Cheat Engine

[CassiOwOpeia]

In a game I try to find a pointer corresponding to magic points. I hope that it's readable, I try my best to make this post readable!

To explain briefly, I find the value (4 bytes) corresponding to what I am looking for, if I modify it the game changes the value as expected. When I look at the instructions that access this address I naturally find a subtraction. I start looking for a pointer manually by looking at the first offset as well as the first address, however I can't find any address pointing to the address I'm looking for. I don't get discouraged and I use the pointerscan, I find thousands of results, I restart the game and I do a rescan, and now there is no address left.

The thing that is weird is when I search for the value, I have four exact values (I don't know why but I think it's normal, only one really change the value in game), but I found other values that have the same behavior (increase by and decrease by the same amount, but that don't have the same values).

For exemple when I have max magic, I have 40 (of true value), but there is other values with 108.

I tried to look at the instructions that precede the substraction, but there is nothing very convincing.

Here's the list of instructions that access the address :

[ParkourPenguin]

There are plenty of reasons why a "traditional" pointer path might not exist. This isn't an unusual circumstance.

Try code injection instead. Make sure the instruction doesn't access any other address, then do a code injection to copy the address being accessed (search "injection copy").

[CassiOwOpeia]

Thanks you for your answer !

So the best way to "always found the pointer" is to just copy the address that is used in the instruction, and looking if there is no other addresses that is being access by the instruction ?

It feels a bit sad to not being able to found a pointer path, can you tell me some of the reasons of why I canno't found a "traditional" pointer path ? or maybe a documentation or somewhere where I can understand a bit more there kind of pointers ?

[ParkourPenguin]

I wouldn't call it the best way. That would largely depend on the instruction you're injecting at. Instructions that access multiple addresses are annoying to deal with. Also, the game has to run the instruction in order for your injection to copy the address. This can lead to circumstances where people may think the script doesn't work when they actually need to do something in game in order for the instruction to run.


Pretty much everything in a pointer path could go wrong.

Pointer paths could go through weird data structures that result in non-static offsets. e.g. any container that gets populated in a non-deterministic manner, either intentionally (DoS-resistant hash maps, certain arena implementations) or unintentionally (race conditions).
You could look through the container manually to find the object you want, or there could be an index stored in memory related to it. In any case, the pointer scanner won't be able to do anything about it.

Some offsets can be obscenely large. This is common in emulators. It's infeasible to use a max offset of 2GiB or something in a pointer scan.

I've seen JIT compilers encode dynamically allocated addresses as an immediate in instructions. These practically serve as base addresses that can't be found by the pointer scanner.