| View previous topic :: View next topic |
| Author |
Message |
mynameisjimmy
Newbie cheater
![]() Reputation: 0
Joined: 21 Jun 2018
Posts: 15
|
 Posted: Sun Jul 08, 2018 6:32 am Post subject: Finding pointer to the bottom of entity array |
 |
|
Good evening,
I've found the entity list numerous times in this game and I'm trying to make a bot around it.
The problem is, I can't seem to find pointer leading to the bottom of entity list (0 index).
Perhaps I'm doing it the wrong way, so here's my process:
- I scan for 0x0, target a monster, scan for changed value - I keep doing it until I get a singular value - monster's address = 04A7C3A4
- I open the dissect structure window and enter the address, pressumably the 1st element under that address is a pointer to the class of object (and yes, it is because I can see plenty of referenced strings with function names in that pointer), the class address is the same and never changes: 79D8BC
- I look for another occurance of the pointer to class and calculate distance between both of them, which is 1D7C in this case.
- I keep reducing the previously found monster's address by 1D7C until the first value (previously pointer to class) changes to "???" and there it is: 4A50004 is the last pointer to class.
Now, if I check what accesses it - nothing does!
If I enter the address as value to scan for - no green address appears.
I'm totally clueless at this point, especially because there's some extra data before 04A50004 located at 04A50000, so in memory viewer it looks like this:
(from 04A4FFFC to 04A50004 to show you surroundings aswell)
| Code: | | ?? ?? ?? ?? 9C 90 AB 04 00 00 00 00 |
Here's the assembler at 04A50000
| Code: | 04A50000 - 9C - pushfd
04A50001 - 90 - nop
04A50002 - AB - stosd
04A50003 - 04 00 - add al,00 { 0 }
04A50005 - 00 00 - add [eax],al
04A50007 - 00 00 - add [eax],al
04A50009 - 00 00 - add [eax],al
04A5000B - 00 00 - add [eax],al
04A5000D - 00 00 - add [eax],al
04A5000F - 00 00 - add [eax],al
04A50011 - 00 00 - add [eax],al
|
Any help appreciated!
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Sun Jul 08, 2018 10:19 am Post subject: |
|
|
try finding the top of the entity array instead and then traverse it till the bottom (or loop back)
(check out the address that pointer points to)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
mynameisjimmy
Newbie cheater
![]() Reputation: 0
Joined: 21 Jun 2018
Posts: 15
|
| Posted: Sun Jul 08, 2018 10:57 am Post subject: |
|
|
| Dark Byte wrote: | try finding the top of the entity array instead and then traverse it till the bottom (or loop back)
(check out the address that pointer points to) |
Do arrays grow up or down in memory? I know that some values are written in reverse thanks to Big Endian, what about arrays tho?
Is index 0 pressumably on 0x0, index 1 on 0x4, 2 on 0x8 and so on, or in reverse?
See image below, I think this definitely could be the entlist beginning, seeing how there's just plain ??? before it.
| Description: |
|
| Filesize: |
28.44 KB |
| Viewed: |
2811 Time(s) |
|
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1587
|
| Posted: Sun Jul 08, 2018 11:03 am Post subject: |
|
|
its memory architecture, everything starts from 0 and grow up.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Sun Jul 08, 2018 11:20 am Post subject: |
|
|
select the first 4 bytes and press space, it can be a linked list
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
mynameisjimmy
Newbie cheater
![]() Reputation: 0
Joined: 21 Jun 2018
Posts: 15
|
| Posted: Sun Jul 08, 2018 11:26 am Post subject: |
|
|
| Dark Byte wrote: | | select the first 4 bytes and press space, it can be a linked list |
It sent me further intoo the entity list (I know that's still entity list, because it started moving a lot once I went from secluded area to are with monsters all around.
There also seem to be another 4 bytes once I leave this area, should I click space once again or should I just continue going through the rabbit's hole  ?
@edit: It seems that the first 4 bytes moved me 161D0 further, where the next ones move me 1D7C each (which also is the size I've calculated for structure).
At certain point it started going back, here's addresses (started listing them after 2-3 jumps, +/- shows whether it grew or not):
042E7F4C +
042E9CC8 +
042DB0E8 -
0430570C +
04303990 -
042F6B2C -
042F88A8 +
So what do we do now boss? the said previously address was clearly the start of list - how do I find pointer for it if no other method worked? (pointerscan, level 8, 4092 max offset, allow for read-only pointers), doing the 'check whats accessing it' method didn't work either.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Sun Jul 08, 2018 12:57 pm Post subject: |
|
|
try going untill the value is 00 00 00 00 (or a value you've prdviously seen), you're then at the bottom of the list
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
mynameisjimmy
Newbie cheater
![]() Reputation: 0
Joined: 21 Jun 2018
Posts: 15
|
| Posted: Sun Jul 08, 2018 1:18 pm Post subject: |
|
|
| Dark Byte wrote: | | try going untill the value is 00 00 00 00 (or a value you've prdviously seen), you're then at the bottom of the list |
Was a longer journey, but here's where I've gotten (also the other address changed because I was trying to scan for something else and game crashed).
Start: 4430000
End: 451A084
What does that tell us? Except the maximum size of the entity array 0 to 127
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
