Cheat Engine

joaotande · How do I cheat? Reputation: 0 Joined: 14 Nov 2014 Posts: 5

Dynamic Pointers

Hello guys,

I am trying to find the memory position where I can see the position of the avatar in the game Nidhogg.
I found this position and after a little time I found the base pointer that show me where this memory position is stored.

Now, everytime that I start the game I can see in my software what is the avatar position!

My problem is that everytime that the avatar dies this base pointer change and I have not been able of find a common base pointer to use all the long game.

I am thinking about dynamic pointer created on execution time... But I do not have any idea how I can fix it.

Do you guys have any idea?

Dark Byte · Posted: Fri Nov 14, 2014 5:22 pm Post subject:

that means you didn't find a proper pointer.
It's valid the first time because things allocate in a specific order, but the actual pointer is more complex (more levels and different offsets) which shows when you die, because a new avatar is created after other things have been created

As how to fix it not sure how to explain. How did you find your pointer in the first place ?

joaotande · How do I cheat? Reputation: 0 Joined: 14 Nov 2014 Posts: 5

After I found the memory position that I was looking for I added it to my address list, and with the right mouse button I went to "Pointer Scan for this address".

So, it created a big list and after 5 times closing and opening the game again I found a list with 100 valid pointers.

All these valid pointer worked good with my avatar. However, when my avatar dies all my pointers do not work for the next avatar that is born. So if I keep looking for a good pointer my list goes to zero.

Dark Byte · Posted: Fri Nov 14, 2014 5:50 pm Post subject:

Did you use the default level and structsize (5/2048) ?
Anyhow, try a higher level and structsize than the one you did (do a small increment, like level 6/2048, or 6/2500)
and then restart and die and rescan

if it fails again, increment it a bit again (e.g level 6/3192, or even lvl 7/2048 )

Oh yes, never click stop during a pointerscan, if you do CE will delete the best pointer

and you may have to fall back on code injection if pointers take too long

joaotande · How do I cheat? Reputation: 0 Joined: 14 Nov 2014 Posts: 5

Are u talking about the "Maximum offset value" and "Max level" or even "Nr of threads scanning"?

Dark Byte · Posted: Fri Nov 14, 2014 6:10 pm Post subject:

max offset value and max level. Nr of threads scanning can be left alone

joaotande · How do I cheat? Reputation: 0 Joined: 14 Nov 2014 Posts: 5

Thank you so much Dark Byte!
That worked like magic!

Do you know any document where I can understand why it is working now with your solution?

Dark Byte · Posted: Fri Nov 14, 2014 7:46 pm Post subject:

Not really documentation but I'll try to explain what happened

Programs exist out of memory
And that memory you can split up into blocks that are linked together with pointers
Normally when a game allocates memory, it picks a free block of memory at the end of the last allocated block

Because of that a pointer pointing to one block can be given a big enough offset so it points to another unrelated block

This way the pointerscanner will be able to find with a too small level the address, as long as the same block always follows the block the pointer actually points at, but as you've seen, once the player gets freed and reallocated it gets placed behind another unrelated block, making the pointer you found invalid

As for levels:
It just means how many blocks in a chain of linked blocks can be evaluated before giving up.

joaotande · How do I cheat? Reputation: 0 Joined: 14 Nov 2014 Posts: 5

I guess I understood it. Thank you again Dark Byte.