Cheat Engine

Tum · Cheater Reputation: 0 Joined: 10 Jan 2010 Posts: 28

Hi,

How do i go about finding a player base address please ?

Am searching for memory locations of swtor.
Ive found the x y z of my character, which stay the same with every loadup.
But the player health i cannot find a pointer or anything to it. I can find the player health but it changes everytime i load up the game.

Ive read other posts about finding the player base address, and the the health and many other useful address are playerbase + ?? etc

So what would i need to be searching for to find this playerbase ?

TsTg · Posted: Thu Dec 13, 2012 11:47 am Post subject:

at first you need to find how the game does access the address of the player's health by the assembly code.

play and find the current health address, go to Cheat engine and right click and choose 'Find out what access this address' , this will attach the debugger to the game, now return to the game and move around for a while or loose health.

next, return to cheat engine, you should find a new window with some instructions like: mov [eax+ZZZZ],edx , where the ZZZZ are some offset to the currently health address.

Keep tracing it till you find the nearest address to it.

Tum · Cheater Reputation: 0 Joined: 10 Jan 2010 Posts: 28

Thanks for your reply.

Ye i know that. Thats just finding the pointers. But there is no static pointer on swtor. Its something to do with finding the player base or id or something. Ive been trying to look at the assembly now to see if i can figure it out.

TsTg · Posted: Fri Dec 14, 2012 10:38 pm Post subject:

There's nothing is called "there is no static pointer", then how would the game smartly get it every time to access the health object?

the whole thing is that some games uses more than one refrence to the address(multi-level pointer), and some of them uses offsets which are NOT directly added to the assembly instruction found by the 'Find out what access/writes.....' option in CE,....let me clear this out:

mov dword [eax+2F0],ecx <--- this is direct offset addition(and lets say the static address is expressed in EAX and never change).

this one is the same but done in more than one step(makes reversing abit harder), also, the instructions can be very far from each other(that makes it more complex for hackers).

mov edx,[esp+8] <-- you might ask (who writes the value to [esp+8] ??)
mov eax,[edx] <-- First level pointer
add eax,200 <-- Indirect offset addition here (Second level pointer)
mov [eax+F0],ecx <-- The third level here, where 200 + F0 = 2F0 .

so the last two lines are equvalent to the line of the first example, so to find the address its better to use 'Value between' search, it works Smile

.

and if you tried to 'Find out what writes/access....' on the [ESP+8] address, you will get tons of addresses(because this is a stack address and used by almost all game modules), so don't try it.