Cheat Engine

rain-13

Hi!

I am just trying to have some experience on good old Warcraft 2. Who doesnt know, it's a old strategy game where you have n units on map. My goal is to find pointer that points to unit list so that I could write code that iterates over all units that are in current game.

I found out the address of one unit's life by damaging it and scanning for exact value. I verified the address by changing it's value and checking in game if my damaged unit got healed. It did so address must be correct.

It looks like the game units are structs with size of 152 bytes. So health is most likely pointer to unit + some offset. To find that out I right click unit's health address and choose "Find out what accesses this address".

The auto guess is 01C2B318 as shown on picture step1. I search for that value and find green address 004BF190. I add it as a pointer with offset of 22. My first question here is: Do I correctly understand that this pointer here is now pointer to unit struct and life is pUnit + 22?

Now that I have pointer to one unit, I try to find out what points to the unit list.
So now I right click on pointer that I just added and again select "Find out what accesses this address" and correct me if I am wrong, I select "Find out what accesses this pointer"

This time I get a lot of activity - all counts are increasing very fast. I dont really know which result to use, so if you have any idea, let me know. Anyway for now I selected first option.
But the problem this time is that when I search for easy guess value which is this time 004BF18C it doesnt find any address at all. Can anyone explain how it is possible? Does this (always) mean that I have reached to base address? Now it looks like on step2.png.
Just to see what I got, I added pointer again as normal address so that "Browse this memory region" would show me memory around this address instead of region where that pointer points to. To me it looks like array of 9 pointers. I also placed 9 units on this map that I am currently playing. The highlighted address on step3.png seems to be pointer that I got on step but with bytes in reverse order - is it always so that bytes in memory are reverse order from what CE suggests as address to find? For testing I added address of 9th pointer 004bf1a8 with offset of 22. And the value matches the life of 9th unit in game. So I guess this is the list (array) of game units.

However I still have question that how to find pointer to that list itself? And also how to find the start of the list? Right now I have only 9 elements and I could guess by simply looking at list where the beginning is. But what if array is too large to manually scroll to the beginning of list? Is there systematic way to find out whats the address of first element is? I tried the same good old trick on first element of list with address of 004bf188. but when I find out what accesses this address then CE cant find any addresses that which value is the value of easy guess. Also the order of elements in this list seems to change at random times even if nothing dies or is created. Any ideas what it might be?

PS is it possible to insert attached imaged to correct place in this forum?

ParkourPenguin · Posted: Sun Feb 23, 2020 9:03 pm Post subject: