Cheat Engine

Seneekikaant · Posted: Thu Nov 10, 2016 2:32 am Post subject: Arrays and allocations

I did a search on google and had a quick browse and didn't find an answer to what I'm wondering, so please forgive me if this has been covered.

What I would like to to is an injection copy with some allocated memory to get the base address of an item in game, however this particular game doesn't have every item put nicely in one base address where I can just change the offset to get to each item. It seems to just put each item in its own random address and I haven't been able to find a pattern with that either, but I did find a particular offset value that only items share as a way to filter out undesired addresses.

So when I try an injection copy using the usual methods, I only get one address (expected behaviour) but I noticed when I look at what addresses are accessed by the code, each time I trigger the event, the code gets run 8 times (I only have 8 items currently) and that gave me a great idea to switch over to Lua and have each address put into an array and then use a for loop to put each address into its own allocated place in memory so these addresses can be found (this is a very touchy game, it crashes if you modify the wrong value, or even put a value that's too high).

I'm just wondering if that's even possible, and if so, how do I implement something like that into CE? Would it be best to make the script entirely out of Lua or switch between ASM and Lua?

ParkourPenguin · Posted: Thu Nov 10, 2016 8:33 am Post subject:

Did you check for a sequence of pointers to your items? I'm willing to bet the array you're trying to make is already stored in the game somewhere.

Cake-san · Posted: Thu Nov 10, 2016 8:57 am Post subject:

you can also make some loops out of asm Rolling Eyes

Seneekikaant · Posted: Fri Nov 11, 2016 9:47 am Post subject:

ParkourPenguin · Posted: Fri Nov 11, 2016 11:02 am Post subject:

I believe I understand what you meant now. That instruction accesses the addresses of all your items, but with your current code, it's copying all of them into the same address. This leaves the last item accessed the only usable address.

I wrote some code for a similar problem in another topic here. The Lua code may not apply to whatever you want to do and you may need to change some of the registers in the AA script, but the AA script isn't a bad reference to see how to add values to a buffer. Note that if items can be removed from your inventory, you'll need to remove them from the buffer as well.

There is a difference between a pointer to an item and the item itself. I'm not surprised the items are loaded at different spots in memory, since that's certainly not uncommon. What I'm referring to is a sequence of pointers, or addresses whose values are other addresses, to the items. If you haven't worked with pointers before, complete the CE tutorial: it contains useful information I'm sure you'll find helpful now and in future endeavors.

Find the probable base addresses of the item structures (probably ecx based on your code). Search for those addresses using a grouped value scan. The values should be 4-byte and out of order. If you find something, great- it's probably used by the game to manage your items. If not... well, there's probably something somewhere, but finding it like that isn't a very good option.

Personally, it would be easier and faster to look at how the game is deriving a reference to the items (i.e. backtracing), but that requires knowledge of assembly. The code immediately leading up to the instruction which accesses the items might contain useful information. If you're at a complete loss, post a screenshot of that so others can analyze it and you might get lucky.

Depending on what you intend to do with the items, the pointer scanner is also an option.

Seneekikaant · Posted: Sat Nov 12, 2016 12:05 pm Post subject:

Yeah, that's what I was getting at. Each item has its own structure by the looks, because normally you'll see something like mov eax,[eax+ecx*4] and ecx will determine the offset, however in this case it's always mov eax,[ecx+30] with no definite gap between base addresses. I even went as far as getting pointers for each one (just scanning the base address and saving the green addresses worked as they're only 1 level deep) and there's no pattern that I can find to determine between them to try figuring out where to go from there.

I did manage to get a loop going, but ecx stayed the same value throughout the entire loop, so I obviously messed that up somewhere, but backtracing back as far as I could (I went all the way back to where the register first gets assigned the right address, and then back to where the instruction that sets that gets the info from etc 3 levels deep) and still no luck, but that's what made me think a for loop in Lua might help, with some way of putting the base addresses in an array and then somehow accessing it as one base address and each position in the array being accessed as an offset.

The main thing I'd like to do with the items is (because they seem to have their own place in the inventory, if you remove an item and then add it back, it goes to the same place, if you remove the item before it, everything moves back one place) just have them mapped out so you can add them at will. But the more I think about it, the more I think it would be easier for me to continue through the game, get at least one of each item, save each pointer for each new item and once I have a full inventory I may be able to find a pattern. I only have 8 items so far with room for about 32 so maybe I'll put this project on hold for a while until I can get more solid info.

Thanks for your help and your link definitely helped a bit, learning new ways to do things is always a benefit.