 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
alexmoran
How do I cheat?
![]() Reputation: 0
Joined: 04 May 2020
Posts: 2
|
 Posted: Mon May 04, 2020 5:37 pm Post subject: Static Pointer Addresses |
 |
|
Hey, I am new using Cheat Engine, I couldn't fully understand some things, I don't know if it's due to my lack of knowledge though.
When we search for values, our main goal is to find static pointers to that address. But is the memory allocated at the same place every time?(Relative to the program's memory place of course) I don't know if a program gets compiled, when we execute it every time all memory is relative to the base module and that's the case every time. So is it true, can I use that memory address in my C++ programs?
One other question is, when we search a memory address by value, sometimes(actually frequently) we have to trace back from pointers that point to our desired address. What is the reason behind this? Does this happen when the game uses pointers and what we find is that pointer's address at the first place or this is some other thing about Cheat Engine?
Sorry if I bother you but one other thing is, sometimes when I trace back from pointers(I don't know if it's the right term or even true) I get multiple static pointers(green ones i think) and some non-static pointers. And after that stage I don't know what really to do, so I choose one of the static ones and use it, but it works for a while then it points to "??", but the other ones or a few are fine still. What am I doing here and what are your suggestions?
|
|
| Back to top |
|
 |
OldCheatEngineUser
Whateven rank
 Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Sat May 09, 2020 12:21 pm Post subject: Re: Static Pointer Addresses |
|
|
| alexmoran wrote: | | When we search for values, our main goal is to find static pointers to that address. |
when you search for value, your goal is to find the memory address within the virtual address space that holds the current value.
when you search for addresses i.e. pointers, then your goal should be to find a static address that resides within the readable/writable data section of that executable or the loaded module.
| alexmoran wrote: | | I don't know if a program gets compiled, when we execute it every time all memory is relative to the base module and that's the case every time. So is it true, can I use that memory address in my C++ programs? |
only bytecode languages are compiled at runtime. (there are some exceptions)
when you execute your program only physical sections (within executable file) have relative offset, all other memory allocation is determined by the OS and sometimes by developer if the desired virtual page is available.
you can use the static addresses, but not the dynamic ones unless you find the offsets for the dynamic address that lead to a static address.
| alexmoran wrote: | | One other question is, when we search a memory address by value, sometimes(actually frequently) we have to trace back from pointers that point to our desired address. What is the reason behind this? Does this happen when the game uses pointers and what we find is that pointer's address at the first place or this is some other thing about Cheat Engine? |
imagine that as a Tree -> Trunk -> bud -> leaves
the first thing you will find is the value you want (leaf)
then you will find the first pointer to that leaf, which is bud which is still dynamic
then trunk and finally the static tree pointer.
| alexmoran wrote: | | And after that stage I don't know what really to do, so I choose one of the static ones and use it, but it works for a while then it points to "??", but the other ones or a few are fine still. What am I doing here and what are your suggestions? |
that because game developer can use temporary pointers, can reuse some pointers for other purposes and so on.
also there are many different static addresses you can find, sometimes different in-game functions have different pointers to a different static addresses.
it heavily depends on the game engine, developers and sometimes the instruction you picked to do the manual pointer search.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
alexmoran
How do I cheat?
![]() Reputation: 0
Joined: 04 May 2020
Posts: 2
|
| Posted: Mon May 11, 2020 6:56 pm Post subject: Re: Static Pointer Addresses |
|
|
| OldCheatEngineUser wrote: | | alexmoran wrote: | | When we search for values, our main goal is to find static pointers to that address. |
when you search for value, your goal is to find the memory address within the virtual address space that holds the current value.
when you search for addresses i.e. pointers, then your goal should be to find a static address that resides within the readable/writable data section of that executable or the loaded module.
| alexmoran wrote: | | I don't know if a program gets compiled, when we execute it every time all memory is relative to the base module and that's the case every time. So is it true, can I use that memory address in my C++ programs? |
only bytecode languages are compiled at runtime. (there are some exceptions)
when you execute your program only physical sections (within executable file) have relative offset, all other memory allocation is determined by the OS and sometimes by developer if the desired virtual page is available.
you can use the static addresses, but not the dynamic ones unless you find the offsets for the dynamic address that lead to a static address.
| alexmoran wrote: | | One other question is, when we search a memory address by value, sometimes(actually frequently) we have to trace back from pointers that point to our desired address. What is the reason behind this? Does this happen when the game uses pointers and what we find is that pointer's address at the first place or this is some other thing about Cheat Engine? |
imagine that as a Tree -> Trunk -> bud -> leaves
the first thing you will find is the value you want (leaf)
then you will find the first pointer to that leaf, which is bud which is still dynamic
then trunk and finally the static tree pointer.
| alexmoran wrote: | | And after that stage I don't know what really to do, so I choose one of the static ones and use it, but it works for a while then it points to "??", but the other ones or a few are fine still. What am I doing here and what are your suggestions? |
that because game developer can use temporary pointers, can reuse some pointers for other purposes and so on.
also there are many different static addresses you can find, sometimes different in-game functions have different pointers to a different static addresses.
it heavily depends on the game engine, developers and sometimes the instruction you picked to do the manual pointer search. |
Thank you, but what you meant by physical sections?
And I've read green may not mean always static addresses and can change time to time and not safe to use it in a program always. Is it true or it is completely safe to use that static address. If not what are better ways to do it?
|
|
| Back to top |
|
|
DanyDollaro
Master Cheater
![]() Reputation: 3
Joined: 01 Aug 2019
Posts: 334
|
| Posted: Tue May 12, 2020 1:27 pm Post subject: |
|
|
| alexmoran wrote: | | And I've read green may not mean always static addresses and can change time to time and not safe to use it in a program always. Is it true or it is completely safe to use that static address. If not what are better ways to do it? |
The green addresses indicate that the address is allocated on a module (a module can be a Dll or an Exe mapped in the virtual address space of the process), those are formed by the name of a module plus an offset, therefore if initially the green address will be in a position and after restarting the program it will be in a different memory location, but if you have the name of the module and the offset you can easily go back to the current position, just know the base address of the module and add the offset, but there are cases where they can change, for example if a program is updated it is possible that that pointer no longer works.
The reason why addresses change when you restart the program is called "address space layout randomization (ASLR)" is a system of memory protection that make buffer overrun attacks (and other type of attacks) less effective, In other words, the ASLR makes it more difficult for programs like viruses to infect the OS.
Last edited by DanyDollaro on Tue May 12, 2020 3:29 pm; edited 2 times in total |
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Tue May 12, 2020 2:35 pm Post subject: |
|
|
| DanyDollaro wrote: | | The reason why addresses change when you restart the program is called "address space layout randomization (ASLR)" is a system of memory protection that make buffer overrun attacks (and other type of attacks) less effective, In other words, the ASLR makes it more difficult for programs like viruses to infect the OS. |
ASLR does not affect virtual address space, but relocation can affect the virtual address space (per module).
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
DanyDollaro
Master Cheater
![]() Reputation: 3
Joined: 01 Aug 2019
Posts: 334
|
| Posted: Wed May 13, 2020 3:32 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | | ASLR does not affect virtual address space, but relocation can affect the virtual address space (per module). |
How can you say that the ASLR does not affect the virtual address space? From what source did you get this? I'd like to consult it
|
|
| Back to top |
|
|
OldCheatEngineUser
Whateven rank
Reputation: 20
Joined: 01 Feb 2016
Posts: 1586
|
| Posted: Wed May 13, 2020 4:25 pm Post subject: |
|
|
| OldCheatEngineUser wrote: | | ASLR does not affect virtual address space, but relocation can affect the virtual address space (per module). |
in context of relative address and finding static pointer, as we are talking about static addresses that points to other stuff.
as for base address, it can be found using multiple methods.
_________________
About Me;
I Use CE Since Version 1.X, And Still Learning How To Use It Well!
Jul 26, 2020
| STN wrote: | | i am a sweetheart. |
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
