Cheat Engine

[Frienzy]

Hi all,
I'm trying to hack the scanrange value in one old 2D RPG game.
So I have found base pointer with "what writes tho this address" method... well I have definitely found the right value and there is only one instruction popin out all the time which leads to the same address pointer. When I add this pointer to Cheat Table and add correct offset it WORKS!!!
And every time I restart the game it WORKS!! But...
After a little while of playing the pointer suddenly jumps and changes it's address... although the address of the value didn't change.
So this makes me wonder where I have gone wrong - could it be because there should be multiple offsets on the pointer? (if yes then how do you figure those out? I figured 1st one from instruction that pops out on "what writes to this address") or is it some kind of DMA protection ? I know that this value have been patched for this game for anti cheat purposes because on previous game versions this value was static - same address all the time.
Would be very grate full for any ideas what it could be and how could this be worked around... is the code injection an option in this case?

I'll add some screens to make it clearer...
On the first screen is that instruction that pops out after running "what writes to this address" (the address of the value I want to hack)
I'm not sure what means this "je" OPCode with the pointing arrow - this must be some kind of linked together function that this instruction is inside - could this be the cause of my problems? And how to deal with it?
OK on the second screen is value of the EAX of that instruction...
And on the third screen I've found that pointer address (0017DA94) ... so I've manually added it to CT as a pointer and defined 10B offset... I'm not sure why it's 10B instead of 10A as it's stated on instruction... but it only works with 10B.

[Rissorr]

do you sure that you found the static address (the address will be green colored)
usually the static address is on the 2-4 level
so try to find the next level
anyway... i recommend to you: USE POINTERSCAN - its a lot easier ( thats what dark_byte would say to you in this case )

JE command is "Jump if Equal"
so the opcode before the JE is

[justa_dude]

It's because the variable is being created with automatic storage and local scope. Eg,

[Frienzy]

Thank you guys so much for the input!
Mixmax35, what do you mean by 2-4 level address? Which level is mine? And whats the difference between the levels? How do you search for higher level address?
I have tried the "Pointer Scan" but I can't come down much more than 1 million pointer addresses no matter what... maybe I'm doing something wrong but here is how I did it:
Found the current address of the value I want to hack.
Added it to CT, right clicked it and chose "Pointer Scan for this address".
Made a folder to save each step of scans and started 1st one - came out 6.6 million addresses. I restarted the game - found out the new address of the value and chose "Rescan Memory" from "Pointer Scan" option menu. So I did a 2nd scan which resulted in 2.8 million addresses. Repeated that 3rd time it almost stayed the same - 2.8 million addresses. 4th time - 2.2 million. 5th - 1.9 million. After 20 steps I'm at 1 million addresses and not moving any further...

[justa_dude]

[Frienzy]

Right... yeah it kinda works... but having a MILLION pointers doesn't sound like a solved problem does it?
OK so guys... any ideas on what to do to find my BASE POINTER? There are a couple of options that can be ticked when I do "Rescan Pointer" but I'm not sure what everyone does affect the search.
Sorry to be a pain but it's driving me mad I can't just leave it half way like that.. I can't sleep at night - keep thinking about this bloody pointer

[Dark Byte]

Sort the results by base, then first offset, then 2nd offset, till the last one
Then do one more rescan and pick the top entry (reboot your system first for best results)

Honestly though, there is never one pointer path (millions of valid pointers is a good thing)