| View previous topic :: View next topic |
| Author |
Message |
Creepz
Newbie cheater
![]() Reputation: 0
Joined: 24 Apr 2015
Posts: 18
|
 Posted: Fri Dec 18, 2015 2:00 pm Post subject: Pointer problem for Mad Max |
 |
|
First thing first I know there are plenty of trainers/tables of Mad Max but I like to find stuff myself as I can learn how to use Cheat Engine more.
Ok so my problem is I can't find any type of pointers at all.
I find the address for scrap metal which gives me about 11 in the end.
I then try each one to see if 1 changes in the game. I find it.
See picture 1.
Here is the problem, when I access that address 1 pops up only & when I try to make a purchase or something nothing else pops up so I end up searching the one in the screenshot which is 95D4AB68 & I always always get no results when I search it in hex 4byte.
See picture 2
Is there a step I am missing if so can someone tell me please.
Btw I am running CE through VEH debugger because that's the only one that attaches to Mad Max without crashing.
| Description: |
|
| Filesize: |
530.8 KB |
| Viewed: |
14935 Time(s) |
|
| Description: |
|
| Filesize: |
23.95 KB |
| Viewed: |
14935 Time(s) |
|
|
|
| Back to top |
|
 |
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Dec 18, 2015 3:13 pm Post subject: |
|
|
It is 64bit game.
1. Use ranges. If address you found is 95D4AB74, try this:
- Value Type: 8 Bytes (so qword)
- Hex
- Value between 95D49B74 and 95D4BB74
(as you see, I subtracted/added 0x1000)
2. If nothing found, you can try pointerscanner.
Note: CE6.4 has a bug. Pointers for 64bit targets not always work.
here is workaround, place this script in text file (with .lua file extension) in autorun folder:
| Code: | fix64bitPointerString = [[
// only for 64bit CE6.4 from 26 VI 2014
define(address1,cheatengine-x86_64.exe+957AC)
define(bytes1,89 45 C0 EB 2B)
define(address2,cheatengine-x86_64.exe+95944)
define(bytes2,8B 45 C0 48 89 45 A8)
alloc(newmem,64,cheatengine-x86_64.exe)
label(part2)
label(return2)
assert(address1,bytes1)
assert(address2,bytes2)
newmem:
mov [rbp-40],rax
jmp cheatengine-x86_64.exe+957DC
part2:
mov rax,[rbp-40]
mov [rbp-58],rax
jmp return2
address1:
jmp newmem
address2:
jmp part2
nop
nop
return2:
]]
autoAssemble(fix64bitPointerString,true) |
_________________
|
|
| Back to top |
|
|
Creepz
Newbie cheater
![]() Reputation: 0
Joined: 24 Apr 2015
Posts: 18
|
| Posted: Fri Dec 18, 2015 3:24 pm Post subject: |
|
|
| mgr.inz.Player wrote: | It is 64bit game.
1. Use ranges. If address you found is 95D4AB74, try this:
- Value Type: 8 Bytes (so qword)
- Hex
- Value between 95D49B74 and 95D4BB74
(as you see, I subtracted/added 0x1000)
|
I did not even realize I would have to do 8byte for different types of games I'll study more on that.
So I did what you told me & I ended up with 2 results & both aren't green so I'm guessing I have to go another step but I forgot what to do next do I have to find what "accesses" or what "writes" to the address?
Edit: I did both access & write to both addresses & both gave me nothing else to search for so I will now do the next thing you told me which is searching for pointer scan
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Fri Dec 18, 2015 3:40 pm Post subject: |
|
|
| Quote: | | So I did what you told me & I ended up with 2 results |
Take the first one and do the same operation (value between), repeat until you find green address
Take the second one and do the same operation (value between), repeat until you find green address.
(note: you can do "find out what accesses this address" for those two addresses to get one before last offset, only if something accesses those)
There's a catch. When you go deeper and deeper, you will find more and more addresses.
Pointerscanner just do above operations automatically. And it has more options and features.
For example, you can define last offset, which probably is "C". Because "[rcx+0C]".
(you can set one before last offset too, and so on)
_________________
|
|
| Back to top |
|
|
Creepz
Newbie cheater
![]() Reputation: 0
Joined: 24 Apr 2015
Posts: 18
|
| Posted: Fri Dec 18, 2015 6:44 pm Post subject: |
|
|
| mgr.inz.Player wrote: | There's a catch. When you go deeper and deeper, you will find more and more addresses.
Pointerscanner just do above operations automatically. And it has more options and features.
For example, you can define last offset, which probably is "C". Because "[rcx+0C]".
(you can set one before last offset too, and so on) |
You were right there were just way to many addresses to search.
I tried the pointerscanner but like always I get 0 results are my settings correct? I also made the script you gave me & placed it in the autoassemble folder.
See attachment.
One more thing does it matter which CE I use because I seen there is a CE, CEx64, CEx86. My pc is 64bit idk if that helps.
| Description: |
|
| Filesize: |
20.14 KB |
| Viewed: |
14883 Time(s) |
|
| Description: |
|
| Filesize: |
18.54 KB |
| Viewed: |
14883 Time(s) |
|
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Dec 19, 2015 9:08 am Post subject: |
|
|
The script above should fix some issues when using multilevel pointers when working with 64bit targets.
For example, readInteger("[[module+moduleoffset]+offset1]+offset2") can fail when working without above fix.
Multilevel pointers added to the addresslist (table entries, memoryrecords) work without problem.
The script I gave you is only for 64bit CE6.4 from 26 VI 2014 (right click exe, and check signature timestamp, example: https://www.digicert.com/images/code-signing/windows-verify-signature.png)
About you other issues, try bigger max offset like 8192. Also, you have to wait to the very end when using pointerscanner.
_________________
|
|
| Back to top |
|
|
Creepz
Newbie cheater
![]() Reputation: 0
Joined: 24 Apr 2015
Posts: 18
|
| Posted: Sat Dec 19, 2015 2:06 pm Post subject: |
|
|
| mgr.inz.Player wrote: | The script above should fix some issues when using multilevel pointers when working with 64bit targets.
For example, readInteger("[[module+moduleoffset]+offset1]+offset2") can fail when working without above fix.
Multilevel pointers added to the addresslist (table entries, memoryrecords) work without problem.
The script I gave you is only for 64bit CE6.4 from 26 VI 2014 (right click exe, and check signature timestamp, example:
About you other issues, try bigger max offset like 8192. Also, you have to wait to the very end when using pointerscanner. |
There is something wrong but I don't know what it is.
Let me explain exactly what I do because I don't know what I'm doing wrong.
1. Find address for scrap metal (97113DF4)
2. I click on 'Pointer scan for this address"
3. Once I am in the pointerscanner settings I leave everything the same with max offset of 18432. Only thing I would change is the levels which I made the levels from 1-13 & ALL give me no results.
Btw when I see what accesses the address of scrap metal I get 1 result immediatly without me changing anything in game. For example in other games I would hit & see if something shows up but with this game nothing happens when I hit.
Can it be that I have CE & Mad Max installed on my 2nd hard drive (F drive) instead of the main hard drive (C drive)?
| Description: |
|
| Filesize: |
654.77 KB |
| Viewed: |
14801 Time(s) |
|
| Description: |
|
| Filesize: |
311.24 KB |
| Viewed: |
14800 Time(s) |
|
| Description: |
|
| Filesize: |
303.13 KB |
| Viewed: |
14800 Time(s) |
|
| Description: |
|
| Filesize: |
6.71 KB |
| Viewed: |
14800 Time(s) |
|
| Description: |
|
| Filesize: |
472.14 KB |
| Viewed: |
14800 Time(s) |
|
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Dec 19, 2015 2:14 pm Post subject: |
|
|
| Creepz739 wrote: | | Once I am in the pointerscanner settings I leave everything the same with max offset of 18432. Only thing I would change is the levels which I made the levels from 1-13 & ALL give me no results. |
Which checkboxes you checked in "cheat engine settings --> Extra"
Perhaps you have some settings that are interfering (e.g kernelmode).
If you need it, launch another CE instance, go to settings and disable kernelmode stuff, open game process, do the pointerscan.
_________________
|
|
| Back to top |
|
|
Creepz
Newbie cheater
![]() Reputation: 0
Joined: 24 Apr 2015
Posts: 18
|
| Posted: Sat Dec 19, 2015 2:17 pm Post subject: |
|
|
| mgr.inz.Player wrote: | | Creepz739 wrote: | | Once I am in the pointerscanner settings I leave everything the same with max offset of 18432. Only thing I would change is the levels which I made the levels from 1-13 & ALL give me no results. |
Which checkboxes you checked in "cheat engine settings --> Extra"
Perhaps you have some settings that are interfering (e.g kernelmode). |
I have nothing checked & there are my debugger settings aswell.
| Description: |
|
| Filesize: |
22.05 KB |
| Viewed: |
14787 Time(s) |
|
| Description: |
|
| Filesize: |
13.75 KB |
| Viewed: |
14792 Time(s) |
|
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Dec 19, 2015 3:05 pm Post subject: |
|
|
Can you try pointerscanner on different game. Any.
_________________
|
|
| Back to top |
|
|
Creepz
Newbie cheater
![]() Reputation: 0
Joined: 24 Apr 2015
Posts: 18
|
| Posted: Sat Dec 19, 2015 7:00 pm Post subject: |
|
|
| mgr.inz.Player wrote: | | Can you try pointerscanner on different game. Any. |
Recently no I haven't tested pointerscanner on any other game but I did use it with CE Tutorial & it worked fine.
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Sat Dec 19, 2015 7:50 pm Post subject: |
|
|
Test it on any singleplayer game you have.
Also, try unchecking "Compressed pointerscan file" in "Pointerscanner scanoptions".
(I don't have more ideas what else can cause your problems)
_________________
|
|
| Back to top |
|
|
Creepz
Newbie cheater
![]() Reputation: 0
Joined: 24 Apr 2015
Posts: 18
|
| Posted: Wed Dec 23, 2015 1:43 pm Post subject: |
|
|
| mgr.inz.Player wrote: | Test it on any singleplayer game you have.
Also, try unchecking "Compressed pointerscan file" in "Pointerscanner scanoptions".
(I don't have more ideas what else can cause your problems) |
I tried with the same game except this time I tried it with a certain time. I found the address for it & when I tried to use the pointerscanner it worded & it gave me tons of results so that means it works but just not for Scrap Metal idk why.
Btw is there anyway of knowing how many levels a pointer is in? For example when I do pointerscanner idk what level I should start with.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
