 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
H4x0rBattie
Advanced Cheater
 Reputation: 0
Joined: 10 Nov 2016
Posts: 58
|
 Posted: Mon Nov 21, 2016 8:57 pm Post subject: How often your multi-level pointer works after an update? |
 |
|
Say you found a pointer path with a static address, a level 6.
Then your game gets updated, how often your pointer path was still a valid?
_________________
|
|
| Back to top |
|
 |
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Tue Nov 22, 2016 2:50 am Post subject: |
|
|
The offsets don't usually change with one update but yeah the base is lost(changed). Its too random to tell really, depends on the update type.
_________________
|
|
| Back to top |
|
|
mgr.inz.Player
I post too much
 Reputation: 222
Joined: 07 Nov 2008
Posts: 4438
Location: W kraju nad Wisla. UTC+01:00
|
| Posted: Tue Nov 22, 2016 6:02 am Post subject: |
|
|
If you found stable pointer (many pointer list rescans), you can try to find base address in the game code.
There are high chances that there will be function which accesses it.
for example you have this pointer:
[[[[[[game.exe+XXXX]+40]+190]+6A4]+68]+5DC]+1BC
1 Open memory viewer. From menu select "search -> find assembly code"
2 now type in your input.
[game.exe+XXXX]
or if nothing found try without brackets:
game.exe+XXXX
3 set range
from:
game.exe
To:
{leave default, ffffffff or ffffffffffffffff}
click scan.
Of course, if your pointer base address is modulename.dll, just use this module instead of game main process.
If nothing found set "from" to 10000 and try again.
If you your target process is 32bit you can try simple memory scan.
Convert address from modulename+moduleoffset to simple hex value. You can execute this Lua code to do that:
print(string.format('%08X',getAddress('modulename+moduleoffset')))
value type 4byte, hex checked, writable grayed, fast scan unchecked.
If you found something, right click first entry and select 'disassemble this memory region.'
That way you can find assembly code which accesses the base address. With small AA script you can add this base address to registered symbols list. Be sure you are using aobscan with wisely created signature with wildcards.
then in the addresslist you can use pointer like this one
[[[[[[pointerBase]+40]+190]+6A4]+68]+5DC]+1BC
or
[[[[[[pointerBase+adjustment]+40]+190]+6A4]+68]+5DC]+1BC
Also what STN said is true. After game update you can try to find new pointer. Just start new pointer scan and use "pointer must end with specific offsets". Enable this feature, type in last offset, click add, type in penultimate offset, ...
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
