Cheat Engine

Codcat · Last edited by Codcat on Sat Jan 25, 2014 1:57 am; edited 1 time in total

I'm having a lot of trouble trying to find some pointers in X3: Albion Prelude.

It seems any memory address in game that is not 32bit aligned is impossible to find a pointer for. For example I can easily locate the dynamic address for my ships shield capacity "3C21A9B3" but am unable to locate anything pointing to it via the pointer finder or manual method.

Doing a "Find what writes to this address" always returns this opcode:
004A42A6 - 89 56 01 - mov [esi+01],edx

Below is a copy paste.

++METHOS · Posted: Thu Jan 23, 2014 12:34 am Post subject:

Use injection. I posted a table here as an example. If other addresses are being accessed by that instruction, you will need to filter them out in your script.

Dark Byte · Posted: Thu Jan 23, 2014 6:28 am Post subject:

Don't forget to disable fastscan when on a game with unaligned addresses

Codcat · Posted: Thu Jan 23, 2014 7:41 am Post subject:

Thank you for the replies. Yes I've disabled fast scan, I tried using code injection as well but I never see the ESI register point to the address I need. I used Dissect data/structures tool to try and find something to filter on but was unsuccessful. It may just not be possible to achieve.

++METHOS · Posted: Thu Jan 23, 2014 12:30 pm Post subject:

Keep digging. Look inside pointer trees...you are bound to find something in the structure to compare with. You can test your compare by creating a script/code cave and having all garbage addresses jmp originalcode, then set a breakpoint on all filtered addresses that you are testing. That way, if you see anything other than your targeted address at ESI (or whichever register), you know whether or not you need to fine-tune your compare.

I'll try grabbing a copy when I have time, and I'll see if I can't help you out with it. Which version are you running?

EDIT:

See example table below for Energy(?) pointer (Skidrow 1.0.0.0):

I haven't tested it much, but it may work with your version of X3AP.exe. As you can see, the targeted address is found for us, allowing us to freeze or alter it as we see fit.

Codcat · Posted: Thu Jan 23, 2014 9:16 pm Post subject:

I'm running the latest Steam version 3.1
X Rebirth was complete rubbish so I went back to X3, Albion Prelude is the latest expansion for the X3 series. I'll take a look at that script when I get a chance, I'm in GMT+8 that's why my replies are late.

If you look at it you'll find that the dissect doesn't work very well on those unaligned addresses, even if you align the address yourself with a address+-offset. I wasn't able to see any pointer trees for them if CE builds it for you.
But if I do the same on addresses I am able to find pointers for(hotkeys labelled), it works very well on those.

I'll attach a table I made that has some working pointers. Some of it I updated from Palimpalim's work from the CE forums here, he also had a lot of difficulty trying to find pointers http://forum.cheatengine.org/viewtopic.php?p=5500891&sid=e1afdaa003f2b98b9b2bb3b36e342f10

Some items I've been unsuccessful in finding pointers for are:
Reputation's
Shield Capacity
Marine Training
Salvage Insurance

I haven't bothered with some of the more generic ones like gold and player stats but the dynamic addresses are easy to find on them.

++METHOS · Posted: Fri Jan 24, 2014 4:29 pm Post subject:

I may have a hard time finding a copy of 3.1.

Could you please tell me what the 100% value of shield is (in hex) for level Terran Commander (or any level that I can check)? It will be quicker for me to find without having to search for it.

Although your injection point for shields is different in my version, I can use the AOB to find the location of the instruction in my version...at the very least, if I can find the shield address in my version, I might be able to find an offset that you can use to compare with in your version, as they should be similar.

Codcat · Posted: Sat Jan 25, 2014 1:53 am Post subject:

++METHOS · Posted: Sat Jan 25, 2014 2:04 am Post subject:

65536000 is hex value?

Codcat · Posted: Sat Jan 25, 2014 2:08 am Post subject:

No it's decimal, I was just looking at it right now in memory viewer actually trying to see if it could be something else. It's a 4byte decimal, float and double just returns a non number and its definitely not text or array of bytes. I watched it tick over from 0% charge to 100% and it incremented from 0 to 65536000. But that's my shield charge, I've been using shield capacity as a test subject to find pointers for.

++METHOS · Posted: Sat Jan 25, 2014 2:16 am Post subject:

Just to be clear, you are trying to find pointers for shield capacity...not shield charge?

I really don't want to take the time to learn this game, so it would be good if you could help me find this value to expedite things. Could you please tell me the hex value of whatever shield value you are wanting to find pointers for? Also, if you right-click on the instruction mov [esi+01],edx, do you see the value there, or do you have to wait until you are hit etc.?

Thanks.

Codcat · Posted: Sat Jan 25, 2014 2:24 am Post subject:

Trying to find shield capacity pointer, not charge.

In the save game I'm working with I am in a ship with a single 25000kJ shield, that shows as 25000 4byte decimal address(dynamic), in HEX that's 61A8 or 'A8610000' shown in your memory viewer.

That instruction 'writes' to that address when you change or equip the shield, as its the capacity value. The dynamic charge address is constantly being written to from the same instruction.

EDIT

If I see what is 'accessing' those dynamic addresses I get this:

004A87B7 - 8B 4F 01 - mov ecx,[edi+01]

++METHOS · Posted: Sat Jan 25, 2014 2:37 am Post subject:

Okay, the shield charge is the bars that decrease when you are hit?

How do you change the shield?

EDIT:

Never mind.

Codcat · Posted: Sat Jan 25, 2014 2:44 am Post subject:

Press escape to bring up side menu, go to 'gameplay' and change show 'Numerical shield/hull display' to Yes.

Otherwise you just get the bars that you see.

and yes the blue bar is your shields, make the above change so you can see what's going on easier.

Shield capacity will only change if you remove your shield or change it to another bigger/smaller type, easiest way for you if you've just started a game is to eject it, it will appear as a crate behind your ship floating in space, your value will then be 0. Before you do that open your ship information window, you can open that from player properties-ship or just click the little green marker below your ship name at the bottom of the screen and go into information.

This is actually quite a complex game and takes a long time to learn it all.

EDIT: Fly into crate to pick it up again, it will automatically reinstall your shield bringing it back to the shield capacity number.

++METHOS · Posted: Sat Jan 25, 2014 2:47 am Post subject:

Got it. Thanks.

I've been awake for nearly 24 hours, so I may not get to this until late tomorrow.