Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Good way to find a static offset

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Wed Nov 27, 2013 3:52 pm    Post subject: Good way to find a static offset Reply with quote

Does anyone have one? Cause I'm trying to train myself by making a trainer for one game, which has player and enemy health in a shared code, and I've been searching for hours for a comparable offset, but it ALWAYS changes when I change difficulty or restart the game with/out changing difficulty. So does anyone know a good way to find an offset that's guaranteed not to change?
_________________
Silence will fall when the question is asked...
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Wed Nov 27, 2013 4:02 pm    Post subject: This post has 1 review(s) Reply with quote

Are you referring to a pointer address, or an offset for filtering/ID?

For pointers, use the pointer scan - make adjustments as needed.

For structure offsets for filtering/ID, you can try digging deeper by looking inside pointer trees. Sometimes, though, I just give up and revert back to using pointer addresses instead of scripts, but that is seldom required.

If you absolutely must have a script, you can create your own static offset. For example, find a value in your desired structure that can be changed, but not adversely effect the game. If you find one, add it to your table and do a pointer scan on it. Set up a hotkey to set the value and freeze it (for example: F2F2F2F2). In your script, use that offset for your compare.

It's not ideal, nor recommended, but it can work if you are desperate.

Here is an example:

Let's say you have hero health address, but you want to make a script for one-hit kills. The instruction that you are targeting handles all health values. In this case, add your health address to your table, do a pointer scan on it, and set up a hotkey that will freeze the value at 99999. Let's say the instruction is as follows:

Code:
mov [eax+04],edi


You could write:

Code:
cmp [eax+04],#99000
jge originalcode
mov edi,0
mov [eax+04],edi
jmp originalcode


Since you are freezing your health value at 99999, your offset will get filtered out, and only the enemies health will be subjected to one-hit kill code. Very Happy


Last edited by ++METHOS on Wed Nov 27, 2013 4:13 pm; edited 1 time in total
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Wed Nov 27, 2013 4:10 pm    Post subject: Reply with quote

When you say pointer scan, do you have in mind that pointer scanner that takes forever to scan all the pointers, after which you restart the game, find the new address and continue the pointer scan with the new address? And can I just create my own offset?
_________________
Silence will fall when the question is asked...
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Wed Nov 27, 2013 4:19 pm    Post subject: Reply with quote

Here is a compare that I used for Assassin's Creed I:

Code:
push ebx
mov ebx,[eax+C4]
mov ebx,[ebx+2C]
mov ebx,[ebx+0C]
cmp ebx,71935F3E
pop ebx
jne originalcode


As you can see, the pointer is 2 levels deep. The +C4 was the first offset (the pointer). The +2C was the next offset under that, and the +0C was the next offset inside that pointer.

Code:
Pointer at +C4 offset
    --pointer with +2C offset
            --4 byte hex value (71935F3E) with +0C offset


The pointer scanner can be adjusted to run faster...but sometimes, there is just no way around it. However, there are tricks that can be used to speed it up. For example, you can use the instruction that writes/accesses your address and save it to your code list, that way, you do not have to find the address each time. Also, you can use the pointer scan list itself, to give you the address that you need...then just rescan it. There are also other things that can be done...just remember, you don't have to keep rescanning until you have 200 values left...you can stop after your first scan as long as the pointer still works.
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Wed Nov 27, 2013 4:33 pm    Post subject: Reply with quote

I remember some people saying that you could change the search range. How would that work, since you can only see the offset in the dissection?
_________________
Silence will fall when the question is asked...
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Wed Nov 27, 2013 4:41 pm    Post subject: Reply with quote

You can set the search range for the main scanning function. For example, let's say you dissect data structures on an instruction, and use a 4096 structure size...your address range in your structure might be 00143000 - 00143FFC. So, you could set your search range to match that. I'm not entirely sure how that is more advantageous than just using the structure lock function for finding a static offset, however. I can use Snagit and take a screen capture of my entire structure because it scrolls the list during capture etc.
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Thu Nov 28, 2013 2:26 am    Post subject: Reply with quote

Where's the lock function?
_________________
Silence will fall when the question is asked...
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu Nov 28, 2013 2:42 am    Post subject: Reply with quote

Right-click on the group/address that you want to lock (in the address text field).

Add two of the same address, and lock one to see what changes.
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Thu Nov 28, 2013 4:23 am    Post subject: Reply with quote

And after it gets locked, then what? Cause the same offsets are still there and I don't know how to tell them apart from the dynamic ones. A feature where every changed offset would get automatically removed would be much better.
_________________
Silence will fall when the question is asked...
Back to top
View user's profile Send private message
TsTg
Master Cheater
Reputation: 5

Joined: 12 Dec 2012
Posts: 334
Location: Somewhere....

PostPosted: Thu Nov 28, 2013 6:58 am    Post subject: Reply with quote

i don't understand, do the offsets to a certain value's pointer change?, or you are trying to select the correct pointer from some pointers, each one has offsets not the same as others ?, what i mean is:

Case A)

Pointer 1: [[[[0xZZZZZZ+ B0] + AB] + 90] + ....]
Pointer 2: [[[[0xYYYYYYY+ C0] + DD] + 10] + ....]

can not select the correct pointer in here? or

Case B)

Pointer 1: [[[[0xZZZZZZ+ B0] + AB] + 90] + ....]
Pointer 1: [[[[0xZZZZZZ+ 30] + C0] + 3B] + ....]

pointer have variable offsets ??
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu Nov 28, 2013 11:29 am    Post subject: Reply with quote

kik4444 wrote:
And after it gets locked, then what? Cause the same offsets are still there and I don't know how to tell them apart from the dynamic ones. A feature where every changed offset would get automatically removed would be much better.
-I believe this is why someone mentioned using the scan feature (from the main interface) and limiting your search range might come in useful; i.e. you can remove the addresses that change from your search list there.

Personally, I've never needed to do that and I'm not entirely sure how beneficial it would be.

What game and cheat are you having problems with?
Back to top
View user's profile Send private message
kik4444
Expert Cheater
Reputation: 0

Joined: 07 Sep 2013
Posts: 120
Location: Bulgaria

PostPosted: Thu Nov 28, 2013 2:12 pm    Post subject: Reply with quote

Well I was trying to make a small trainer for Dead Space 3 for myself, but I just can't find a static offset. And the ones that I thought I found, only applied to 1 difficulty, and the others crashed the game after a certain point. But if you're having problems finding a good offset, I don't think the game matters, as this problem can occur in any game.
_________________
Silence will fall when the question is asked...
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu Nov 28, 2013 5:52 pm    Post subject: Reply with quote

Could you please clarify if you referring to a pointer offset or if you are referring to a structure offset that is used for compare/ID?

Listing the game title can help because people might have the game and/or have tackled the same issues etc.

If you are having issues with pointer addresses, use injection.
If you are having issues with structure offsets (for comparing/filtering), there are different things that can be done to work around these issues.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites