Cheat Engine

[Gestalt]

Hi, i'm kind of new to game hacking and trying to make a trigger bot for the game, Saints Row IV. I sort of managed to do that. I found an address that is 0 when looking at world and something when looking at an entity. I then simulate a left mouse click.
I'm not satisfied though cause there are some problems.

1. I didn't seem to find the static address. So once in a while I need to update my addresses in the triggerbot.

2. I would love to find the Entity array or maybe only the current npc in the crosshair base address, in order to check HP and hopefully a flag like "hostile" or something.

What i seek is some guidelines or tips I could use in order to solve this. If you want any information just ask. Currently I'm using this:
SomeBase:"SaintsRowIV.exe"+061E0A90
PlayerBaseOffs1:6c8
PlayerBaseOffs2:2c
PlayerBaseOffs3:100
PlayerBaseOffs4:7c

HealthOffs:88
CrossHairID:240

and if I look at what writes to health I get this:
009B8627 - F3 0F11 86 101E0000 - movss [esi+00001E10],xmm0
(esi = 1E8BC000)

I really don't know much more and as I said the Addresses isn't static even though they work most of the time.

Thanks in advance.

[Gniarf]

[Gestalt]

Nice, thank you. You did a lot of work. Smart trick with getting the address.
Also the flags would be very useful if I could find out the pointers. How did you get the values, by just look for changed values?
Last time I ran a pointer scan on this game (level 7,offset 4096 ) my hard drive ran out of space (over 1.40 TB) I'm going to raid my other drive and get another TB and see if I can get this one.
Maybe I should use less levels or offset value. Is there a good recommendation?

Side note: I make my cheats in C++ currently. I'm kinda new to that too but I do have many years of experience with C# so it's not that hard to understand. I guess I need to learn AoB scans in C++ then, fun! I'm not that much in it for the cheats, I just like to challenge myself.

Thanks for the quick, very helpful answer. Hope you have a nice evening!

[Dark Byte]

This pointerscan would need a structsize of 8192
Anyhow, have you tried some of the new option in 6.3. E.g limiting the number of elements by node can greatly decrease number of results, but still return quite useful paths. (It's like a variable structsize during the scan)

[Gestalt]

[Dark Byte]

The documentation is basically just a repeat of the function name

Here's a few more detailed explenations:
First element must point to module:
If it is an object oriented programmed game, objects tend to have a vtable as first element of their structure.
A vtable is basically a pointer to memory describing the class properties. The memory is usually located in static memory (module memory)
So, if you do a scan with this, you only find real objects, instead of getting offsets that point halfway into another object

No looping pointers:
This remove pointerpaths that would enter an infinite loop, including it's children
e.g a->b->c->d->a->b->c->d....

Max different offsets per node:
Normally the pointerscan will take every offset there is in the current node
Worst case scenario: 0, 4, 8, c, ... ff8, ffc, ...
Usually more like: 4, 48, 12c, 480, ff8, ffc

With max offsets per node set to 3, it will only enter the first 3 paths it encounters (4, 48, 12c, and skip 480-)
As you may guess, there is a chance you may lose some valid pointerpaths, but this will reduce the amount of paths tremendously and you can do very big level scans.
And it's not completely useless, as it is able to find high value structure elements, and it's usually recommended to pick the path with the smallest offsets anyhow

[Gestalt]

Nice, thank you I get it now. If I find anything useful I'll post what I find here so others may use it.

[Gniarf]

[Gestalt]

Thank you so much. I came up with nothing solid. I've learned much by this, now it's up to programming it.
Do I need to make a code cave in c++? I've never done that. All I try fail. I think external hacks are more practical but dll injection works too. I have tried booth, the only time something happened was when I crashed the game, lol. Actually the hacks I done in the past (in C++) only involve reading and writing values to addresses. This is all new.

As I see it, failing is a part of learning. I'm gonna keep try, sooner or later I will get it. Thanks for all help!

[Gniarf]

[Gestalt]

I use the Steam version of the game, legal. What I tried most now is dll injection. This is my short test cpp:

[Gniarf]

You were missing the VirtualProtects, a null check in ReadInformation(), and "jmp dword ptr ds:[dw_CodeCaveAddy+5]" means read what is at (&dw_CodeCaveAddy)+5, interpret it as an address and jump there.

Also I recommend getting some sleep in the while(GetAsyncKeyState(...)) loop.

Nice one for the __declspec(naked), I didn't know that trick.

[Gestalt]

Thanks, this works. And I tried hardcoding the exe as you said and that worked perfect. Suddenly I have 2 working triggerbots lol. This has been very educational. Thanks again!

[Gniarf]

Lol now we've got too many working bots. Well, if you don't mind there is a question that's been bugging me for a while: for me shooting is part of the fun so, what do you want to do with a triggerbot ? Throw your mouse sideway and clear a room?

[Gestalt]

Actually I finished the game on harcore without any kind of cheats. I just wanted to make a triggerbot and I was currently playing this game. I think most cheats takes away the fun in games. There is a lot of work put in to make a game challenging and rewarding. With cheats I just can't feel that I get rewarded.
However I really do love programming and now game hacking got my interest. I will probably try and use what I've learned on a few other games just to see if I can. It's the developing that is interesting to me.
By the way, since Saints Row: The Third is practically the same engine the: