Cheat Engine

[DanyDollaro]

Of course, what you are looking for is not the address but the value to which it points, the value being deallocated and realoocated then changes its position in memory making the old pointer useless, if you open the debugger on that address so you know which codes act reading on that address then you can create a script that saves the address that the code has just used

[aaax10]

I want my program to make an external overlay reading the value of that address, can I achieve this without using Cheat Engine scripts? Or explain it further? I'm not sure how to create such a script. Thank you

[DanyDollaro]

I can give you some ideas, I will use some examples in C/C++:

1) you can recreate a code injection through your program with the VirtuallocEx and WriteProcessMemory functions to hook the code that manages that address and registers each address it uses as a parameter (Make sure that the code uses only that address that always points to the value you are looking for).

2) You can hook the functions that are used to deallocate and reallocate the memory (If you know which language the program is written in you may have an idea of the function used given that there are multiple).

3) Codes that use that value will always know where the value is despite not having been deallocated and reallocated, so it should always be possible to get a working pointer but you cannot get it by typing its real address on te pointer scanner, try looking through Cheat Engine scanner (the same one you used to look up the value) for its address and when it changes look for its new address, if you are lucky you will find something, and use that to get a working pointer.

[aaax10]

Thanks for the reply, I'm thinking the address is calculated from a base address plus an offset, it isn't as simple as team number but still predictable somehow so I might not be able to find it using method 3, as I can't find that base. Where can I find more information about backtracing the game's functions? On Google everything is oriented toward building scripts on the engine, I needed to find more about reading the values externally. Thank you

[DanyDollaro]

It depends on what you want to know, what you need to do is:
Find a code that acts on that value, to act on the value you will need to have the address that will surely be passed as a parameter to a function (either via a register or via the stack), simply perform an injection of code to save the address on a previously allocated memory region, and through your program just read the value on that memory region, every time the function on which you performed the code injection will be executed the value will be updated (and you will have to read it again)

[aaax10]

EDIT: I found the base address, but I don't know how to find the offset that's on EDI, when scanning for it I get a couple of unreliable addresses only... I want to know how the game gets to this offset. I have "xor ebx,[ebp+edi*4+00]", it seems it's a variable offset