Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


my cheat engine pointer scan result 0
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions
View previous topic :: View next topic  
Author Message
wndnfkdj42
Newbie cheater
Reputation: 0

Joined: 18 Aug 2022
Posts: 13

PostPosted: Thu Aug 18, 2022 10:36 am    Post subject: my cheat engine pointer scan result 0 Reply with quote

my cheat engine pointer scan result 0..
please help me
youtu.be/XFLcSZNpaRc
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 457

Joined: 09 May 2003
Posts: 25262
Location: The netherlands

PostPosted: Thu Aug 18, 2022 12:00 pm    Post subject: Reply with quote

try max level 7 or 8


also, there is a chance it's not ending with 4 as offset

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
wndnfkdj42
Newbie cheater
Reputation: 0

Joined: 18 Aug 2022
Posts: 13

PostPosted: Thu Aug 18, 2022 7:17 pm    Post subject: Even if you set it to Max level 7, it doesn't work. Reply with quote

Max level 7 does not work.
Max level 4, 7 is same result
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Thu Aug 18, 2022 7:50 pm    Post subject: Reply with quote

It's a level 2 pointer. And like DB said the last offset isn't 4. It's pretty common for offsets to be added to the address multiple times before it gets to your opcode.
Back to top
View user's profile Send private message
wndnfkdj42
Newbie cheater
Reputation: 0

Joined: 18 Aug 2022
Posts: 13

PostPosted: Thu Aug 18, 2022 8:13 pm    Post subject: Reply with quote

The game has been turned off and on numerous times, but the offset value is 04.
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Thu Aug 18, 2022 8:31 pm    Post subject: Reply with quote

wndnfkdj42 wrote:
The game has been turned off and on numerous times, but the offset value is 04.


This opcode adds 278 to your pointer before it adds your other 4.
Code:
ac_client.exe+38C7E  lea ebx,[edi+00000278]

That makes it a total final offset of 27c.
Back to top
View user's profile Send private message
wndnfkdj42
Newbie cheater
Reputation: 0

Joined: 18 Aug 2022
Posts: 13

PostPosted: Thu Aug 18, 2022 10:04 pm    Post subject: Reply with quote

Did you watch my video?
I don't know what you're talking about.
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Thu Aug 18, 2022 10:11 pm    Post subject: Reply with quote

[[ac_client.exe+10FC84] + 0 ] + 27c
Back to top
View user's profile Send private message
wndnfkdj42
Newbie cheater
Reputation: 0

Joined: 18 Aug 2022
Posts: 13

PostPosted: Thu Aug 18, 2022 10:53 pm    Post subject: Reply with quote

I don't know what you're trying to say because of my lack of knowledge. Do you happen to know why [ac_client.exe+10FC84] + 0] + 27c came out?
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Thu Aug 18, 2022 11:12 pm    Post subject: Reply with quote

In your video you required pointers to end with an offset of 4.
[/img]
If you did a pointer scan without this requirement you should have found the correct one.
Back to top
View user's profile Send private message
wndnfkdj42
Newbie cheater
Reputation: 0

Joined: 18 Aug 2022
Posts: 13

PostPosted: Fri Aug 19, 2022 12:20 am    Post subject: Reply with quote

But without that offset, the search volume will be very high, and I have been doing find out what writes to this address and received that the offset is 04. This value does not change when the game is cycled.
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Fri Aug 19, 2022 2:07 pm    Post subject: Reply with quote

Trace from the location I gave you for 200 ops.
Code:
ac_client.exe+38C7E  lea ebx,[edi+00000278]


The result looks like this.

Code:
ac_client.exe+38C7E - lea ebx,[edi+00000278]  <<<=== your pointer is here. It's stored in ebx register and 278 is added to it.
ac_client.exe+38C84 - push ecx
ac_client.exe+38C85 - mov [esp+1C],ebx
ac_client.exe+38C89 - call ac_client.exe+29C20
   ac_client.exe+29C20 - push ebp
   ac_client.exe+29C21 - mov ebp,esp
   ac_client.exe+29C23 - and esp,-08
   ac_client.exe+29C26 - sub esp,00000138
   ac_client.exe+29C2C - push esi
   ac_client.exe+29C2D - mov esi,eax
   ac_client.exe+29C2F - imul esi,esi,0000012A
   ac_client.exe+29C35 - push edi
   ac_client.exe+29C36 - add esi,ac_client.exe+FC300
   ac_client.exe+29C3C - mov ecx,0000004A
   ac_client.exe+29C41 - lea edi,[esp+10]
   ac_client.exe+29C45 - repe movsd
   ac_client.exe+29C47 - movsw
   ac_client.exe+29C49 - mov edi,[ebp+08]
   ac_client.exe+29C4C - cmp edi,7FFFFFFF
   ac_client.exe+29C52 - jne ac_client.exe+29C67
   ac_client.exe+29C67 - mov esi,[ebx+08]
   ac_client.exe+29C6A - xor eax,eax
   ac_client.exe+29C6C - cmp esi,19
   ac_client.exe+29C6F - mov ecx,edi
   ac_client.exe+29C71 - mov [esp+0C],esi
   ac_client.exe+29C75 - jle ac_client.exe+29C7C
   ac_client.exe+29C7C - cmp esi,32
   ac_client.exe+29C7F - jle ac_client.exe+29C86
   ac_client.exe+29C86 - cmp esi,4B
   ac_client.exe+29C89 - jle ac_client.exe+29C92
   ac_client.exe+29C92 - cmp eax,03
   ac_client.exe+29C95 - ja ac_client.exe+29CDB
   ac_client.exe+29C97 - jmp dword ptr [eax*4+ac_client.exe+29D2C]
   ac_client.exe+29C9E - fild dword ptr [esp+0C]
   ac_client.exe+29CA2 - fmul dword ptr [ac_client.exe+EE3B0]
   ac_client.exe+29CA8 - call ac_client.exe+BA260
      ac_client.exe+BA260 - cmp dword ptr [ac_client.exe+12CB80],00
      ac_client.exe+BA267 - je ac_client.exe+BA296
      ac_client.exe+BA269 - push ebp
      ac_client.exe+BA26A - mov ebp,esp
      ac_client.exe+BA26C - sub esp,08
      ac_client.exe+BA26F - and esp,-08
      ac_client.exe+BA272 - fstp qword ptr [esp]
      ac_client.exe+BA275 - cvttsd2si eax,[esp]
      ac_client.exe+BA27A - leave
      ac_client.exe+BA27B - ret
   ac_client.exe+29CAD - mov ecx,eax
   ac_client.exe+29CAF - jmp ac_client.exe+29CDB
   ac_client.exe+29CDB - imul ecx,edi
   ac_client.exe+29CDE - mov [esp+0C],ecx
   ac_client.exe+29CE2 - fild dword ptr [esp+0C]
   ac_client.exe+29CE6 - fld dword ptr [ac_client.exe+EE2B4]
   ac_client.exe+29CEC - fmul st(1),st(0)
   ac_client.exe+29CEE - fxch st(1)
   ac_client.exe+29CF0 - call ac_client.exe+BA260
      ac_client.exe+BA260 - cmp dword ptr [ac_client.exe+12CB80],00
      ac_client.exe+BA267 - je ac_client.exe+BA296
      ac_client.exe+BA269 - push ebp
      ac_client.exe+BA26A - mov ebp,esp
      ac_client.exe+BA26C - sub esp,08
      ac_client.exe+BA26F - and esp,-08
      ac_client.exe+BA272 - fstp qword ptr [esp]
      ac_client.exe+BA275 - cvttsd2si eax,[esp]
      ac_client.exe+BA27A - leave
      ac_client.exe+BA27B - ret
   ac_client.exe+29CF5 - mov [esp+0C],eax
   ac_client.exe+29CF9 - fild dword ptr [esp+0C]
   ac_client.exe+29CFD - sub esi,eax
   ac_client.exe+29CFF - movsx eax,word ptr [esp+0000011E]
   ac_client.exe+29D07 - mov [esp+0C],eax
   ac_client.exe+29D0B - mov [ebx+08],esi
   ac_client.exe+29D0E - fild dword ptr [esp+0C]
   ac_client.exe+29D12 - fmulp st(2),st(0)
   ac_client.exe+29D14 - fmul st(1),st(0)
   ac_client.exe+29D16 - fsubrp st(1),st(0)
   ac_client.exe+29D18 - call ac_client.exe+BA260
      ac_client.exe+BA260 - cmp dword ptr [ac_client.exe+12CB80],00
      ac_client.exe+BA267 - je ac_client.exe+BA296
      ac_client.exe+BA269 - push ebp
      ac_client.exe+BA26A - mov ebp,esp
      ac_client.exe+BA26C - sub esp,08
      ac_client.exe+BA26F - and esp,-08
      ac_client.exe+BA272 - fstp qword ptr [esp]
      ac_client.exe+BA275 - cvttsd2si eax,[esp]
      ac_client.exe+BA27A - leave
      ac_client.exe+BA27B - ret
   ac_client.exe+29D1D - sub edi,eax
   ac_client.exe+29D1F - sub [ebx+04],edi  <<<=== right here is where another 4 is added to your pointer when it is used.
   ac_client.exe+29D22 - mov eax,edi
   ac_client.exe+29D24 - pop edi
   ac_client.exe+29D25 - pop esi
   ac_client.exe+29D26 - mov esp,ebp
   ac_client.exe+29D28 - pop ebp
   ac_client.exe+29D29 - ret 0004
Back to top
View user's profile Send private message
wndnfkdj42
Newbie cheater
Reputation: 0

Joined: 18 Aug 2022
Posts: 13

PostPosted: Sat Aug 20, 2022 6:19 pm    Post subject: Reply with quote

I've been thinking about it for a lot of time, but I still don't understand what you're talking about.

But, as you said, I set the offset value to 200 and scanned it, and the correct value came out.

How did you find out that offset?

And if you do Find out what writes to this address, if you set the offset value to 04, it will be a pointer scan, but if you do not, it will not be a pointer scan if you set the offset value to 04. Why is it like this?
I don't know the reason for a long time...

youtu.be/Xl9_7btkCjo
Back to top
View user's profile Send private message
sbryzl
Master Cheater
Reputation: 6

Joined: 25 Jul 2016
Posts: 252

PostPosted: Sat Aug 20, 2022 8:37 pm    Post subject: Reply with quote

I think you would need a better understanding of assembly language and learn how to debug and trace programs in reverse. Until then trust that there are a bunch of operations happening to pointers and values before before they get to the point of access so you can't take anything for granted based on a single operation.
Back to top
View user's profile Send private message
wndnfkdj42
Newbie cheater
Reputation: 0

Joined: 18 Aug 2022
Posts: 13

PostPosted: Sat Aug 20, 2022 9:23 pm    Post subject: Reply with quote

I think so, too. I'm really sorry, but could you tell me? Do you have a book about assembly language and learning how to debug and trace programs in reverse? Or do you have a guide? Where can I learn this?
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Discussions All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites