Cheat Engine

[chrisjarram]

Hi Dark Byte,

I really, really hope you can help as the pointer scanner in CE 5.6 is proving to be a right pain. I had a deep pointer scan (2560, 7 level) on a 750mb game going for 14 hours, then reloaded the game, rescanned with the new value (which took over 8 hours) and when it finished it displayed the message re: max displayable entries. It failed to open the new PTR file (crashing with an access violation in module CheatEngine.exe) and despite numerous reboots it crashes every time I try and open this file, wasting nearly 24 hours of my CPU time and electricity if I can't fix it.

Can you please shed some light on this, or at least post the full pointer scanner output file format here so I can fix any problem manually or write some useful tools to process this myself?

Thanks,
Chris J

[Dark Byte]

which files are present in the folder you saved the pointerscan to ?

there should be a pointerscanname.ptr, and a pointerscanname.ptr.1, pointerscanname.ptr.2, etc... depending on how many threads you used

open pointerscanname.ptr with a hex editor and check if the filenames are what they should be, perhaps they are wrong.

I suppose you don't feel like getting the sourcecode and debug ce right ? (figuring that sending me the pointerfiles is out of question)


anyhow, the main .ptr is build up like:
DWORD modulecount
{repeat for modulecount times}
DWORD modulenamecharcount
char [modulenamecharcount] modulename;
{end of repeat}

INT maximum level
dword numer of result files
{Repeat for each result file}
DWORD filenamecharcount
char [modulenamecharcount] filename;
{end of repeat}

then the separate scanners are build up using:
{repeat until end of file}
INT module index of the modulelist of the main ptr
DWORD offset into the module
DWORD offsetcount
DWORD[maximumlevel] offsets
{rep}

maximumlevel is based on the level of the main .PTR file


also, when you did a rescan, did you accidentally overwrite your old pointer results, or did you use a new filename?

[chrisjarram]

Hi DarkByte,

Thanks again for the quick reply - I'll look closely at this in the morning as its nearly 1am here. I took a look at the CE source but didn't have time to set up a build environment for it (looks like pascal files in there?). I've done a fair few pointer scans and am familiar with the naming convention (.0, .1 etc), and havent written over any of the old files. I am very careful to get things correct when I set up operations which I know are going to take hours and hours

Thanks for posting the format, I'll verify my findings with you tomorrow - in the meantime basically the error comes immediately after the 'due to limitations only the first 1xxxxx results will be displayed' and ok is clicked.. it is an AV:

"Access violation at address 00565775 in module Cheat Engine.exe, Read of address 00000000"

So looks like something is trying to read a null pointer to me - does this cast any light on things ie is it something you've witnessed before?

You're right I can't really send the files - the initial scan generated nearly 1.2TB and the problem file is about 350Gb.

Thanks again,
Chris

[Dark Byte]

it could be the modulelist, or a different offset size that causes misalignment ?


it's written in delphi 7 enterprise, but if you don't have it and can't get it, but do know how to get the source from the svn, then get the cheat engine 6.0 sourcecode and lazarus

the pointerscanner has already been ported there and still adheres to the same ptr buildup as 5.6

tip for fpc: find and edit fpc.cfg and change the verbose option at the end to ONLY show errors, showing warning as and hints makes compiling take an hour

[Dark Byte]

If you're able to, you could send me the main .ptr and the first 16KB of each .PTR.# file (seeing that the av comes when it's about to display the first part of the results)

[chrisjarram]

Hi again DarkByte,

I'm currently in the middle of writing a script to process the .ptr files (and get some additional info out) so I'll post my findings asap, including what has caused the error - will also try and post file fragments.

Cheers
Chris

[Dark Byte]