Cheat Engine

[OddIt]

I am completely out of ideas.....

Imagine you're playing a level, by default you've got a grand total gametally for each level you completed regarding some creatures you saved:

A gametally exists for each type of savable creature, example:

1) worker == 56
2) fuzzle == 81
3) eggcrate == 0

(I am able to use hex editor on save file to copy out the xml and find the gametally values for these savable creatures)

So you want to find this address for this 4 byte integer data type, but the issue is these gametally values are only loaded once during the level, and it doesn't update throughout the level.

When you get to the end of the level, step on the exit teleporter and teleport out, then the game loads, during this first in-game loading screen the values are changed, which is the single window of opportunity, next a cut-scene plays during the same level, and then the next level will be loaded after it, changing all the addresses.

I can confirm it is not a green address...... I have tried all of them....

If I alter all the values of each black addresses all at the same time the game will crash, even if I pause and unpause the selected process to alter said values.

Is there a way, to filter down 500+ addresses when you cannot verify anything? I start around 2 million and get to scan once by saying it incremented the 4-byte value by "X" rescued in that level which leaves me with 2000 to 500 results.....

Is there a way to watch the each executed code operation and sift through it, I feel like that would be my best bet to be honest.....

The problem is I usually can quickload which keeps the same addresses, but when the level is completed I become locked out of getting to the menu to quickload the level again, this makes trying to find a single unique value from the first scan with just one more scan as close to impossible as it can get.

Now I could try if seeing what accesses the current level tally address which it then adds it to the value of the black address I want to find, I could repeat things that way... I could potentially see if saving the game with X amount saved and then doing another file with a quicksave of x+1 amount saved and then loading the quicksave might keep the same addresses as well but I dunno and I can't have more than 1 quicksave so I don't know if I could just load back and forth....

I guess I could try those, any other ideas as to track down this value I know the starting value and what it changes being limited to 2 scans?

[++METHOS]

You are able to find and edit the correct values in the save file? Does it work, or are they overwritten at startup? If you can change them and they are not overwritten during startup, try changing them to something extremely odd and searching for those values while in-game. Once found, check to see what is accessing them and leave that debugger window running until the level completes. The result(s) that populate the list should give you what you need in order to alter the values...but...if you can edit/save the save file, then I'm not sure what you're trying to accomplish or avoid.

Alternatively, ultimap can work, but it's not likely to be your best option if you can work with the save file - since the results that ultimap finds may include many other results due to the fact that the values only change at load times, and, because even if you find the right call, you'll need to know what you're doing in order to really find what you're looking for.

I'll also add that the scan for 'changed by' (or whatever) may not work, if the values in-game are not representative of their actual values...also assuming you even have the correct data type. Assuming that you are correct, however, and that the 500+ remaining results do actually contain the correct value that you're needing, then you can check to see what is accessing them while doing whatever it is that is necessary for that value to change. You can also set breakpoints on any instructions that you think might be responsible for those changes. That said, since I'm not entirely sure what you're talking about or how/when the values are actually altered, I'm just guessing here.

[OddIt]

[OddIt]

So it appears the solution that worked was to find a level where you can first rescue the prisoners, scan for the level saved counter, and then alter that to be "13371337" which no other value is which was a plus, finish the level so it would add that value to the gametally address I was looking for. Then scanning for "13371337" would yield one to three black addresses which I would then test by altering the value and going into the Pause Menu - Quarma and seeing if the total had changed.

But then I was having an issue with "Pointer Scan for this Address" with no results after two or three scans, so I got creative.

With the confirmed black GameTally Address, "Find out what accesses this address" and then while in-game I would then pause the game, this would show showing tried to access it, I saw the best guess address was always +1C so I scanned for the best guess address with hex checkmarked and one result was returned, I double clicked it to add that address to the address list and then "Pointer Scan for this Address" on it with Maximum Offset value==2500 and Max Level==5.

Narrow down the pointers by loading the previous level with the "13371337" level tally to add to the game tally by finishing the level again. The black addresses were different which is good, then unchecked hex and scanned for "13371337" would yield one to three black addresses which I would then test by altering the value and going into the Pause Menu - Quarma and seeing if the total had changed. Once I found it I would "Find out what accesses this address" and go into pause menu to see the best guess address + 1C, so scanned for the best guess address with hex checkmarked and one result was returned, I double clicked it to add that address to the address list and then double clicked it to copy just the base address (just to be safe) and then in Pointer scan Window went to Pointer Scanner -> Rescan Memory option and pasted in the best guess address to find.

Repeated above paragraph until was left with 2 values, I chose the one with the lowest base address. I then opened it in the address list and added another offset at the top and entered 1C. It appears to work closing and opening the game again.

I don't understand why pointer scanning the black parent address worked while the black address of the value doesn't, but I am satisfied it is working.

[++METHOS]

Just wait until you figure out injection and never have use the pointer scanner again.