Cheat Engine

TDS · How do I cheat? Reputation: 0 Joined: 30 Dec 2005 Posts: 2

Allright, I'm about fed up with this, lol

The game is Neverwinter nights

I can find the location and value of what I want to modify, no problem

I'll get something like:
esi + 68 where ESI = 0ABBC050

so I make a pointer with the values 0ABBC050 and offset 68

OR

If I do 4 byte search for ABBC050, I get another address, 086BEA8C, no real clue to go from there either

now there's where the problem starts, I dont know where to go from there, I know this game uses more than one "level" of pointer since the code is the same as KOTOR2 that dark has allready done, and it has 5(!) levels to it.

which step is correct and where do I continue my way? how do I know when its done?

Dark Byte · Posted: Sat Dec 31, 2005 8:16 am Post subject:

You do a 4 byte scan for the value fo esi (0ABBC050 )
and use the results you get as base pointer. (with offset 6 Cool

then you find out what accesses those results.
e.g [eax+12] and eax=00880014
then do a scan for 00880014, and use that for the 2 level result
base address the address you just found and offsets 12 and 68 (from bottom to top)

Also, when you get as result a green address I highly recomend using that. Green means static, so you dont have to scan any deeper (but you sometimes might want to if you want to be more detailed)

Zhoul · Posted: Sat Dec 31, 2005 8:45 am Post subject:

First: Always remember! There are at least 30-50 ways to 'find pointer paths'. There are countless ways to actually create your own pointers as well.

That said, this post shows how your suggested way of finding pointer paths, quickly breaks down. It also offers another solution to finding pointer paths, which can take much less time *and* is much less confusing (especially when dealing with 5+ deep pointer paths).
http://forum.cheatengine.org/viewtopic.php?p=27398#27398

Essentially, in your example:
I'll get something like:
esi + 68 where ESI = 0ABBC050

What if ESI were modified in some way, prior to being used? I.e.
add esi, 08
(other code lines)
esi + 68 where ESI = 0ABBC050

In this case, the method you're using breaks at this level. If it's 5 levels deep, you have 6 chances for the method to break.

Of course, there's always more then 1 way to skin a cat. This post shows how to create your own pointer, using code that accesses the value(s).
http://forum.cheatengine.org/viewtopic.php?t=4606&start=0&postdays=0&postorder=asc&highlight=

Check out the auto-assemble tutorials as well.
http://forum.cheatengine.org/viewforum.php?f=15&sid=64b13ff51f491c01d1c276af72569807

I dont think there is one specifically that writes or creates pointer paths, but you can take the knowledge gained there and re-form it to suit your needs.

TDS · How do I cheat? Reputation: 0 Joined: 30 Dec 2005 Posts: 2

Thanks folks, time for round 2!

When I try to "find out what access" this pointer, I get nothing after modifying the value ingame, now I know that isnt right because if I restart nwn the pointer I need changes.

BUT, if I find out what access the address I found with my search, I get a whole bunch of them, I'm assuming I take the first one of those, and continue this process until I get a green one, then point that to my original address?

Zhoul · Posted: Sun Jan 01, 2006 8:30 am Post subject:

urzo · Newbie cheater Reputation: 0 Joined: 08 Jan 2006 Posts: 15

urzo · Newbie cheater Reputation: 0 Joined: 08 Jan 2006 Posts: 15