 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
HereWeGoAgain
Newbie cheater
![]() Reputation: 0
Joined: 29 Aug 2018
Posts: 16
|
 Posted: Sat Sep 01, 2018 11:16 pm Post subject: Help with objects inside objects |
 |
|
I've been playing around a bit with the dissect structure tool, but I find I can't always find the information I'm looking for. I believe I know why, but I don't know the solution.
Take an example: to dissect a Player structure I may start by searching for something like health. Then I find the offset and remove it to find where the structure starts. Inside the dissected structure I can make out that value and occasionally a few others, such as location, direction, team number, etc. As far as I know this is all the correct process. Then let's say that I want to find how much ammo the player has. It seems to rarely be directly listed, and I'm thinking it's hiding in a mess of pointers. My assumption is that the code is something like what you see below:
| Code: | class Player {
int health;
float x, y, z;
*Weapon[] weapons; //Array of pointers to 'weapon' objects
}
class Weapon {
int ammo;
string name;
int damage;
}
|
Is this likely the cause of the problems I always find myself with? What about objects in objects in objects? Does anything change when a class uses inheritance?
I've tried scouring through the pointers in the dissecting tool by hand, but that almost always gives disappointing results.
///////
A kind of unrelated question.
///////
Shouldn't something like a player structure always be traceable back to a static address? Sometimes I can trace a structure to one, sometimes I can't. When trying to follow it by hand I often get an abundance of pointers that point towards my object, too many to follow through with. If there's not too many and I go through them, I find that often I hit deadends (non static addresses) or circular references (I know, probably something wrong on my part). Following this site's pointer scan video guide I still encounter problems. The first scan will come up with quite a few possible addresses, but the rescan usually finds 0 results. Not sure if it's something I'm doing wrong, or if it's possible that some structures never have a static address.
Thanks for any help
|
|
| Back to top |
|
 |
Csimbi
I post too much
 Reputation: 97
Joined: 14 Jul 2007
Posts: 3325
|
| Posted: Sun Sep 02, 2018 2:42 am Post subject: |
|
|
| Quote: | | Shouldn't something like a player structure always be traceable back to a static address? |
No. Not at all. Most of the time, it's traceable back to a dynamic base object.
In UT engine based games, that would be PlayerPawn - 100% of the time.
In RTS games, it might be in a flat pointer list in an object called PlayerUnits.
In RPG games, it might be under a base object called Party.
IMHO, structure dissect is one of the most powerful tools in CE.
Learn to use it well and invest the time to revert the game as much as you can, and take notes along the way.
I end up with 10-30 structures per game, depending on its type and complexity (hence my request to DB to improve the structure menu a bit).
I keep a LOT of dissect windows open, so when I recognize an address of a struct I already dissected, I can assign the correct structure right away.
Vitals, locomotor and equipment/inventory structures typically all tie back nicely into the player object - but the player object itself is usually a combination of a base+one or more derived classes.
Yes, there's be plenty of garbage-looking stuff in these at first. But, eventually, the whole design becomes clear and from that point, the reversing will be much faster. Once mapped it all out, you can easily find the best hooks and script whatever you want - and updating scripts when game updates drop will be much easier, too.
Keep looking for patterns, often times they repeat in structures across different games. The more you do, the more obvious these thing become.
Did I say take notes as well? 
Welcome to your new fun life!
|
|
| Back to top |
|
|
HereWeGoAgain
Newbie cheater
![]() Reputation: 0
Joined: 29 Aug 2018
Posts: 16
|
| Posted: Sun Sep 02, 2018 3:27 am Post subject: |
|
|
| Quote: | | IMHO, structure dissect is one of the most powerful tools in CE. |
I definitely wouldn't argue that 
| Quote: | | ..., so when I recognize an address oif a struct I already dissected, I can assign the correct structure right away. |
Do you mean you just see an address where you know a certain instance of a structure is? E.g. you know there are 'player' objects at FFFFFFF, FFFF3FF, FFFFF45 and recognize one as a pointer somewhere? Secondly, when you say you assign the correct structure, do you mean putting something in the description box? Or is there something big I'm missing out on haha
Any other tips appreciated too!
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Sun Sep 02, 2018 7:33 am Post subject: |
|
|
| HereWeGoAgain wrote: | | Is this likely the cause of the problems I always find myself with? |
Maybe. Or it could be health is the value in a separate structure being pointed to. Or maybe they're in completely unrelated structures and never share nodes back to their respective bases.
| HereWeGoAgain wrote: | | Does anything change when a class uses inheritance? |
Usually class members are concatenated in memory in the order of the base class to the most-derived class. This is more relevant to reverse engineering than gamehacking.
| HereWeGoAgain wrote: | | Shouldn't something like a player structure always be traceable back to a static address? |
No. Base pointers can be locally defined and stored on the stack. JIT-compiled code can encode base pointers as immediates. If code is being interpreted or emulated, pretty much anything goes.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Csimbi
I post too much
Reputation: 97
Joined: 14 Jul 2007
Posts: 3325
|
| Posted: Sun Sep 02, 2018 9:26 am Post subject: |
|
|
| HereWeGoAgain wrote: |
| Quote: | | ..., so when I recognize an address oif a struct I already dissected, I can assign the correct structure right away. |
Do you mean you just see an address where you know a certain instance of a structure is? E.g. you know there are 'player' objects at FFFFFFF, FFFF3FF, FFFFF45 and recognize one as a pointer somewhere? Secondly, when you say you assign the correct structure, do you mean putting something in the description box? Or is there something big I'm missing out on haha
Any other tips appreciated too! |
Believe me, once you've been starting at dissect windows for hours, you will recognize structs by addresses - provided you don't cause a crash of course because then you'll have a set of brand new addresses.
Let's take an example.
You auto-dissect something at address x, where you found health. Let's call this structure PlayerVitals.
Say, it includes health, mana, movement points and a bunch of seemingly random other values and pointers.
You auto-dissect something at address y, where you found player coordinates. Let's call this structure PlayerLocation.
As you go through PlayerLocation to correct data types and guess known values, you notice that y is repeating. When you find that, you specify the pointer pointed to as PlayerLocation. You would find these typically in inherited classes that need a pointer to their base.
As you continue to go through PlayerLocation to correct data types and guess known values, you notice x. When you find that, you specify the pointer pointed to as PlayerVitals. You might want to look through PlayerVitals too in case you find a pointer to PlayerLocation - if you do, you assign that to pointer.
In the end, you will have really nice tree structure that you can walk forth and back, without having to search for any values anymore (except the base of course).
In the picture I attached (from D:OS 2), you can see that the PlayerVitals (this is your x) has a pointer back to its parent at 0x238 (this is your y).
+1 tip
As you can see, I also picked way to colour-code different things. You might want to do that, too so you can find things quickly.
| Description: |
|
| Filesize: |
55.14 KB |
| Viewed: |
2698 Time(s) |
|
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
