|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Mark Danielle Advanced Cheater Reputation: 0
Joined: 22 Aug 2012 Posts: 97
|
Posted: Thu Dec 11, 2014 11:59 am Post subject: Automate pointerscan? |
|
|
I have a game which gets updated fairly frequently, so I would like to automate the retrieval of reliable pointers using CheatEngine's Lua engine.
Is this possible?
I thought of something like this:
1. Start target process and initialize
2. AOB scan for target address
3. Pointer scan/rescan for address
These steps would be repeated 5-20 times to remove most if not all invalid pointers. Then save the first result from the pointerscan to a file.
I can't seem to find any Lua functions related to the pointer scanner, so it seems that this may not be possible.
Thoughts?
|
|
Back to top |
|
|
mgr.inz.Player I post too much Reputation: 218
Joined: 07 Nov 2008 Posts: 4438 Location: W kraju nad Wisla. UTC+01:00
|
Posted: Thu Dec 11, 2014 6:05 pm Post subject: |
|
|
if ending offsets do not change, it is better to combine AA scripts (with aobscan) and pointers.
Example:
I found address which keeps backpack size, I found good pointer (many rescans)
It looks like this:
[["Borderlands2.exe"+01ED5520]+46c]+1b8
After game update, I have to find it again. Because I have some experience with this, I just scanned for pointer which ends with 1b8 and 46c. This time, pointer is:
[["Borderlands2.exe"+01aa7a40]+46c]+1b8
As you see, only base changed.
What we can do about this? First, I checked what reads/writes into "Borderlands2.exe"+01aa7a40
If you hit something like this: mov [eax],ecx
You can write AA script (better with AOBSCAN) which will store ECX value into new allocated memory, and register user symbol which will keep address to that allocated memory.
Code: | ...
...
...
alloc(addr,8)
registersymbol(addr)
addr:
dd 0 0
newmem:
...
...
mov [addr],ecx
mov [eax],ecx
...
... |
Pointer will look like this:
[[addr]+46c]+1b8
Of course, if above fails, there are other ways. Maybe "Borderlands2.exe"+01aa7a40 can be found in game code. Just convert it from module+offset format to full address format (only hexadecimal number), then find it with memoryviewer and "search -> find assembly code"
(in my case, address is 02337A40, so I searched for "[02337A40]", without quotes )
In my case, I found this code:
Code: | mov ecx,Borderlands2.exe+01aa7a40 |
I just inject code (AA script) in the next line and store ECX in registered user symbol:
mov [pointerbase],ecx
and pointer will look like this:
[[ [pointerbase] ]+46c]+1b8
EDIT:
if it is not multiplayer game, you can write it's name.
_________________
|
|
Back to top |
|
|
Mark Danielle Advanced Cheater Reputation: 0
Joined: 22 Aug 2012 Posts: 97
|
Posted: Fri Dec 12, 2014 3:02 am Post subject: |
|
|
You are right, only the base address changes after an update, so a single pointerscan with the correct offsets will find the right pointers. The reason I wanted to automate the retrieval was due to it taking a long time to find good pointers, but now that this is out of the way I do not need to automate it.
I assume the offsets would only change when the game gets major updates where they change the structure of classes and such?
I do not think it is a good idea to use AA in my case, as it is an online game and it would likely be detected if I use it.
Thanks a bunch for the help!
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|