 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
coffeeAchiever
Newbie cheater
![]() Reputation: 0
Joined: 27 Dec 2014
Posts: 22
|
 Posted: Sun Dec 04, 2016 6:06 pm Post subject: Serious Sam 3 -- Pointer Scanning Seemed OK, but I Failed |
 |
|
Did a pointer scan on Serious Sam 3 health. Narrowed it down to 4 pointer addresses, and I couldn't distinguish between them:
"Sam3.exe"+00BF4578 (+440, +48, +70)
"Sam3.exe"+00BF4578 (+440, +48, +A8)
"Sam3.exe"+00BF4578 (+440, +48, +78)
"Sam3.exe"+00BF4578 (+440, +48, +B0)
They worked, at first. When I held them constant by checking Active, my health was pegged. However, eventually, the game always crashed. Once Windows actually gave an out of memory error. I think I also noticed that explosive damage would knock my health down. Or else, at some point, my health would begin to go down.
They definitely are "green addresses" -- I rebooted my computer, and they still worked for awhile. But they always eventually failed. Did a Google search and I found this thread:
[url]http://forum.cheatengine.org/viewtopic.php?p=5304985&sid=0b6895bde7f840540b4038fd7f14a2d7[/url]
I downloaded user Prismo's table, and found this for health in his CE table:
"Sam3.exe"+00BFDC58 ( +440, +14, +20, +0, +A8)
I played the game for awhile using his table, and it worked as it should. So now I'm wondering what happened and how I can do pointer scans better in the future.
When I find myself in the situation where my pointer doesn't work, is the answer to bump up Max Level / Max Offset?
What does this notation mean, exactly? Is it:
1. Start at address "Sam3.exe"+00BFDC58
2. Look at the 4 byte value held by addr1 = "Sam3.exe"+00BFDC58 + 440 and interpret it as an address
3. Look at the 4 byte value held by addr2 = x1 + 14 and interpret it as an address
4. Look at the 4 byte value held by addr3 = x2 + 20 and interpret it as an address.
5. Look at the 4 byte value held by addr4 = x3 + 0 and interpret it as an address.
6. Look at the 4 byte value held by addr5 = x4 + A8 and interpret it as an address.
|
|
| Back to top |
|
 |
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sun Dec 04, 2016 6:24 pm Post subject: |
|
|
Just to let you know, pointer added to addresslist has:
- base address at the bottom
- first offset is above base address
- last offset at the top (below "pointer" checkbox)
| Quote: | I downloaded user Prismo's table, and found this for health in his CE table:
"Sam3.exe"+00BFDC58 ( +440, +14, +20, +0, +A8) |
You should wrote:
"Sam3.exe"+00BFDC58 (+a8, +0, +20, +14, +440)
or like this:
[[[[[Sam3.exe+00BFDC58]+a8]+0]+20]+14]+440
The second format is better because CE understands this notation too:
e.g. local currentHP = readInteger("[[[[[Sam3.exe+00BFDC58]+a8]+0]+20]+14]+440")
About pointer stability. Are you doing proper rescans?
I meant:
- second rescan is made on files from first rescan,
- third rescan is made on files from second rescan,
...
- 7th rescan is made on files from 6th rescan,
...
A good practice is to save each rescan inside a seperate folder, use a nice name for those folders, e.g. "SAM3HP res 01", "SAM3HP res 02", "SAM3HP res 03", ....., "SAM3HP res 05". That way you won't make a mistake.
After a rescan, remove all older rescans expect last three or four. (you can skip this if you have many HDD space)
- many rescans, and I really meant: many!
- game restarts are OK, but even better are OS restarts. After few rescans, make another rescan after OS reboot
- run the game on other game profile (if game allows it), make at least one rescan
- even better, launch the same game version on another PC. Install CE on that PC and copy folder with PTR files from recent rescan from your "first" PC, at least one rescan.
If you don't have another PC. There's a nice feature which can help you a lot. Ask a friend, which has the same game version, to find HP address and add it to the list (it would be better if HP is the only entry in the list), right click it and select "generate pointermap", save it as "SAM3HP pointermap1 friendname". Then after OS reboot, do the same thing, but this time save it as "SAM3HP pointermap2 friendname". Compress those four files (pointermap is two files ".scandata" and ".scandata.addresslist" ) and send it to you. You can use it while doing another rescan.
| Quote: | | What does this notation mean, exactly? Is it |
addr1 = read dword at "Sam3.exe+00BFDC58"
addr2 = read dword at "addr1 + a8"
addr3 = read dword at "addr2 + 0"
addr4 = read dword at "addr3 + 20"
addr5 = read dword at "addr4 + 14"
value = read integer value at "addr5 + 440"
_________________
|
|
| Back to top |
|
|
coffeeAchiever
Newbie cheater
![]() Reputation: 0
Joined: 27 Dec 2014
Posts: 22
|
| Posted: Sun Dec 04, 2016 11:16 pm Post subject: |
|
|
| mgr.inz.Player wrote: | Just to let you know, pointer added to addresslist has:
- base address at the bottom
- first offset is above base address
- last offset at the top (below "pointer" checkbox)
...
or like this:
[[[[[Sam3.exe+00BFDC58]+a8]+0]+20]+14]+440
The second format is better because CE understands this notation too:
e.g. local currentHP = readInteger("[[[[[Sam3.exe+00BFDC58]+a8]+0]+20]+14]+440")
|
Understood 100%. Good information to know. Thanks!
| mgr.inz.Player wrote: |
About pointer stability. Are you doing proper rescans?
I meant:
- second rescan is made on files from first rescan,
- third rescan is made on files from second rescan,
...
- 7th rescan is made on files from 6th rescan,
|
Yeah, the workflow is:
1. Find the (non-pointer) address.
2. Do a pointer scan on that address. I used max depth of 3 and max offset of 5000.
[process a]
3. Play the game a bit. Maybe start a different level. Start a few windows programs. Kill a few windows programs. In other words, shuffle system memory allocation around.
4. Rescan memory for the same address
5. If the number of returned pointers doesn't change much, go to step 6, otherwise, go to step 3.
[process b]
6. shut down the game. Shut down Steam. Maybe restart the OS. Restart the game.
7. Find the (non-pointer) address.
8. Rescan memory for the new address.
Basically, do processes a and b a few times till I narrow down the number of pointers as much as possible. For Serious Sam, I couldn't narrow it down below 4 pointers.
I know exactly what you mean by "7th rescan is made on files from 6th rescan". I name my files 01, 02, 03, 04, ... and for Serious Sam,it went down pretty quickly:
1: 188,887 pointers
2: 82,538 pointers
3: 66,524 pointers
4: 984 pointers
5: 954 pointers
6:589 pointers
...
12: 8 pointers
13: 4 pointers
| mgr.inz.Player wrote: |
A good practice is to save each rescan inside a seperate folder, use a nice name for those folders, e.g. "SAM3HP res 01", "SAM3HP res 02", "SAM3HP res 03", ....., "SAM3HP res 05". That way you won't make a mistake.
After a rescan, remove all older rescans expect last three or four. (you can skip this if you have many HDD space)
- many rescans, and I really meant: many!
- game restarts are OK, but even better are OS restarts. After few rescans, make another rescan after OS reboot
- run the game on other game profile (if game allows it), make at least one rescan
- even better, launch the same game version on another PC. Install CE on that PC and copy folder with PTR files from recent rescan from your "first" PC, at least one rescan.
|
Oohhh... I knew it was possible to use a 2nd PC but I didn't know how. OK, I understand now. Copy my scan files over. Duh. I should've been able to guess that.
| mgr.inz.Player wrote: |
If you don't have another PC. There's a nice feature which can help you a lot. Ask a friend, which has the same game version, to find HP address and add it to the list (it would be better if HP is the only entry in the list), right click it and select "generate pointermap", save it as "SAM3HP pointermap1 friendname". Then after OS reboot, do the same thing, but this time save it as "SAM3HP pointermap2 friendname". Compress those four files (pointermap is two files ".scandata" and ".scandata.addresslist" ) and send it to you. You can use it while doing another rescan.
|
Damn, that's good info. I have my wife's computer, but this is a good thing to keep in mind.
Still, I'm curious why we got different results. When someone gets a pointer that appears to work but has "issues" like it eventually crashes the game, is increasing the depth / level standard procedure?
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Mon Dec 05, 2016 12:14 am Post subject: |
|
|
Probably Prismo made more rescans. And narrowed it to ZERO.
And then used max level 5.
_________________
|
|
| Back to top |
|
|
coffeeAchiever
Newbie cheater
![]() Reputation: 0
Joined: 27 Dec 2014
Posts: 22
|
| Posted: Mon Dec 05, 2016 8:50 am Post subject: |
|
|
| mgr.inz.Player wrote: | Probably Prismo made more rescans. And narrowed it to ZERO.
And then used max level 5. |
I'm still new to pointer scans.
When one approaches a game for the first time, what depth level do you use "by default"? 5?
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Mon Dec 05, 2016 12:59 pm Post subject: |
|
|
I usually do few pointermaps.
Then OS reset. Create second pointermap, Then OS reset, third pointermap, ...
All those pointermaps can be used for "rescan while scanning".
I recommend using "first element of ......" feature.
If you do not want to run game process anymore, you can just use only pointermaps. All needed information is inside pointermap, whatever pointermap you choose. Other pointermaps can be used for "rescan while scanning".
But "first element of ......" feature is not available.
You should get less "garbage". Then you can continue doing rescans the usual way or by using other pointermaps.
About the best "max level" and "max offset". We have to guess. Try it. Then guess again. Try it. Guess, try, ...
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
