| View previous topic :: View next topic |
| Author |
Message |
Pastah
Newbie cheater
 Reputation: 0
Joined: 11 May 2020
Posts: 19
|
 Posted: Mon May 11, 2020 5:35 pm Post subject: 0 results for pointer scan |
 |
|
Hi all
So I'm doing a pointer scan on an address that is non-static and it does what I want. So I am trying to find a pointer for this address.
Here's a result from seeing what writes to the address:
| Code: | 7FF72A3AF650 - 0F29 B3 90010000 - movaps [rbx+00000190],xmm6
7FF72A3AF657 - B2 01 - mov dl,01
7FF72A3AF659 - 44 0F29 AB A0010000 - movaps [rbx+000001A0],xmm13 <<
7FF72A3AF661 - 44 0F29 BB B0010000 - movaps [rbx+000001B0],xmm15
7FF72A3AF669 - EB 08 - jmp SpaceHulkGame-Win64-Shipping.exe+12EF673
RAX=0000000000000000
RBX=000001C857373990
RCX=000001C857373990
RDX=000000386C6CE201
RSI=0000000000000000
RDI=0000000000000000
RSP=000000386C6CE280
RBP=000000386C6CE380
RIP=00007FF72A3AF661
R8=0000000000000000
R9=0000000000000000
R10=000001C80DBC0000
R11=000000386C6CE0F0
R12=000001C880AE5580
R13=0000000000000000
R14=000000386C6CEA30
R15=000000386C6CEA40 |
I notice every run of the game, there's an offset of 000001A0, even in what access this address.
So I generate a pointer map, then right click the address and try "Pointer scan for this address" and supply my generated pointer map, here are my settings:
I get 0 results everytime, but if I take off "Pointers must end with specific offsets", then I get results.
Why does it not work with this offset?
Again here are the offsets:
| Description: |
|
| Filesize: |
30.31 KB |
| Viewed: |
3288 Time(s) |
|
| Description: |
|
| Filesize: |
49.09 KB |
| Viewed: |
3288 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25838
Location: The netherlands
|
| Posted: Mon May 11, 2020 6:20 pm Post subject: |
|
|
instead of "use saved pointermap" use "compare against saved pointermap"
As for it not finding with the offsets, try a higher structsize (perhaps none of the paths found matches the correct one) or it's possible that the offset is just a offset to a object embedded in a main structure
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Pastah
Newbie cheater
Reputation: 0
Joined: 11 May 2020
Posts: 19
|
| Posted: Mon May 11, 2020 6:39 pm Post subject: |
|
|
| Dark Byte wrote: | instead of "use saved pointermap" use "compare against saved pointermap"
As for it not finding with the offsets, try a higher structsize (perhaps none of the paths found matches the correct one) or it's possible that the offset is just a offset to a object embedded in a main structure |
Sorry, I am not familiar with what you mean by higher struct size in the program. Where is this option/functionality?
"it's possible that the offset is just a offset to a object embedded in a main structure"
If the offset is just an offset for another pointer, shouldn't pointer scan still work?
So I found some pointers without utilizing the offset, but I notice the majority of them end with 1A8 instead of 1A0, why is this? (see attachment) Is this because this was actually a double and not a float or something like that?
Lastly, I had to end these scans since it seemed like there was no progress bar and it was just a stopwatch ticking up. Do pointer scans even end? I left one on for like 30 minutes and it was still scanning.
EDIT:
I noticed that either X or Y coordinate has the offset 1A0 now. I am very confused.
| Description: |
|
| Filesize: |
50.36 KB |
| Viewed: |
3274 Time(s) |
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4721
|
| Posted: Mon May 11, 2020 8:49 pm Post subject: |
|
|
"movaps" means "move aligned packed floats" (float = single precision floating point value). It moves 4 floats at once. This is why the offset appears to be 1A0 for both x and y.
In the picture in your previous post (45789634589.png), the float you're trying to find a pointer to looks to be the third in this group of 4 floats (first = +0, second = +4, third = +8, fourth = +C).
To get the real offset, take the address you're watching accesses/writes to and subtract from it the value in the base register of the addressing mode in that instruction. e.g. if you're watching 4010C, the instruction "movaps [rdi+100],xmm0" accesses it, and rdi = 40000, the offset would be 4010C-40000 = 10C.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Pastah
Newbie cheater
Reputation: 0
Joined: 11 May 2020
Posts: 19
|
| Posted: Mon May 11, 2020 9:25 pm Post subject: |
|
|
| ParkourPenguin wrote: | "movaps" means "move aligned packed floats" (float = single precision floating point value). It moves 4 floats at once. This is why the offset appears to be 1A0 for both x and y.
In the picture in your previous post (45789634589.png), the float you're trying to find a pointer to looks to be the third in this group of 4 floats (first = +0, second = +4, third = +8, fourth = +C).
To get the real offset, take the address you're watching accesses/writes to and subtract from it the value in the base register of the addressing mode in that instruction. e.g. if you're watching 4010C, the instruction "movaps [rdi+100],xmm0" accesses it, and rdi = 40000, the offset would be 4010C-40000 = 10C. |
Wow it's as you say and I got the same offset. Thanks for that! 
| Dark Byte wrote: | | instead of "use saved pointermap" use "compare against saved pointermap" |
Why? What the difference between the two? I thought use saved pointermap is for generated pointermaps?
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25838
Location: The netherlands
|
| Posted: Tue May 12, 2020 2:29 am Post subject: |
|
|
No, use saved pointermaps is for when you need to do a scan when the game has closed or you don't own the game and got the pointermap from a friend
compare against pointermap is the one you need so that two pointermaps (the current state and the saved state from a previous run) can be compared against and leave only matching results, saving your harddisk
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Pastah
Newbie cheater
Reputation: 0
Joined: 11 May 2020
Posts: 19
|
| Posted: Tue May 12, 2020 3:11 am Post subject: |
|
|
Thanks for the info.
Do pointerscans ever finish? All the time I end up closing them after a couple minutes where results go into the hundreds or thousands or whatever.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25838
Location: The netherlands
|
| Posted: Tue May 12, 2020 3:26 am Post subject: |
|
|
that is why you must use pointermaps of different runs
After finding the address and generating a pointermap, CLOSE THE GAME and restart it
then refind the address and do a pointerscan while comparing against the previous pointermap you made
And yes, pointerscans do eventually finish
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Pastah
Newbie cheater
Reputation: 0
Joined: 11 May 2020
Posts: 19
|
| Posted: Tue May 12, 2020 3:51 am Post subject: |
|
|
| Thank you for the help!
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
