| View previous topic :: View next topic |
| Author |
Message |
Nessin
Advanced Cheater
![]() Reputation: 1
Joined: 29 Oct 2015
Posts: 69
|
 Posted: Sat Oct 31, 2015 9:02 am Post subject: Save entire game memory for comparison? |
 |
|
Hello guys
I was wondering if there is a way to save the ENTIRE game memory to a (possibly cheat engine related) file.
The reason I want to do this, is because there is an address (let's call it health) of which I don't know the initial value when it has not yet changed. It only starts having a valid double value when something damages the player.
I want to do an AOB scan for this address, but since I don't know what's inside that memory address region at the start of the level, this seems impossible.
Anyone have any ideas? 
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25791
Location: The netherlands
|
| Posted: Sat Oct 31, 2015 9:05 am Post subject: |
|
|
the unknown initial value scan will save the entire game memory (if you tell it to also include readonly memory)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Nessin
Advanced Cheater
![]() Reputation: 1
Joined: 29 Oct 2015
Posts: 69
|
| Posted: Sat Oct 31, 2015 9:27 am Post subject: |
|
|
Thanks, however, is there a way to actually look inside the memory it saved?
An unknown initial value scan just seems to note how many addresses it found
I'll try to be specific here
When my health value is at 99/100, I can do an AOB scan for this:
| Code: | | 00 00 00 00 00 00 F0 3F 80 DB EB 2C FB FF FF FF 00 00 00 00 02 0B FF 83 80 5B 40 31 F4 FF FF FF |
However, when my health is at 100/100, I basically have to use this because I don't know what the value for 100/100 is (its possibly random leftover bytes, but still, I want to know them):
| Code: | | ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? 00 00 00 00 02 0B FF 83 80 5B 40 31 F4 FF FF FF |
But this has a lot of hits in the memory.
After the health address there are a lot of randomish things so I can't increase the AOB length.
This is why I want to know what's inside that memory region before the health value changes. But currently, I need to change the health value, otherwise I dont know where the memory region is 
So I kinda need a snapshot of the entire memory so I can compare it afterwards.
|
|
| Back to top |
|
|
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
| Posted: Sat Oct 31, 2015 10:00 am Post subject: |
|
|
Do your initial wildcard scan then execute the following Lua (Ctrl+Alt+L)
| Code: | function save()
local list = getCurrentMemscan().FoundList
values = {}
for i = 0, list.Count do
values[list.Address[i]] = list.Value[i]
end
end
function find(addr)
print(values[addr] or "not found")
end
save() |
Then lose 1 health and do your full scan to find the 99/100 address.
Replace the previous Lua with the following, updating the address to match the one you found.
|
|
| Back to top |
|
|
Nessin
Advanced Cheater
![]() Reputation: 1
Joined: 29 Oct 2015
Posts: 69
|
| Posted: Sat Oct 31, 2015 10:59 am Post subject: |
|
|
Thanks Zanzer, this should've been exactly what I needed.
However, it seems my 2nd AOB wasn't good enough. The found address was not in the list.
Instead I tried scanning for
| Code: | | ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? ?? |
Although this scan could not complete, understandably.
I'm actually starting to think the address I'm looking for simply does not exist or is not initialised yet when the health is yet unchanged. Is that possible?
In that case an AOB scan would probably be useless 
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Oct 31, 2015 11:16 am Post subject: |
|
|
Is it still a valid double-precision floating-point value when you gain health (you had less than 100, and now you have 100/100)?
| Quote: | | I'm actually starting to think the address I'm looking for simply does not exist or is not initialised yet when the health is yet unchanged. Is that possible? |
Yes. It may not exists. Could be not initialised. Maybe game engine is powered by Lua (if "table" or "variable" doesn't exists = no damage).
Or programmer is messing with you (damage points randomized when other flag is set):
| Code: |
type
TPlayerStats = class
public
maxHealth: double;
damageTaken: Boolean;
damagePoints: double;
constructor Create;
function getHealth(): double;
procedure setHealth(newHealth: double);
procedure looseHealth(dmgPoints: double);
procedure gainHealth(gainPoints: double);
end;
implementation
constructor TPlayerStats.Create;
begin
maxHealth:=100;
damageTaken:=False;
damagePoints:=double(Random(2000000)-1000000); // messing with you, ha ha
end;
function TPlayerStats.getHealth(): double;
begin
if not damageTaken then result:=maxHealth
else result:=maxHealth-damagePoints;
end;
procedure TPlayerStats.setHealth(newHealth: double);
begin
if newHealth>=maxHealth then
begin
damageTaken:=false;
damagePoints:=double(Random(2000000)-1000000); // messing with you, ha ha
end
else
begin
damageTaken:=true;
damagePoints:=maxHealth-newHealth;
end;
end;
procedure TPlayerStats.looseHealth(dmgPoints: double);
begin
setHealth(getHealth()-dmgPoints);
end;
procedure TPlayerStats.gainHealth(gainPoints: double);
begin
setHealth(getHealth()+gainPoints);
end; |
Example prog:
https://drive.google.com/uc?id=0BwMAnE6mjogMekdZR2dLNTNHVHc&export=download
_________________
|
|
| Back to top |
|
|
Nessin
Advanced Cheater
![]() Reputation: 1
Joined: 29 Oct 2015
Posts: 69
|
| Posted: Sat Oct 31, 2015 1:15 pm Post subject: |
|
|
When I heal back up to 100/100 after it went down, the value is 0 (no damage taken)
| Code: | | 00 00 00 00 00 00 00 00 80 DB EB 2C FB FF FF FF 00 00 00 00 02 0B FF 83 80 5B 40 31 F4 FF FF FF |
Scanning for double 0 when loading a new level won't find it though.
While it's possible the programmer is messing with me, I really doubt it in my case 
I seem to be running out of options haha. Maybe I should just manually try to find as much pointer offsets as possible and then try to do a level 10 pointer scan
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Oct 31, 2015 1:44 pm Post subject: |
|
|
Can not use AA injections + multilevel pointers not stable = probably is powered by Lua or something similar.
(Lua/something is heavily used in in-game algorithms)
Example:
| Code: | player = {}
-- initialize
player.maxHealth = 100.0
-- many other stats, like stamina, initialized in random order
-- player.damagePoints doesn't exists at the beginning, it will be created on first hit
function player.getHealth()
if player.damagePoints==nil then return player.maxHealth -- damagePoints exists?
else return player.maxHealth - player.damagePoints end
end
function player.setHealth(newHealth)
-- it will CREATE/UPDATE damagePoints entry
if newHealth>=player.maxHealth then
player.damagePoints = 0
else
player.damagePoints = player.maxHealth - newHealth
end
end
function player.looseHealth(dmgPoints)
player.setHealth( player.getHealth() - dmgPoints)
end
function player.gainHealth(gainPoints)
player.setHealth( player.getHealth() + gainPoints)
end |
damagePoints doesn't exists at the beginning.
By executing player.looseHealth(10) we will create new entry: damagePoints
By executing player.gainHealth(20) we will update damagePoints to zero.
_________________
|
|
| Back to top |
|
|
Nessin
Advanced Cheater
![]() Reputation: 1
Joined: 29 Oct 2015
Posts: 69
|
| Posted: Sat Oct 31, 2015 2:19 pm Post subject: |
|
|
I see 
I did get a few game crashes with .lua file extensions in the crash logs, so it might very well be coded in some lua (no .lua files are visible in the folder structure though)
Do you happen to know any games that use similar methods for their health, ammo, etc.. ? Maybe I could learn a thing or two from cheat tables used in those games
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
|
| Back to top |
|
|
Nessin
Advanced Cheater
![]() Reputation: 1
Joined: 29 Oct 2015
Posts: 69
|
| Posted: Sat Oct 31, 2015 5:07 pm Post subject: |
|
|
Thanks mgr.inz.player
For your damagePointsTricky.exe, I don't suppose you have a solution lying around to get the health value?
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Nov 01, 2015 6:58 am Post subject: |
|
|
three ways:
1. extract .lua files and force the game to use them (like MGS V, Don't Starve)
2. If you are lucky, health will be inside a table as a {key,value} pair, with a nice alphanumeric key like "PlayerHealth" or "PlayerDamagePoints". Do AA script, you have to write many compares, structure checks, etc.
3. If you are even more lucky (health is inside a table with a nice key)
and we can access this starting from global variable _G, the main Lua table, like this:
_G.GetPlayer().components.health.current
you can use "console injection" method http://forum.cheatengine.org/viewtopic.php?t=564665
(note: CE has it's own Lua. And game has it's own Lua. )
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
