Cheat Engine

Rydian

Could it be possible to filter pointer scan results (after a (re)scan is done)? Sometimes the final offset for a multi-level pointer is obvious (shows up in the "what writes to" logger), so being able to filter out results that don't have that offset as the last one would make finding the right pointer path easier.

In addition, sometimes the base value is known, but not the offsets, so sorting by base would be good too (in addition to certain offsets).

Or, at the very least, sort the individual columns so we can find ones involving certain offsets easier?

Dark Byte · Posted: Tue Nov 06, 2012 1:51 pm Post subject:

check the checkbox "Must end with offsets" and fill in the offsets it should end with

base pointer must be in range... is supposed to filter that but I heard it'snot working

And I may add sorting of individual columns but understand that it will take a LOOONG time.
The time it takes to do one full rescan, multiplied by the number of pointers in the list
So, if it takes 1 minute for a rescan, and you have 2 million addresses, it will take 2 million minutes, roughly 3.8 years

Rydian · Posted: Tue Nov 06, 2012 2:57 pm Post subject:

I'm talking about sorting via columns like you would in an excel spreadsheet or something, clicking the headers to sort ascending/descending. The current form doesn't do that (at least not in 6.2).

Dark Byte · Posted: Tue Nov 06, 2012 3:34 pm Post subject:

Yes, that's what i'm talking about. Sorting the offsets will take a few years to finish

mgr.inz.Player · Posted: Tue Nov 06, 2012 4:02 pm Post subject:

OK, but sometimes we get only 200 pointers and rescan takes 0.1 seconds.
We can add sort option if there is maximum 200 pointers. It should take only 20 seconds.

Edit:
can we sort those pointers without rescanning?

Like this:
1) export all 1000'000 pointers to txt file

this format per line (e.g. for level 4):
module+offset, offset0, offset1, offset2, offset3

All offsets have fixed length; offset A should be 00A, if we are using "maximum offset value: 2048"

modulename+00000000,000,000,000,000

So it take 37bytes per line, file should have 37'000'000 bytes

2) we can sort lines inside this file with "sort" tool from "GNU Coreutils"

3) we can use "grep" from "GNU Coreutils" to cut all not needed offsets patterns (e.g. we don't want 123,456,123)
or to get only pointers with 123,456,123 in the middle.

4) import txt file and convert it back to PTR file.

jgoemat · Posted: Wed Nov 07, 2012 1:15 am Post subject:

I'd like to be able to set the base address for each scan. Sometimes there's a static pointer I know from another scan, but sometimes I'd like to use a pointer I found with other methods. For instance Cargo Commander is JITcompiled and there isn't really a static pointer I can go back to but I can find one changing base pointer that has many other pointers in it.

Also XCOM has one array of about 400 structure pointers, I can find that relatively easy or by using a static pointer but by that time it is already 3 levels deep from the static base with many other results pointing to the same thing from other static bases or from other offsets than I use. If I could start with the static I know and only use 2-3 levels from there it would be very fast and more accurate.

Thanks!

Dark Byte · Posted: Wed Nov 07, 2012 3:55 am Post subject:

For that use the structure spider (that is basically a pointerscanner where it starts from the base address instead of the target)

In the base region enter the static address. (or better the address the static address points to, since it always does a structsize check from the base given)
Leave the compare to region empty if you don't care about that

Then tick "Pointer must be in range" and fill in twice the exact address

It will then scan and return all the paths to the specific pointer address

(Rescan can be a bit buggy though, I'll need to fix that)

mgr.inz.Player · Posted: Wed Nov 07, 2012 3:26 pm Post subject:

@Dark Byte,
So, the "exporting and importing pointers txt files" idea isn't such great? (fifth post)

Dark Byte · Posted: Wed Nov 07, 2012 8:19 pm Post subject:

I don't think so.
First going through the whole list converting every offset to a string and write that to a textfile will already take a considerable amount of time

And then sorting using a secondary sorter will take about the same time as previously mentioned if I did it inside ce itself, with the added overhead of parsing the wanted column strings from a line, and converting that to an integer and then compare if it's bigger then a previous line

It's better to keep it binary for best efficiency

Csimbi · Posted: Wed Nov 07, 2012 8:42 pm Post subject:

mgr.inz.Player · Posted: Wed Nov 07, 2012 9:09 pm Post subject:

Rydian · Posted: Wed Nov 07, 2012 10:53 pm Post subject:

Csimbi · Posted: Wed Nov 07, 2012 11:18 pm Post subject:

mgr.inz.Player · Posted: Thu Nov 08, 2012 8:03 am Post subject:

creamlapine · How do I cheat? Reputation: 0 Joined: 05 Jan 2017 Posts: 1

Would it be possible to filter the results of a pointer scan to a specific application(s)? Like the specific game you are playing. Cause I get a lot of useless results from Adobe Air.