 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
wulfcare
Advanced Cheater
![]() Reputation: 0
Joined: 27 Feb 2023
Posts: 59
|
 Posted: Mon Mar 20, 2023 2:28 am Post subject: What does the start of an Entity List actually look like |
 |
|
Hey guys,
I have found random entities on my cheat engine memory viewer but was just wondering what the actual base of an entity list looks like?
The entities in the game I am reversing are just a list of pointers that when I open / dissect data structure on one of them take me to the entities stats, coordinates ect.
The current entity system for the game I am playing consists of the following instructions when I use find out what accesses this address on one of the entities base pointer addresses.
7FF6F22DFB80 - 4C 8B 02 - mov r8,[rdx] --> This is on a counter when entity is within player range
7FF6F22C659A - 49 8B 1C C7 - mov rbx,[r15+rax*8] --> This is called when I walk out of range of the entity
7FF6F22C659E - 4D 89 34 C7 - mov [r15+rax*8],r14 --> This is called when I walk out of range of the entity
7FF6F226997D - 48 8B 3B - mov rdi,[rbx] --> This is called when I walk back in range of the entity
7FF6F2269980 - 4C 89 03 - mov [rbx],r8 --> This is called when I walk back in range of the entity
On the second and third instruction, R15 is the address of the game client and rax is 0x3520 for the bear monster in game.
What would the best method be to find the base of the Entity List structure given these instructions?
|
|
| Back to top |
|
 |
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Mon Mar 20, 2023 11:18 am Post subject: |
|
|
I tend to tie into entity lists via their appearance in a minimap or viewing radius functions, so the appearance may be different for other functions.
What you generally look for is the function you are tracing will loop over all the entities, regardless of whether they are present or not. This will present as a more complex pointer, such as the [r15+rax*8] you found.
Trace above that and you will see that r15 is the base of the list and rax is a counter for which pointer in the list to check next. Then find where r15 is set in memory, whether in this function call or a previous one, which can be tedious to trace but keep at it. As you trace further and further back, noting each offset the game uses to track the next pointer. You will eventually find the base offset for the pointer. It will look like an address being moved into a register.
Then you have a pointer to the list that you compiled by tracing r15 all the way to its assignment the first time.
In code, you can manually iterate through the list and have the full entity roster at your disposal. You may find an entry or exit point or perhaps a max size of list in the structure, or have to perform a validity check for each next 'entity' to ensure you are not viewing nonsense.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
