Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Problem with finding pointers

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
Stally
How do I cheat?
Reputation: 0

Joined: 27 Nov 2025
Posts: 2
PostPosted: Thu Nov 27, 2025 6:20 am    Post subject: Problem with finding pointers Reply with quote
Probably everyone's first topic on this forum xp

Hello! Been using CE for about 2 years already for writing simple ASL scripts for LiveSplit. I usually dig fairly old (2000-2005) x86 games, and usually looking for String values, not numeric. Also used to write simple stuff on Assembly.

Most of the times i have no problem finding my way, but some games I encounter same single problem.

I find one or multiple dynamic adresses that store the string i need. I change it in game, see changes reflected in CE, all fine
I see what writes to these addresses, find one 'mov [xxx], yyy' instruction, all fine here
then i look up the value of xxx register, try to look for that address in hex 4byte mode...

and find nothing at all. And im completely stuck in this case.

I've also tried pointermaps. Generate a few, then look up using it - and also get 0 results

My only assumption is that string values are trickier than numeric ones.
Yeah, strings might start somewhere before than the exact substring im using to search, but usually it doesnt change the pointer search process or i just find the first byte of the string and use it for search.
Or those games' engines have some weird memory allocation algorithm.

Example is on the first pic. I look up mission name (SXL1) to see whats the current mission. There's two instances in the game memory of the mission name, cause it accesses two scripts related to mission. They're always in the same place, just varies by base address. (ending is always 254/360)
I look up what writes to 02F16350 (or 360, result is the same), see a mov [edi], edx instruction, copy 02F16350 stored in EDI, do a 4byte HEX search and find a single dynamic address that has this value stored - 0109F838. Then i do 'what accesses', load to another mission... and nothing accessed this address. I fail to understand how this can be for now.

Oh, and on the pic you can see that that single address value changed to having its own address 6_9. Maybe its related to the debugger? But there's no other results found

Pointer maps just show 0 results, pic2

manual_search.png
 Description:
 Filesize:  274.39 KB
 Viewed:  1002 Time(s)

manual_search.png
pointer_scan.png
 Description:
 Filesize:  13.4 KB
 Viewed:  1002 Time(s)

pointer_scan.png
Back to top
View user's profile Send private message
sergey979
How do I cheat?
Reputation: 0

Joined: 07 Oct 2023
Posts: 2
Location: Belarus
PostPosted: Wed Dec 03, 2025 1:23 am    Post subject: Problem with finding pointers Reply with quote
much more simple and fast method are using instruction as a pointer, need create aob script, for example

Code:
[ENABLE]

aobscanmodule(day_time,enshrouded.exe,48 89 47 48 49 3B 07) // should be unique
alloc(newmem,$1000,day_time)
alloc(_day_time,4)
label(code)

label(return)

newmem:
  mov [_day_time],rdi

code:
  mov [rdi+48],rax
  cmp rax,[r15]
  jmp return

day_time:
  jmp newmem
  nop 2
return:
registersymbol(day_time)
registersymbol(_day_time)

[DISABLE]

day_time:
  db 48 89 47 48 49 3B 07

unregistersymbol(day_time)
unregistersymbol(_day_time)
dealloc(newmem)


if instruction are common or write on several addresses then use comparing

Code:
[ENABLE]

aobscanmodule(fall_damage_height,enshrouded.exe,F3 0F 10 01 0F 2F 41 04) // should be unique
alloc(newmem,$1000,fall_damage_height)
alloc(_fall_damage_height,4)
label(code)
label(hero_code)
label(return)

newmem:
  cmp [rcx-0000007c],3f3504f3
  je hero_code

code:
  movss xmm0,[rcx]
  comiss xmm0,[rcx+04]
  jmp return

hero_code:
  movss xmm0,[rcx]
  mov [_fall_damage_height],rcx
  comiss xmm0,[rcx+04]
  jmp return

fall_damage_height:
  jmp newmem
  nop 3
return:
registersymbol(fall_damage_height)
registersymbol(_fall_damage_height)

[DISABLE]

fall_damage_height:
  db F3 0F 10 01 0F 2F 41 04

unregistersymbol(fall_damage_height)
unregistersymbol(_fall_damage_height)
dealloc(newmem)


after this just add pointers, where addresses is _day_time and _fall_damage_height with offsets +48 and +0
Back to top
View user's profile Send private message
Stally
How do I cheat?
Reputation: 0

Joined: 27 Nov 2025
Posts: 2
PostPosted: Thu Dec 04, 2025 9:09 am    Post subject: Reply with quote
Unfortunately for my purpose code injection isnt possible, ASL scripts should not be interferring with game logic/code in any way, only reading is allowed
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites