View previous topic :: View next topic |
Author |
Message |
kanakis Cheater Reputation: 0
Joined: 19 Feb 2015 Posts: 28
|
Posted: Mon Jul 27, 2015 8:55 am Post subject: if its not float or 4byte what else can it be? |
|
|
I am looking for the value of numbers of stables that I have on the map, or the number of stables that I have built in aoe2.
After a lot of painful searching I found out it is not float or 4byte.
To find out the number I usually build them and delete them until there is not valid memory address. 0 addresses found.
Since I have found out that number of barracks and number of town centers are 4 bytes I am puzzled.
Question:
What different type could it be or is it possible there isn't a variable for what I am looking for?
I can provide my table for whoever is interested to help me
|
|
Back to top |
|
|
Daijobu Master Cheater Reputation: 13
Joined: 05 Feb 2013 Posts: 301 Location: the Netherlands
|
Posted: Mon Jul 27, 2015 9:05 am Post subject: |
|
|
_________________
|
|
Back to top |
|
|
kanakis Cheater Reputation: 0
Joined: 19 Feb 2015 Posts: 28
|
Posted: Mon Jul 27, 2015 9:10 am Post subject: |
|
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Jul 27, 2015 10:45 am Post subject: |
|
|
4 byte changed/unchanged and then try to figure it how it works
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
gameplayer Advanced Cheater Reputation: 2
Joined: 26 Jun 2011 Posts: 97 Location: Vietnam
|
Posted: Mon Jul 27, 2015 11:08 am Post subject: |
|
|
I used to play the game a long time ago. The game used 2 byte integer to store the attack damage. The offset for this address usually is divisible by 2 but not divisible by 4 (for example, offset=2 or 6 or 0x0A). I don't remember much about this game. I wish you could make a good table and good luck.
|
|
Back to top |
|
|
kanakis Cheater Reputation: 0
Joined: 19 Feb 2015 Posts: 28
|
Posted: Mon Jul 27, 2015 11:18 am Post subject: |
|
|
Dark Byte wrote: | 4 byte changed/unchanged and then try to figure it how it works |
I don't understand
gameplayer wrote: | I used to play the game a long time ago. The game used 2 byte integer to store the attack damage. The offset for this address usually is divisible by 2 but not divisible by 4 (for example, offset=2 or 6 or 0x0A). I don't remember much about this game. I wish you could make a good table and good luck. |
You are correct!
I find it every time that it is a 2 byte type.
But I have the following problem:
Pointer scan seem to only be working for 4 bytes.
And regular scan, gives me 20 addresses for the first pointer and there might be something odd with the offsets, because none of the 20 addresses returns me the correct value (in 2 byte).
And finally another question that I have:
if a 4 byte data type is 20000 in decimal and let's say 0101 1000 0001 0001 in 4 bytes. Which bits does 2 byte data type use out of 16? What happens to the rest bits?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Jul 27, 2015 11:34 am Post subject: |
|
|
You use unknown initial value and then changed/unchanged scans to find out the address and then look at it to figure out how it works.
e.g if only the first 16 bits of the value have an effect, then it's probably a 2 byte value
and if the value makes no sense, it's probably encrypted (e.g resources in this game use an xor encryption)
Also, pointerscan doesn't care what type it is. (assuming you're scanning for the address you found, not the value)
it may round down the address, but in those cases just increase the last offset with 1,2 or 3
When looking for pointers, always use 4 byte hex, NEVER 2 byte. 2 byte is not a pointer (unless it's DOS, but AOE2 is a windows game)
As for the last question, the binary representation for that isn't 20000 , the bits you've shown are in 2 bytes, so it just doesn't make any sense
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
kanakis Cheater Reputation: 0
Joined: 19 Feb 2015 Posts: 28
|
Posted: Mon Jul 27, 2015 11:44 am Post subject: |
|
|
thanks Dark Byte.
Regarding the last part I was meant to say
If a value is
0101 1000 0001 0001 0101 1000 0001 0001
in 4 bytes
and I want to convert that in 2 bytes via cheat engine
will it take the last 16 bits or something different?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Jul 27, 2015 12:09 pm Post subject: |
|
|
it will take the first 2 bytes and displays that as a value instead of the first 4 bytes
CE assumes little endian, and in there it doesn't matter what the start address is and the type it's interpreting
a 4 byte value of 100 will be 100 in 2 byte and in 1 byte
a 4 byte value of 300 will be 200 in 2 byte, but 44 in 1 byte
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
kanakis Cheater Reputation: 0
Joined: 19 Feb 2015 Posts: 28
|
Posted: Mon Jul 27, 2015 12:22 pm Post subject: |
|
|
Dark Byte wrote: | it will take the first 2 bytes and displays that as a value instead of the first 4 bytes
CE assumes little endian, and in there it doesn't matter what the start address is and the type it's interpreting
a 4 byte value of 100 will be 100 in 2 byte and in 1 byte
a 4 byte value of 300 will be 200 in 2 byte, but 44 in 1 byte |
makes perfect sense! thanks again!
2 last questions and I am done:
1)Need advice on what to put on the red brackets on a level 2 pointer. It seems the values that I put return the wrong value (something different than 6 (see screenshot)
2) If I am about to pointer scan for a 2 byte value. And the first scan returns million pointers, and the second scan nothing. what setting do you recommend on the pointer scan? (see screenshot)
Description: |
|
Filesize: |
118.53 KB |
Viewed: |
10831 Time(s) |
|
Description: |
|
Filesize: |
519.73 KB |
Viewed: |
10831 Time(s) |
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Mon Jul 27, 2015 12:30 pm Post subject: |
|
|
1: offsets go from bottom to top, so 3b6 (under it c ) and base address one of the addresses in the list.
of course, none of them are green(excluding unrelated system dll's)
so you'll have to find out what accesses each and every one of those addresses and continue from there for a lvl3 pointer, or more (try 10f4c4e8 or 11095388 )
2: Check the result address of the first scan. CE may have aligned the results on a 4 byte address, so it may have done a scan for 11150464.
When rescanning you have to keep that in mind. (you'll have to do the adjustment yourself then)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
kanakis Cheater Reputation: 0
Joined: 19 Feb 2015 Posts: 28
|
Posted: Mon Jul 27, 2015 12:39 pm Post subject: |
|
|
I will follow your advice. But I have to go now.
What can I do to show my appreciation? donation?
Quote: | 2: Check the result address of the first scan. CE may have aligned the results on a 4 byte address, so it may have done a scan for 11150464. |
that's exactly what CE did. I am puzzled what to do on next scan
EDIT: I just re-scanned with the new address xxxxxxxx -2 and it worked like a charm!!!!!!!
EDIT2: I found the pointer. Thanks!
|
|
Back to top |
|
|
CEForumMember Expert Cheater Reputation: 4
Joined: 06 Jul 2015 Posts: 110
|
Posted: Mon Jul 27, 2015 3:42 pm Post subject: |
|
|
Under Dark Byte's avatar there is a reputation icon with yellow thumbs up.
You can click the yellow thumbs up and leave a comment to show your appreciation.
I myself don't know how the donation works.
_________________
|
|
Back to top |
|
|
gameplayer Advanced Cheater Reputation: 2
Joined: 26 Jun 2011 Posts: 97 Location: Vietnam
|
Posted: Mon Jul 27, 2015 10:21 pm Post subject: |
|
|
You should find the pointer to unit's health only when the unit is selected. This pointer could be a 3 level pointer (such as [[[filename.exe+offset]+offset1]+offset2]+30 with float type for health). The address will be 4 byte aligned address and can easily be used in pointer scan. From the base address that contains health address, you should use the 'dissect data structure' function to expend the pointer with offset 8 then expend the offset 130 (this offset could be higher in some newer versions) and find your attack damage here (the 2 byte value with offset 6 or 0x0A or 0x0E). The offset for damage may be different among different units. I didn't know how to know which offset is used. Maybe, the 2 lower bytes is related to some checking the game used to indicate the right offset. I might not remember exactly. You should find out by yourself.
|
|
Back to top |
|
|
|