Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Pointerscan yields only THREADSTACKs

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
xedc
How do I cheat?
Reputation: 0

Joined: 06 Feb 2022
Posts: 4
PostPosted: Sun Feb 06, 2022 7:10 am    Post subject: Pointerscan yields only THREADSTACKs Reply with quote
I am new to cheat engine and I am trying to read the memory of a game to make an AI.

When scanning for the pointer of the player position, the only results I get are from THREADSTACKs and not from the game process. I tried this multiple times and even with the max level on 12, but the results weren't different.

Is there some other settings I can tweak to make it work? Or is there a way for me to consistently use THREADSTACKs for my purposes?

Any help will be appreciated.
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4725
PostPosted: Sun Feb 06, 2022 12:31 pm    Post subject: Reply with quote
Objects near the beginning of the stack of the first few threads are usually consistent. It's not uncommon to store some global game state in the stack when the game first starts.

How you can find threadstack addresses yourself:
https://forum.cheatengine.org/viewtopic.php?p=5487976#5487976
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
xedc
How do I cheat?
Reputation: 0

Joined: 06 Feb 2022
Posts: 4
PostPosted: Sun Feb 06, 2022 5:27 pm    Post subject: Reply with quote
Thank you for your reply!

So, I've been playing with threadstacks all day and I still don't quite get them.

First of all, how do I get the base address of the threadstack? CE says the pointer is in "THREADSTACK0"-0000089C, and if I open memory view and use the "Goto address" function looking for "threadstack0", it leads me to the address 0x8FFD10. So if I add 0x89C to this address would that be the base address?

Also, I don't understand what is stored at the address 0x8FFD10, I was expecting to see the value 0x03F3B204 since this is the actual memory address of the player position, so I figured the pointer would be pointing to this address, but turns out the actual value stored at 0x8FFD10 is 0x10FA5E76 and I really have no idea what this is supposed to mean. I also tried 0x8FFD10 plus and minus 0x89C, but they also have seemingly random values.

(Also, sorry if those are dumb questions that shouldn't be asked here, but I was searching and experimenting the whole day and couldn't figure this out)

ce2.png
 Description:
 Filesize:  17.71 KB
 Viewed:  3557 Time(s)

ce2.png
ce.png
 Description:
 Filesize:  3.39 KB
 Viewed:  3557 Time(s)

ce.png
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 152

Joined: 06 Jul 2014
Posts: 4725
PostPosted: Sun Feb 06, 2022 8:43 pm    Post subject: Reply with quote
xedc wrote:
First of all, how do I get the base address of the threadstack?
See the link in my previous post.

xedc wrote:
CE says the pointer is in "THREADSTACK0"-0000089C, and if I open memory view and use the "Goto address" function looking for "threadstack0", it leads me to the address 0x8FFD10. So if I add 0x89C to this address would that be the base address?
That address is "THREADSTACK0"-0000089C - emphasis on the minus sign. You need to subtract 0x89C from the base of the first thread's stack to get to the base address.
This makes sense given stacks grow downwards. i.e. push subtracts from esp/rsp, and pop adds to esp/rsp

xedc wrote:
Also, I don't understand what is stored at the address 0x8FFD10, I was expecting to see the value 0x03F3B204 since this is the actual memory address of the player position, so I figured the pointer would be pointing to this address, but turns out the actual value stored at 0x8FFD10 is 0x10FA5E76 and I really have no idea what this is supposed to mean. I also tried 0x8FFD10 plus and minus 0x89C, but they also have seemingly random values.
0x8FFD10 is THREADSTACK0. It isn't your base address- it's not important. I'd guess 0x10FA5E76 is the reference to ExitThread as mentioned in the linked post.
The base address, "THREADSTACK0"-0000089C, is only the first node in the pointer path to your value. You need to go through 5 other nodes before you can get to the address of your value.
See this old topic for how pointer paths work:
https://forum.cheatengine.org/viewtopic.php?t=422516
(In 64-bit processes, pointers are 8 bytes, not 4)
_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
xedc
How do I cheat?
Reputation: 0

Joined: 06 Feb 2022
Posts: 4
PostPosted: Thu Feb 17, 2022 9:11 am    Post subject: Reply with quote
Thank you so much for your help!

Now I am able to get the values I need with a script. I gave up on trying to get the address of threadstack0 though, because for my purposes it's good enough to find it with cheat engine and manually insert it in my code.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites