| View previous topic :: View next topic |
| Author |
Message |
oshietekudasai
How do I cheat?
![]() Reputation: 0
Joined: 04 Jul 2015
Posts: 7
|
 Posted: Sun Nov 01, 2015 12:40 pm Post subject: Pointerscan only getting THREADSTACKs |
 |
|
I have this issue where all the base addresses of my pointerscan are THREADSTACK0s, regardless of the application I use it on.
Deselecting "Allow stack addresses of the first thread(s) to be handled as static" leaves me with 0 pointers.
I tested a scan on my linux boot using wine, and the base addresses were fine. What could be the cause of this?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25841
Location: The netherlands
|
| Posted: Sun Nov 01, 2015 2:16 pm Post subject: |
|
|
in memoryview go to view->enumerate modules and symbols and see if it's being populated. If not, disable all options in settings-extta and reopen the process. If you can't it's because it's protected, and the modulelist isn't bypassed by the kernel (yet)
also, try a higher level and structsize
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Nov 01, 2015 2:40 pm Post subject: |
|
|
You launch a win32 application (game) by using wine.
And then you launch CE (other win32 appliaction) by using wine.
It would be better to just install virtual machine with WindowsXP or Win7, and run application and CE inside on that.
Edit: a typo
_________________
Last edited by mgr.inz.Player on Sun Nov 01, 2015 3:16 pm; edited 1 time in total |
|
| Back to top |
|
|
oshietekudasai
How do I cheat?
![]() Reputation: 0
Joined: 04 Jul 2015
Posts: 7
|
| Posted: Sun Nov 01, 2015 3:02 pm Post subject: |
|
|
| Dark Byte wrote: | in memoryview go to view->enumerate modules and symbols and see if it's being populated. If not, disable all options in settings-extta and reopen the process. If you can't it's because it's protected, and the modulelist isn't bypassed by the kernel (yet)
also, try a higher level and structsize |
Modules and symbols are indeed being populated. I'm currently running a higher level scan, but so far there have been 0 pointer paths (disallowing stack addresses).
| mgr.inz.Player wrote: | You launch a win32 application (game) by using wine.
And then you launch CE (other win32 appliaction) by using wine.
It would be better to just install virtual machine with WindowsXP or Win7, and run application and CE inside on that. |
I'm not sure if I understand what you mean, but I have no issues with the scans on wine. The one that cannot get pointerscan results is my Win7 partition. I just tried it on wine to see if I'm doing something incorrectly.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Nov 01, 2015 3:14 pm Post subject: |
|
|
So you didn't find any pointers on Win7. In that case you won't find any on Wine anyway.
Try again, this time untick "only find paths with a static address" and/or "don't include pointers with read-only nodes".
_________________
|
|
| Back to top |
|
|
oshietekudasai
How do I cheat?
![]() Reputation: 0
Joined: 04 Jul 2015
Posts: 7
|
| Posted: Sun Nov 01, 2015 3:47 pm Post subject: |
|
|
| mgr.inz.Player wrote: | So you didn't find any pointers on Win7. In that case you won't find any on Wine anyway.
Try again, this time untick "only find paths with a static address" and/or "don't include pointers with read-only nodes". |
Thanks for the suggestions. Unticking does get me a bunch of results (as oppposed to literally zero),
but I'm unsure how to use the results since I'm looking for static addresses.
Just to clarify, I'm working on a dual-boot setup where one is Windows 7 and the other is ArchLinux. My issue is that on Windows 7,
all pointerscan results have a base address of THREADSTACK0/1 whereas on ArchLinux, I get base addresses that are not thread stacks.
As a final resort, I may have to install VirtualBox on Linux and continue my development there, as per your suggestion.
Though, I would still really want to be able to find out why pointerscan behaves that way on my Windows partition.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Nov 01, 2015 4:13 pm Post subject: |
|
|
| Quote: | | on ArchLinux, I get base addresses that are not thread stacks. |
And base addresses, which module it is, is it an application module (e.g. "game.exe").
| Quote: | | The one that cannot get pointerscan results is my Win7 partition. |
Maybe something interferes with Cheat Engine.
_________________
|
|
| Back to top |
|
|
oshietekudasai
How do I cheat?
![]() Reputation: 0
Joined: 04 Jul 2015
Posts: 7
|
| Posted: Sun Nov 01, 2015 4:32 pm Post subject: |
|
|
| mgr.inz.Player wrote: | | Quote: | | on ArchLinux, I get base addresses that are not thread stacks. |
And base addresses, which module it is, is it an application module (e.g. "game.exe").
| Quote: | | The one that cannot get pointerscan results is my Win7 partition. |
Maybe something interferes with Cheat Engine. |
Yes, the base addresses I get in wine range from *.exe's to *.dll's.
It really is just my Windows being erratic. I wonder what could interfere with Cheat Engine to produce this behavior?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25841
Location: The netherlands
|
| Posted: Sun Nov 01, 2015 4:35 pm Post subject: |
|
|
wine and windows are not the same. Are those baseaddresses part of the game's .exe or are they .dll's ?
wine may have some extra debugging info with pointers to game structures
what you can try is run the ce regreset program in the install folder. Perhaps you have some settings that are interfering (e.g kernelmode)
Also, threadstack pointers are useful as well. Not all games have static base addresses
e.g:
| Code: |
int main(...)
{
CGame *game=new CGame()
game->run()
}
|
this will prevent a base pointer for game to be present in the game. But will be available using threadstack
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping
Last edited by Dark Byte on Sun Nov 01, 2015 5:09 pm; edited 1 time in total |
|
| Back to top |
|
|
oshietekudasai
How do I cheat?
![]() Reputation: 0
Joined: 04 Jul 2015
Posts: 7
|
| Posted: Sun Nov 01, 2015 5:00 pm Post subject: |
|
|
| Dark Byte wrote: | wine and windows are not the same. Are those baseaddresses part of the game's .exe or are they .dll's ?
wine may have some extra debugging info with pointers to game structures
what you can try is run the ce regreset program in the install folder. Perhaps you have some settings that are interfering (e.g kernelmode)
Also, threadstack pointers are useful as well. Not all games have static base addresses
e.g:
| Code: |
int main(...)
{
CGame *game=new game()
game->run()
}
|
this will prevent a base pointer for game to be present in the game. But will be available using threadstack |
Thank you Dark Byte! I forgot I had enabled kernelmode way back. That was it. Very happy! 
And I don't really mind using threadstack pointers, it's just that it was weird since I was only getting them
regardless of what application I debug, so it kind of raised a cause for alarm.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
