Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[HELP]Pointers from scanning used in trainers

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
CyberAce
How do I cheat?
Reputation: 0

Joined: 19 Jul 2015
Posts: 3

PostPosted: Sun Aug 30, 2015 1:26 pm    Post subject: [HELP]Pointers from scanning used in trainers Reply with quote

SIMPLE EXPLANATION:

I have been able to successfully use cheatengine to find addresses, inject pieces of code and modify values where necessary. The problem I have is when I try to use this in Code. How Do I use the results from a pointer scan like "target.exe" + 748345 in code to read or write values.




DETAILED EXPLANATION AND EXTRA QUESTIONS:

I know I'm asking a lot of questions but please bear with me. I'm a beginner and need help. I'm sure everyone was like me (- the stupid) at one point.


I have a few questions:

What is the number/offset added to the module?
like 748345 in "target.exe" + 748345

Why do most source codes I download and read through use addresses? Im talking about something like 0x45B7B87A and a few offsets maybe 0xC4 and 0x56, and why don't I ever see anything like "target.exe" + 748345 in the source code of a working hack or tutorial? I always see a address.

Is it because no one (I mean the advanced users who are actually creating most of the hack) finds addresses using what accesses this address to find the pointers from a static address?

I did a bit of research and found out these "target.exe" are called modules and they have a value when loaded in memory or something.
On another website I found a way to get the base address of the module and apply offsets to that using dwGetModuleBaseAddress. (I haven't been successfully been able to use it yet) .

How will I be able to find out this base address? without having to compile and run my program. Is there a way to find addresses from the results of a pointer scan in cheatengine or do I have to use the find what access this method?

And my final question is why this happens. Why is there a module shown in a pointer from pointer scanning while there is none if you use the find what access this method. And is there a way to make CE display the pointers with the value of the module already shown?

Thank you.
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Aug 30, 2015 1:43 pm    Post subject: Reply with quote

the modulename+offset notation is used, because the location of the module can change every time you run the game. And since windows vista the .exe can do that too

advanced users use the modulename+offset notation, or use aobscan resullts
only old xp users, newbies and rippers who have no idea why an existing trainer does what it does, use a hexadecimal address only


to get the base address you can call the toolhelp32 api's (createToolhelp32Snapshot, module32first/module32next)
or if it's an injected dll, getModuleHandle

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
CyberAce
How do I cheat?
Reputation: 0

Joined: 19 Jul 2015
Posts: 3

PostPosted: Sun Aug 30, 2015 2:33 pm    Post subject: Reply with quote

Thank you for your reply, but i'm still confused about a lot of things ( which is totally my fault).

If the module location keeps changing, how does the programs which use things like the example Im going to give work? It doesn't have a module listed anywhere in the code. Heres the part which has the pointers. How could the person have found these? I'm guessing he didn't pointer scan. Or is there a way to get values like these through pointer scanning. i know im not explaining well, but its difficult to explain something you don't understand yet.


Code:
#define GAME_CLIENT_ADDRESS   0x142CB0E88
#define GRAPHICS_ADDRESS   0x142CB0BE8

enum Entity_t {
   ENTITY_ORIGIN   = 0x1D0,
   ENTITY_VELOCITY   = 0x200,
   ENTITY_NEXT      = 0x350,
   ENTITY_NAME      = 0x3CC,
   ENTITY_TYPE      = 0x500,




Those are some addresses and offsets used in a hack which was released a while ago. My question is if I tried to find the same addresses, I would use pointer scan which I assume is the something viable and which I found the easiest, but I would get something like "target.exe" + something and a bunch of ofsets. How did he get something like 0x142CB0E88 ?
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Sun Aug 30, 2015 3:03 pm    Post subject: Reply with quote

perhaps the address is part of an .exe that has opted out of relocation

e.g the game.exe could always load at 142c00000, making his actual addesses game.exe+b0e88 and game.exe+b0be8

alternatively, that script of his doesn't work for anyone else besides his own system and he encountered the predictable allocation algorithm used by windows (prior to 8) making him think it's always allocated there (the predictability depends on things like devices and software installed)

really, the biggest mistakes i often see are people posting scripts with raw addresses like that and then they wonder why it doesn't work for other people

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
CyberAce
How do I cheat?
Reputation: 0

Joined: 19 Jul 2015
Posts: 3

PostPosted: Sun Aug 30, 2015 3:12 pm    Post subject: Reply with quote

Its from a Public external ESP Source code. and I'm sure it worked for everyone who downloaded the compiled version. A lot of source codes(most actually) I found and looked through had a address and a few offsets like 0x142CB0E88 and a few offsets.

If you made a trainer or RPM program, how would you do it?
finding the address and offsets through pointer scanning? Or some other way? Then using toolhelp32's api to get the base address and get the pointer from inside the program? I just want to know how everyone does it.

I think Ill be able to create what I want if I can just get a static address like 0x142CB0BE8 and the offsets to the specific value I want.

if this isn't the right place to ask about Pointers to Code, I could try getting help from somewhere else.
Back to top
View user's profile Send private message
Rydian
Grandmaster Cheater Supreme
Reputation: 31

Joined: 17 Sep 2012
Posts: 1358

PostPosted: Sun Aug 30, 2015 5:48 pm    Post subject: Reply with quote

If you want to target game code for either reading (for some reason) or modifications (for cheats), go for AOBs.

http://forum.cheatengine.org/viewtopic.php?t=570083
The tutorial starts off with background and explanation, then shows you how to target game code with AOBs by hand for byte replacement, then ends by showing you the AOB injection template (assuming you'll know what to do with it by then).

However if you're just wanting to expose player/game variables, there's a few methods here, one of which involves an AOB to code to copy structure base addresses out.
http://forum.cheatengine.org/viewtopic.php?t=572465



And yeah, a lot of tutorials you'll find out there, especially ones from a few years back, will only fully work on older games. Programming languages and compilers have changed over the years, especially the adoption of JIT stuff and interpreted scripts for games.

_________________
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites