00
"Game.exe"+9341B: E8 D0 6D F9 FF        -  call Game.exe+2A1F0
"Game.exe"+93420: 85 C0                 -  test eax,eax
"Game.exe"+93422: 74 6F                 -  je Game.exe+93493
"Game.exe"+93424: 56                    -  push esi
"Game.exe"+93425: B9 80 A8 5B 01        -  mov ecx,Game.exe+53A880
"Game.exe"+9342A: E8 21 95 FC FF        -  call Game.exe+5C950
"Game.exe"+9342F: 8B 4D 0C              -  mov ecx,[ebp+0C]
"Game.exe"+93432: 8B 3D AC 9A 5B 01     -  mov edi,[Game.exe+539AAC]

"Game.exe"+93438: 01 08                 -  add [eax],ecx <--- Used instruction
"Game.exe"+9343A: 85 FF                 -  test edi,edi
"Game.exe"+9343C: 75 32                 -  jne Game.exe+93470

"Game.exe"+9343E: 68 14 B2 02 00        -  push 0002B214
"Game.exe"+93443: FF 15 48 C9 48 01     -  call dword ptr [Game.exe+40C948]
"Game.exe"+93449: 83 C4 04              -  add esp,04
"Game.exe"+9344C: 89 45 08              -  mov [ebp+08],eax
"Game.exe"+9344F: 89 7D FC              -  mov [ebp-04],edi
"Game.exe"+93452: 85 C0                 -  test eax,eax
"Game.exe"+93454: 74 0B                 -  je Game.exe+93461
"Game.exe"+93456: 8B C8                 -  mov ecx,eax
"Game.exe"+93458: E8 F3 92 16 00        -  call Game.exe+1FC750
"Game.exe"+9345D: 8B F8                 -  mov edi,eax


Its all the same with Wood,Stone and Wool. But how can I find the base address without any offsets? Is that even possible or am I just to stupid to understand what I should be doing?[/code]
Back to top
View user's profile Send private message
paul44
Expert Cheater
Reputation: 2

Joined: 20 Jul 2017
Posts: 152

PostPosted: Mon Aug 21, 2017 2:07 pm    Post subject: some Qs + feedback Reply with quote

Great article, as usual!

I do have some questions though (see [imgur_com/a/TluBh] for details):
a. is there a way to "dealloc" the 'globalalloc'? Yes, we are talking 4-8 bytes here, but I see it as a "correct coding" principle...
(I assume this function acts similar as the msdn fn? which counterpart is Globalfree)
(see 1st image)
b. based on prev AOB experience (another one of your tutorials), I learned that the aobscan Label already received the appropriate address. And it works in the same way with the 'AOB to Data' approach. Ie you can use the AOBscan label; no need to introduce an additional label?!
Tested and working, but - just to be sure - can I expect "trouble" this way?
(see 2nd image)
c. I'm actually a bit amazed that I've not seen anyone mentioning the 'Userdefined Symbol' table. I find it incredibly useful while working with these scripts! As you dis/enable scripts, you'll see the appropriate labels dis/appearing... And jump to their memory locations from there.
And hence my question in pt b. (when nothing is enabled, the table is empty ~ sort of)
(see 3rd image)

Sidequestions:
1. is there a way to identify whether a structure is a 'struct' or 'class'; and whether or not it contains Virtual Functions?
2. (see 4th image)
one of the structures I found (SoM) started with pointers (or these values were identified as such). What I understand from a book I'm currently reading is, that one of the features of a structure is that all its values are aligned to the same size (in my case 4 bytes; or so I assume). But since SoM is 64bit, that would imply that pointers have a 8 byte size?!
- note that in the image some pointers (?) are 2 bytes long?
- note that I've changed some of the initial types to 'Float' (as being the correct type)
3. if one uses the same label (eg INJECT for each AOBscan) in several scripts (active in the address list), will this not cause any conflicts? Not tested myself (yet)...
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Mon Aug 21, 2017 2:57 pm    Post subject: Reply with quote

paul44 wrote:
a. is there a way to "dealloc" the 'globalalloc'? Yes, we are talking 4-8 bytes here, but I see it as a "correct coding" principle...
Not really. That's the point of globalalloc. It only allocates memory once and it's there forever. If you don't like that, then use alloc in place of globalalloc and dealloc that memory in the disable section.
paul44 wrote:
b. based on prev AOB experience (another one of your tutorials), I learned that the aobscan Label already received the appropriate address. And it works in the same way with the 'AOB to Data' approach. Ie you can use the AOBscan label; no need to introduce an additional label?!
I don't know exactly what you're talking about, but if you mean something like this:
Code:
aobscan(foo,AA BB CC DD)
label(bar)
registersymbol(bar)

foo:
bar:
The label "bar" is unnecessary since the symbol "foo" could be registered instead.
Code:
aobscan(foo,AA BB CC DD)
registersymbol(foo)

paul44 wrote:
I'm actually a bit amazed that I've not seen anyone mentioning the 'Userdefined Symbol' table. I find it incredibly useful while working with these scripts! As you dis/enable scripts, you'll see the appropriate labels dis/appearing... And jump to their memory locations from there.
And hence my question in pt b. (when nothing is enabled, the table is empty ~ sort of)
I didn't see any question in those statements. If you're wondering why no one seems to talk about the symbol handler form, then IMO it's because that form is more of a trifle than anything else. I don't have any significant use for it.
paul44 wrote:
1. is there a way to identify whether a structure is a 'struct' or 'class'; and whether or not it contains Virtual Functions?
There's very little difference between a struct and a class (at least from the perspective of C++). Objects of a class using virtual functions should have a pointer to a vtable as their first member.
paul44 wrote:
2. (see 4th image)
one of the structures I found (SoM) started with pointers (or these values were identified as such). What I understand from a book I'm currently reading is, that one of the features of a structure is that all its values are aligned to the same size (in my case 4 bytes; or so I assume). But since SoM is 64bit, that would imply that pointers have a 8 byte size?!
I don't know if you posted the wrong image, but everything CE automatically deduced as a pointer is clearly 8 bytes long. This can be seen from their offset from the start of the structure. Perhaps it's confusing that CE doesn't show leading 0s after 8 characters, but that's as aesthetically pleasing as CE can make displaying addresses IMO.
paul44 wrote:
3. if one uses the same label (eg INJECT for each AOBscan) in several scripts (active in the address list), will this not cause any conflicts? Not tested myself (yet)...
If you register that symbol, then of course there will be conflicts.
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
paul44
Expert Cheater
Reputation: 2

Joined: 20 Jul 2017
Posts: 152

PostPosted: Tue Aug 22, 2017 2:46 am    Post subject: Class vs Struct (andwhatnot)... Reply with quote

@ParkourPenguin: thx for your reply.
Q1: I first assumed that one HAD to use Globalalloc() to have it picked up in the address list; apparently alloc() will do as well...
Q2: that is indeed what I meant
Q3: from a beginners point of view, this table is great (when I picked up this technique, I had no idea what was saved/referred to these labels
(for a Pro this is old news; I get that Cool ). Still, it is an easy way to get around in memory...
Q4: yep, I concluded that myself, about struct vs class. But I'm getting there evt... (meaning about identifying structures & VFs)
Q5: pointers at the start of the structure (last image):
the 1st ptr is 8 bytes (fair enough), but the 2nd one just 2 bytes (?); or am I reading/interpreting this incorrectly? Also (I need to check this), but the 1st 2 entries seem to point to my game's exe memory, while the others point to data memory?!
How would one (possibly) interpret those pointers? F.i. does (could it) mean that the 1st 2 are (virtual) functions? And what about the other ones?
AND: there is a "regularity" here: 8+2, 8+2, etc...

-EDIT-
As soon as you mentioned "hex", it hit me (like a stick on a donkey's ass Embarassed). sorry about that: blame it on my feminin side, talking before her turn Wink.
As for the VF table stuff: way too early for me - as a beginner - to dig/debug into that. But I'll get there eventually...
And fyi: alloc() works as well. thx


Last edited by paul44 on Wed Aug 23, 2017 3:38 am; edited 1 time in total
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Tue Aug 22, 2017 8:40 am    Post subject: Reply with quote

paul44 wrote:
Q1: I first assumed that one HAD to use Globalalloc() to have it picked up in the address list; apparently alloc() will do as well...
If you want to use it in the address list, make sure to register the symbol. globalalloc does this automatically; alloc does not.

paul44 wrote:
the 1st ptr is 8 bytes (fair enough), but the 2nd one just 2 bytes (?); or am I reading/interpreting this incorrectly?
That's hexadecimal. 0x10 = 16 in decimal. 16 - 8 = 8.

paul44 wrote:
Also (I need to check this), but the 1st 2 entries seem to point to my game's exe memory, while the others point to data memory?!
How would one (possibly) interpret those pointers? F.i. does (could it) mean that the 1st 2 are (virtual) functions? And what about the other ones?

As I said before, if a class has virtual functions, then objects of that class will have a pointer to a vtable as their first member. The first pointer could be pointing to a vtable, but I don't know. The others, I have no idea what they're used for. If you're curious, debug the game and figure out how it's using those members and/or the data those members are pointing to.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
kennethas
How do I cheat?
Reputation: 0

Joined: 14 Aug 2017
Posts: 4

PostPosted: Wed Aug 23, 2017 5:31 am    Post subject: Reply with quote

@ParkourPenguin can you help me about something in aobscan codes? I can't pm you maybe because I'm new Crying or Very sad
Back to top
View user's profile Send private message
Dwarface
How do I cheat?
Reputation: 0

Joined: 06 Nov 2017
Posts: 1

PostPosted: Mon Nov 06, 2017 7:49 am    Post subject: Reply with quote

I am getting 0 results after pointer scanning, am I doing something wrong?
Back to top
View user's profile Send private message
seorm10
How do I cheat?
Reputation: 0

Joined: 26 Dec 2017
Posts: 1

PostPosted: Tue Dec 26, 2017 12:05 am    Post subject: Reply with quote

Hello
My pointer scanner function is not capable of finding all sorts of pointer paths
that the traditional methods won't find.
Back to top
View user's profile Send private message
GovernedSquid6
How do I cheat?
Reputation: 0

Joined: 16 Jan 2018
Posts: 1

PostPosted: Tue Jan 16, 2018 5:50 pm    Post subject: 0 Pointer paths Reply with quote

For some reason when i do everything listed and pointer scan, it says that it found 0 pointer paths. What am I supposed to do now?
Back to top
View user's profile Send private message
john1214
How do I cheat?
Reputation: 0

Joined: 25 Jan 2018
Posts: 1

PostPosted: Thu Jan 25, 2018 12:54 am    Post subject: Reply with quote

Hello
My scanner is not working properly Crying or Very sad, So Could anyone please guide me how I can solve this?
Thanks in advance


Last edited by john1214 on Mon Jan 29, 2018 3:30 pm; edited 1 time in total
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Thu Jan 25, 2018 6:14 am    Post subject: Reply with quote

@john1214 watch a video on someone working with the tutorial and make sure you do exactly what they did. If it works there then it's not the scanner.

Or perhaps make a video so we can see exactly what you mean by "does not work properly" rather than making random guesses...
Back to top
View user's profile Send private message
shawn778
How do I cheat?
Reputation: 0

Joined: 21 Feb 2018
Posts: 1

PostPosted: Wed Feb 21, 2018 12:49 am    Post subject: Reply with quote

Hello

I have windows 10, Can you tell me how to POINTER SCAN my windows using cheat engine?
Thanks.
Back to top
View user's profile Send private message
frenchiveruti
Cheater
Reputation: 0

Joined: 07 Jun 2009
Posts: 35

PostPosted: Mon Apr 16, 2018 8:54 pm    Post subject: Images Down Reply with quote

Hello, i know this thread is quite old, but it seems that postimage took down all the images from this forum, so it would be nice to have them on ImgUr as you relly heavily on those for the tutorial.
Thanks!

_________________
Acknowledgeable enough.
Back to top
View user's profile Send private message MSN Messenger
FreeER
Grandmaster Cheater Supreme
Reputation: 53

Joined: 09 Aug 2013
Posts: 1091

PostPosted: Mon Apr 16, 2018 9:05 pm    Post subject: Reply with quote

https://web.archive.org/web/20171019202636/http://forum.cheatengine.org/viewtopic.php?t=572465
_________________
https://github.com/FreeER/ has a few CE related repos
Back to top
View user's profile Send private message
_Gonzo_
Newbie cheater
Reputation: 0

Joined: 05 Jun 2011
Posts: 12
Location: Russia

PostPosted: Fri Jun 29, 2018 11:49 am    Post subject: Reply with quote

Thank you for link to web archive! cuz pic's dead..
_________________
Very Happy ?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Tutorials All times are GMT - 6 Hours
Goto page Previous  1, 2, 3, 4, 5, 6  Next
Page 5 of 6

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites