Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Unable to find base address / pointer [State of Decay]

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
glf4k
How do I cheat?
Reputation: 0

Joined: 05 Feb 2018
Posts: 5

PostPosted: Mon Feb 05, 2018 12:50 pm    Post subject: Unable to find base address / pointer [State of Decay] Reply with quote

Hello everyone, first of all let me introduce myself. I am relatively new to Cheat Engine (but not in computer programming in general). Let's go straight to the point:

My goal is to find base address / static pointer to player inventory, but I am stuck in finding static pointer for first slot.

This is what I have done:

1.) I've found dynamic address for inventory slot (0x1cea758) in the example below.
2.) Did "find out what accessing the address" feature. Found that its moving content of EAX registry to EBX, with an offset 4*EDI. EDI is zero, so offset is 0.
EAX holds address same as dynamic address so I've scan for addresses with values of 0x1cea758.
Found two results:
See attachment 1.png

I did "what accessing the address" for both adresses, first one points correct but is not affected by gameplay. Second one is. (Affected by gameplay I mean when value changes in game it does not do any memory changes in "accessing address")
See attachment 2.png

3.) I did scan for addresses whose value is 0x1d6cc368: Found just one address, but its also not affected by gameplay and points to incorrect value.
See attachment 3.png

What I am doing wrong? Please, help.



3.png
 Description:
 Filesize:  54.64 KB
 Viewed:  4873 Time(s)

3.png



2.png
 Description:
 Filesize:  93.41 KB
 Viewed:  4873 Time(s)

2.png



1.png
 Description:
 Filesize:  501.94 KB
 Viewed:  4873 Time(s)

1.png


Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 31

Joined: 09 Aug 2013
Posts: 760

PostPosted: Mon Feb 05, 2018 2:07 pm    Post subject: Reply with quote

Looks like it points to the correct value to me

19572200->1D6CC358, +10 = 1D6CC368
1D6CC368->1CEAE758. +0*4 = 1CEAE758

You have to add the offset 0 as well to get it to dereference a second time to 1CEAE758.
Back to top
View user's profile Send private message
glf4k
How do I cheat?
Reputation: 0

Joined: 05 Feb 2018
Posts: 5

PostPosted: Mon Feb 05, 2018 2:38 pm    Post subject: Reply with quote

Thanks for response.

Sorry, but what exactly I am doing wrong?
I did it again but again without success.

Please, take look at the composition below:
1.) Found dynamic address 1CECC758
2.) Found working address using the dynamic address at 1D6D4368 (slot_0 1 ptr)
3.) Scanned what accessing the"slot_0 1 ptr" that I should scan for pointer (1D6D4358) with an offset of 10.
4.) Scanned for the value and found just one address (19562240) holding value (1D6D4358) and the address is not valid (game does not uses the address at all).
5.) When I add pointer with address 19562240 and offset 10, it points to correct address but has incorrect value ?
Value shouldn't be 805306377 as 0x19562240 -> 0x1D6D4358 -> 0x1CECC758 ?



12345.png
 Description:
 Filesize:  114.97 KB
 Viewed:  4857 Time(s)

12345.png


Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 31

Joined: 09 Aug 2013
Posts: 760

PostPosted: Mon Feb 05, 2018 3:00 pm    Post subject: Reply with quote

You have to add another offset with the value 0.

decimal 485279576 is hex 1CECC758, reading the value at 1CECC758 would give you 805306377 just like slot_0 and "slot_0 1 ptr" do.

Something like


I don't have the game though so I just made that up in paint based on a 2 level pointer in the tutorial.


edit: ah, 1d6cc368's value changed, it's not 1CEAE758 anymore... can't say whether the inventory slot has move so not sure if that's actually wrong or not but.

When I work with pointers I generally use the pointer scanner, or just hook some code to copy the address of what I want somewhere that I can use it. But then I generally only use pointers if I can't create an auto assemble script to do what I want in the first place...
Back to top
View user's profile Send private message
glf4k
How do I cheat?
Reputation: 0

Joined: 05 Feb 2018
Posts: 5

PostPosted: Mon Feb 05, 2018 3:42 pm    Post subject: Reply with quote

FreeER wrote:
You have to add another offset with the value 0.

Thank you ! That helped out with the pointer 2.

I am not using pointer scanner because it took too long with billion of results.

Now the 2no pointer shows correct value and when changed, all values in my table change to new value so I think I am on a good way.

The scan of 2nd pointer tells me to scan for another address, but there are no results, whats wrong?
Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 14

Joined: 24 Feb 2017
Posts: 441
Location: 'Merica

PostPosted: Mon Feb 05, 2018 3:51 pm    Post subject: Reply with quote

I would say that the registry for the base is being modified before the instruction, so the base in memory is not the same as the registry value at that point. Just do like @FreeER said and hook that instruction if no other addresses get accessed. You could also try the pointer scanner at that point, a few levels in can make a big difference in scan results and times, just hook the instruction, or save the address for the instruction, for easy access to the address to scan for. But this may be why you find no results after a bit, then your back to hooking the instruction to store the base, which I tend to do just to help in the pointer scanning. But if you like to have real pointers on a table, then it might be worth a shot.
_________________
Back to top
View user's profile Send private message
glf4k
How do I cheat?
Reputation: 0

Joined: 05 Feb 2018
Posts: 5

PostPosted: Mon Feb 05, 2018 4:03 pm    Post subject: Reply with quote

@TheyCallMeTim13 - Thanks for response, there is no address moving at all, but only I'm just dumb Very Happy

EDIT:
I've found it, the problem was that I checked only item withdraw addresses.



found.png
 Description:
 Filesize:  51.5 KB
 Viewed:  4822 Time(s)

found.png


Back to top
View user's profile Send private message
TheyCallMeTim13
Wiki Contributor
Reputation: 14

Joined: 24 Feb 2017
Posts: 441
Location: 'Merica

PostPosted: Mon Feb 05, 2018 4:20 pm    Post subject: Reply with quote

Well the address being green tells you that it's a static address, so if you add that to the address list and double click the address in the list, in the edit form you will see an address like "game.exe"+123ABC, this is what you are looking for which mean either you are real close and just need to figure out the right offset, or the offset is calculated and is subjected to changes. If you have not tried the CE tutorial then I think that will get you started, you'll just have to register some memory to store the base to use as a pointer.


Tutorials
Tutorials - Auto Assembler - Injection
Cheat Engine Tutorial Guide x32
Cheat Engine Tutorial Guide x64

EDIT:
I See you found it.

_________________


Last edited by TheyCallMeTim13 on Mon Feb 05, 2018 4:23 pm; edited 1 time in total
Back to top
View user's profile Send private message
FreeER
Grandmaster Cheater
Reputation: 31

Joined: 09 Aug 2013
Posts: 760

PostPosted: Mon Feb 05, 2018 4:21 pm    Post subject: Reply with quote

Glad you got that solved,

Have fun hacking! Smile
Back to top
View user's profile Send private message
glf4k
How do I cheat?
Reputation: 0

Joined: 05 Feb 2018
Posts: 5

PostPosted: Mon Feb 05, 2018 4:26 pm    Post subject: Reply with quote

EDIT
I've ran into another problem I never faced.

I've base address, but I cant change its value, e.g. when I change the value, its immediately rewritten when the game is not paused.

This code (may be game loop) is always refreshing it somehow. Any way how to continue ? Scanning for 0x00000024 will give thousands of results.

Game actual value is Dh, so the code checks if its 13, if true it jumps to another instruction otherwise its putting Dh there.



123.png
 Description:
 Filesize:  19.78 KB
 Viewed:  4799 Time(s)

123.png


Back to top
View user's profile Send private message
sbryzl
Expert Cheater
Reputation: 4

Joined: 25 Jul 2016
Posts: 136

PostPosted: Wed Feb 07, 2018 3:57 pm    Post subject: Reply with quote

You need to trace it backward. Since the register esi is being moved into your address you can look up and see that value comes from eax. Then look further back to see when the value is entered into eax. Keep looking backward. You may need to go back through multiple functions and stack moves or it might just be a few instructions back.
Back to top
View user's profile Send private message
OldCheatEngineUser
Whateven rank
Reputation: 9

Joined: 01 Feb 2016
Posts: 889

PostPosted: Wed Feb 07, 2018 7:25 pm    Post subject: Reply with quote

dont bother yourself, the real value isnt static address.
i played this game on my friends PC, the display value was static address (green) were the original value was different number and i dynamic i think.

_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
patched cheat engine tutorials
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites