Cheat Engine

[Barb86]

Hi

In a game I am trying to figure out the pointers to my HP.

I find my HP address and then do a pointer scan, I get about 40million pointer possibilities. After changing the area in-game I do a rescan which brings it down to about 30 million pointer paths saving to a new ptr file.

I restart the game, find the new HP address, then click pointer scan for this new value. I "cancel" the window that pops open the saved ptr file, and click rescan, i plug in the address for my new HP location and press scan..... 0 pointers?? I can only assume that my pointer is level 6 or maybe 7, but this takes hours to scan for....


So instead I use the "find what writes to this address" method and work my way backwards until I get the green static address of the "root" pointer. I get the first pointer address with the offset. Now I search for what is writing/accessing the pointer to HP. But the result is the same address as the pointer itself. I can't progress further back.

Am I doing something wrong? Do I just need to wait for a lv6-7 scan?

Is there a CE function which helps to trace the pointers using another method?

[Barb86]

So....

Added pointer pointing to my HP with the right offset. And its ok.

Now I try to determine what accesses my pointer:

0085B2A2 - 33 F1 - xor esi,ecx
0085B2A4 - 23 B7 18040000 - and esi,[edi+00000418]
0085B2AA - 8B 04 B0 - mov eax,[eax+esi*4] <<
0085B2AD - 85 C0 - test eax,eax

EAX=08FE65C0
EBX=1880A000
ECX=FFFFF06F
EDX=FFFFF06F
ESI=00000090
EDI=1BCB402C
ESP=0012FB7C
EBP=0012FB84
EIP=0085B2AD


I tried adding a pointer which value has 08FE65C0 with the offset 0x90*4, no luck....



EDIT:

Trying to figure out my 11th!!!!! Pointer, but nothing shows up in memory with this value:

7614682A - 83 F9 40 - cmp ecx,40
7614682D - 0F83 738C0000 - jae KERNELBASE.GetThreadId+52
76146833 - 8B 84 88 100E0000 - mov eax,[eax+ecx*4+00000E10] <<
7614683A - 5D - pop ebp
7614683B - C2 0400 - ret 0004

EAX=02F9E640
EBX=0460D200
ECX=00000027
EDX=013D84A8
ESI=773CF760
EDI=000374F3
ESP=0012FE4C
EBP=0012FE4C
EIP=7614683A


I have tried to resolve it in many ways;
(eax+ecx4)+offset
(eax+00000E10)+offset
(eax)+offset

nothing like this is in memory. And if I just put 02F9E640 I am suddenly back to my 9th pointer..... I am just going in circles here...

[Kriogenic]

In what game are you trying to do this?

11 pointers is pretty insane O.o I've only ever worked up to 5 pointers

[katteknots]

If you're dealing with a 6 or even 7+ layered pointer, which is very rare indeed, I'd suggest the manual method, which you're trying.
But since it's a bit rare that the pointers are that "high-leveled", you could try rescan the pointer using "Pointer scan this address" one more time, and see if you're more lucky next time, maybe you've made a small mistake perhaps?

And if that also doesn't solve anything, I hope there are more experienced cheaters out here that can help you!

Also have you tried finding different addresses? Like mana/ammo/armor/exp/level etc.? If so, did that work?

[Fresco]

maybe if you read this you'll understand
http://forum.cheatengine.org/viewtopic.php?p=5370193#5370193

also read the full topic if you're not convinced.