 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Corgano
How do I cheat?
![]() Reputation: 0
Joined: 19 Nov 2010
Posts: 9
|
 Posted: Tue Jun 16, 2015 11:58 am Post subject: How to find where a range of values starts |
 |
|
For a game I'm trying to hack, I found a section of memory where I have a target value every n*4*hex(A4)th memory value, so I wrote a script to change the values for me. However each time I start the game, it changes where this block of data is. It seems to have varied from 0F000000 to 1C000000.
What kind of scan technique do I use to find out where this blocks starts (and ends) by scanning the memory? there must be a pointer somewhere telling the game where this block of code is, but how do I find it?
|
|
| Back to top |
|
 |
Zanzer
I post too much
![]() Reputation: 126
Joined: 09 Jun 2013
Posts: 3278
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Jun 16, 2015 5:49 pm Post subject: Re: How to find where a range of values starts |
|
|
| Corgano wrote: | | there must be a pointer somewhere telling the game where this block of code is, but how do I find it? |
Add the first entry of this array to your cheat table, right click on it->pointer scan for this address.
Or you could do as explained in step 6 of the tutorial (cheat engine main window->help->cheat engine tutorial), but you're less likely to find what you want than with the pointer scanner.
| Corgano wrote: | | I found a section of memory where I have a target value every n*4*hex(A4)th memory value |
How do you know it's n*4*A4 and not n*0x290 ? 'Coz if it's by looking at some assembly code, there might be a sanity check a bit above to ensure we don't go past the end of the array.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
Corgano
How do I cheat?
![]() Reputation: 0
Joined: 19 Nov 2010
Posts: 9
|
| Posted: Wed Jun 17, 2015 10:32 am Post subject: Re: How to find where a range of values starts |
|
|
| Gniarf wrote: | | How do you know it's n*4*A4 and not n*0x290 ? . |
4*a4 == 0290, so there is literally no difference.
As for finding the pointer that points to the start of the array, that might be difficult, because I don;t know where the start of the array exactly is...
The game I'm working on is Zuma revenge, and the array represents the powerups of the balls on the screen, Usually I find one ball via scan for normal ball (14) then scan for changed value when it becomes powerup (less than 14) then scan for norma ball when it becomes normal (14). This will usually give me a few values and I can find the one that's a ball.
Every other ball is offset from it by 0290, and from that I can usually find a range that includes most balls by looking at the memory and trying to guess where the balls start / stop based on changes to the pattern in the values. Another thing is this memory region seems to act as a stack, where as balls are destroyed the same memory slot is used for a new ball created, as such the first address is not necessarily the first ball. This makes knowing for sure I have the "first" address difficult.
How exactly does array scanning work? Can I tell it to look for multiple value a that are b addresses apart?
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Wed Jun 17, 2015 2:42 pm Post subject: Re: How to find where a range of values starts |
|
|
| Corgano wrote: | | Gniarf wrote: | | How do you know it's n*4*A4 and not n*0x290 ? . |
4*a4 == 0290, so there is literally no difference. |
What matters is not the end result, but why you chose to express it as 4*something instead of directly the final result. You didn't write 4* just because it looked pretty, so why?
| Corgano wrote: | | As for finding the pointer that points to the start of the array, that might be difficult, because I don;t know where the start of the array exactly is... |
Once you have one record in your cheat table, find out what writes it and you should have a result like "mov [e??+e??*XXX+YYY], e??". Your array starts at the blue e??, which value should be displayed in the bottom pane of the find out what window. The first ball type is at blue e??+YYY.
If you just get a "mov [e??],e??", or just something unexpected, go to the disassembler and post the highlighted line + the 10 lines above. And just in case also give us the content of the bottom pane of the find out what window.
| Corgano wrote: | | The game I'm working on is Zuma revenge |
Ah, a flash game, forget about finding pointers there, since you'd have to find a pointer that goes through flash's own memory manager.
At best a pointer would look like flash_plugin_dll->flash variable buffer+enormous offset->your variable, but we're not even sure that the enormous offset is constant across restarts. Zanzer's advice: | Zanzer wrote: | Or you can find out what accesses that address.
Setup an injection point and retrieve the dynamic address. |
might be a good choice there, basically write a short assembly code that would store blue e??+YYY somewhere for your perusal.
| Corgano wrote: | | How exactly does array scanning work? Can I tell it to look for multiple value a that are b addresses apart? |
In array of byte scanning, you input a hex string you want to look for, but you can use wildcards.
If you wanted to look for 0x12345678, followed by 4 unknown bytes, then 0xabcdef00, you'd input "78 56 34 12 * * * * 00 ef cd ab". You can use if to scan for you ball array if you know the exact value of 2 consecutive ball ID, but it's not convenient.
Instead try the grouped method and play with its wizard, you should end up with something like "4:a w:b-4 4:a" (assuming your "a" is a 4 byte value). Note that both array of byte mode and grouped mode can only use exact value scans.
_________________
DO NOT PM me if you want help on making/fixing/using a hack. |
|
| Back to top |
|
|
Corgano
How do I cheat?
![]() Reputation: 0
Joined: 19 Nov 2010
Posts: 9
|
| Posted: Wed Jun 17, 2015 5:01 pm Post subject: Re: How to find where a range of values starts |
|
|
Yet to try your other sugestions, but
| Gniarf wrote: | Ah, a flash game, forget about finding pointers there, since you'd have to find a pointer that goes through flash's own memory manager.
|
As far as I know, this is incorrect. I'm working on the download / pc / full version of the game, and I have strong reason to believe it isn't flash. It also uses bass.dll for sound, Which I've used with autoit and seen other programs use but NEVER seen any flash based games use, and none of the pointers or code I've come across reference or suggest flash.
I am going to assume for now that the game is not flash based, and I'll try some of your other suggestions.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
