Cheat Engine

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

Hey everyone,

I'm trying to get an Array of Bots/Computer Player that are currently on the Map.
I can find Bot1, and can modify all his stuff (xyz...), but once he dies and respawns, all memory adresses are invalid again.

What can I do to always get the right adress ?

Somewhere in memory there gotta maybe be an List of Pointer that points to the beginning of an player array, how can I find that ?

How do I read dynamic arrays from memory at all ?

Game is UT2004.

Any help is appreciated Smile

~penpenpen

Dark Byte · Posted: Wed Oct 01, 2014 6:22 pm Post subject:

You might be better off doing a code injection at a routine that accesses the character class object and store that in your own allocated array

e.g in ut2004 you want to get a list of all the Pawn objects
And if you wish all currently visible pawn objects hook RenderPawn

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

Thanks for the reply.
I'm pretty new to this, so It'd be great if you could clarify / point me in the right direction.

Can cheat engine help me here ?
How do I locate "RenderPawn" (Ollydbg?) ?
Will I need to write a DLL that uses some ingame functionality ?
If I find Renderpawn, how do I hook onto it to receive a List of all available objects ?

Dark Byte · Posted: Thu Oct 02, 2014 6:29 am Post subject:

check the symbollist in cheat engine and search for Pawn and Render together (could also be APawn::Render, I kinda forgot the exact name)

once you've found renderpawn at the entry of the function ECX contains a pointer to the Pawn object. Save those pointers
Then when you have a few dissect those structures with data dissect and find the offset that describes their coordinates

you could write a dll for this if you like (it's easier if you like to do math and memory management, but also for calling ingame functions. E.g asking where the headbone is of a pawn is a popular thing, or asking if it's in line of sight and not blocked by anything else)

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

Thanks

There is no RenderPawn function(at least I couldnt find one).

But I found a Function called:

Dark Byte · Posted: Thu Oct 02, 2014 9:55 am Post subject:

check the autoassembler template scripts
do a code injection there and save ecx into a list you allocated (after checking it isn't already in)
I recommend writing a dll i delphi, inject it (e. g. injectdll(pathtodll)) and in your injected routine call a function in the dll to store it
e. g.
exported delphi function:

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

It took me a while to get this all working Smile

. I'm not that experienced with memory processing and assembler.

Now I have a new problem.

First of all. The DLL injecting and getting the adresses works great (You're just a genius Smile

). But I cant seem to read a valid float Value from Memory.

I had no better Idea so I tried all Kinds of datatypes, to maybe get something usefull.

It seems like the Float the game generates is 3 Bytes Long. How Can I get a Valid Float out of that.

Dark Byte · Posted: Fri Oct 03, 2014 2:02 pm Post subject:

you're not setting e which is what you need (it's a single)

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

Dark Byte · Posted: Fri Oct 03, 2014 2:37 pm Post subject:

i'm not really sure what you mean with that. Are you trying to manually read an array of hexadecimal bytes and convert them to an float ?

it is a single (ce float) as you saw with the structure dissecting. it's not something special.

in case you're wondering, horizontal rotation is a 2 byte value (implemented as 4 but just handle it as 2) that ranges from 0 to 65535. where 65536 (0 in 2 byte) is a full 360

Also, here's a link you might find interesting, especially since you're also using delphi: http://forum.cheatengine.org/download.php?id=37465 (it's pretty old code but should contain some useful info)

penpenpen · Cheater Reputation: 0 Joined: 23 Feb 2014 Posts: 39

darkangel88_de · Posted: Wed Sep 08, 2021 8:12 am Post subject: always changing addresses

always changing addresses

hello guys.

i don't know if this is the right thread or if my problem
has already been discussed in a different place.

i have a problem with the pointer scanner.
...here is a instruction from another user:

"Try your luck with the default pointer scan.

Right-click the address and click Pointer scan for this address.
Click OK to accept the default settings, or you may want to boost the Max level to 5.
Once it's done searching, reload the game and reattach Cheat Engine.
In the Pointer scan window, select Pointer scanner > Rescan memory.
Enter the new Address to find.
Hopefully there are still some results. Add one of those to your table.

If you ever load a game and the pointer you grabbed doesn't work, reload the saved scan and pick a different value.
Unless, of course, the game updated and made every pointer invalid."

i' m trying this right now - with the pointer scanner - but i have no success.
can someone possibly re-word this - or attach pictures - or make a video?

the address i' m looking for is always a different one....
what can i do?
4-bytes did not work.
only double had brought something
but i would have to re-search every Time again...

for a bit more info's, look at:

fearlessrevolution . com/viewtopic.php?f=4&t=661&start=120

page 9, comments by "DarkAngel88_ger"

THX

LeFiXER · Posted: Wed Sep 08, 2021 9:45 am Post subject:

darkangel88_de · Posted: Fri Sep 10, 2021 4:39 am Post subject: