 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
jim2point0
Master Cheater
 Reputation: 4
Joined: 05 Oct 2012
Posts: 336
|
 Posted: Mon Jul 29, 2013 10:31 am Post subject: Trouble getting a real, stable pointer (solved) |
 |
|
Hello!
I've been using Cheat Engine for a while now but am still very much n00by at it. I tend to use the pointer scanner and narrow down my results to the point where they're stable enough to use, but never something I'd actually share with others.
Sometimes that doesn't work. For example, I found the address used for the time of day in Need for Speed Most Wanted, but none of the pointers work after I close\open the game. So I decided to learn how to do it properly.
I found my address. I checked the code that writes to it (only 1 line). I clicked more information and found the base address and offset I need.
I scanned for that address and found a static. I manually added a pointer with that address + the offset from earlier.
When I close\open the game, that pointer no longer works. HOWEVER, as soon as I attach the debugger, the pointer magically starts working.
What can I do to make this pointer work from the get-go? Is there a tutorial on how to code up a script that grabs this address?
Thanks for any help!
Last edited by jim2point0 on Tue Jul 30, 2013 6:59 am; edited 1 time in total |
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Mon Jul 29, 2013 10:59 am Post subject: Re: Trouble getting a real, stable pointer |
|
|
| jim2point0 wrote: | | I scanned for that address and found a static. |
Were there only one result (regardless of static-ness) or several?
If only one result: do as if this address wasn't static. If this address belongs to the true pointer to your variable, there are high chances that the instructions that access it contain a " *4 " like "mov eax,[game.exe+1234+ebx*4]". In this case you'd have to find the value of that ebx (find one-shot pointer to "time of day", see value of ebx in debugger, scan for it, restart game, find new ebx, filter with new value).
If several results: pick another, that static variable might just coincidentally have the value you scanned for.
| jim2point0 wrote: | | When I close\open the game, that pointer no longer works. HOWEVER, as soon as I attach the debugger, the pointer magically starts working. |
Most likely just a coincidence.
| jim2point0 wrote: | | What can I do to make this pointer work from the get-go?! |
Personally I'd find out what access the "time of day", and use the "check if found opcodes also access other addresses" feature (right click in the found opcode window). Then inject some code near an opcode that is only used to access the time. The number of accessed addresses is indicated between parenthesis in the count column.
Note: the pointerscanner cannot handle negative offsets. That might be why it couldn't find a stable pointer.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
jim2point0
Master Cheater
Reputation: 4
Joined: 05 Oct 2012
Posts: 336
|
| Posted: Mon Jul 29, 2013 3:51 pm Post subject: Re: Trouble getting a real, stable pointer |
|
|
Just wanted to post that after doing some research into code injection, I figured out how to do exactly what I want to do. Feel free to let me know if there is a better way.
I'm basically jumping to the address of the code that writes to the address I want... and storing that in a symbol (pTimeOfDay). I have a pointer that simply has "pTimeOfDay" as the address and the offset I need.
Probably basic stuff, but I'm a n00b that's actually trying to learn the basics for the first time.
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
label(pTimeOfDay)
registersymbol(pTimeOfDay)
alloc(newmem,2048)
label(returnhere)
label(originalcode)
label(exit)
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
mov [pTimeOfDay],esi
jmp exit
originalcode:
movss [esi+00002A84],xmm0
exit:
jmp returnhere
///
pTimeOfDay:
dd 0
///
"NFS13.exe"+4B4C28:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
"NFS13.exe"+4B4C28:
movss [esi+00002A84],xmm0
unregistersymbol(pTimeOfDay)
|
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Jul 30, 2013 12:03 am Post subject: Re: Trouble getting a real, stable pointer |
|
|
| jim2point0 wrote: | | Feel free to let me know if there is a better way. |
That's exactly what I would have done if I were you (as said in my previous post), so currently, no I don't see any better way. Pointerscan didn't work, manual pointer search failed, your current solution works and doesn't contain big mistakes/bugs, so I'd say that's good enough.
One little possible improvement is to use an aobscanmodule instead of constant addresses, incase your game gets updated.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
