Cheat Engine

[Paprikaskrumpli]

Some things to know, I'll try to keep this short:

-I frequently use this technique, with success most of the time (I find results)
-When I get no results, I increase the structure size and level gradually (Usually is solves the "no result" problem)
-I always can find the correct value I'm looking for (before the pointer scan, I'm 100% sure It is the same value I've found before restarting the game)

Problem:
I've come across some values that I don't seem to find pointer paths to, even with high settings like: 8192 structure size, 9/10 level, and 3 limited offsets per node (rest are default)

Questions:
1) Is scanning with multiple pointermaps reliable, or

should I do it like this:
-pointer scan to a value
-get 100K-Couple Million of results
-restart game, find value, rescan memory, and gradually decrease the
number of results

or, both of them (I usually get less results with multiple pointer maps, and then start manually rescan memory, with the above technique)

2) What setting would you recommend for sneaky pointerpaths?

3) What setting would you recommend in general?

4) Is there a way to determine which module (dll/exe) a value is located
before a pointer scan (In order to find It more easily after a restart, or
limit the pointer scan to a given dll/exe?

5) What is "Lowest known path: " in the pointerscan window?

6) What is "Time spent writing" in the same window?

7) What is "Unique pointervalues in target" in the same window?

8) When I do "Pointer scan for this address", does CE do something like a "manual pointer scan"? What I mean by that is this:
-Find the value you are looking for
-Find out what accesses this address
-Subtract offset from address
-What points to a new address
-Repeat same process to these pointers

I'd like to learn as much as I can, so send me wall of texts please :D!

[Dark Byte]

some values can not be found as they use variable unsexes instead of pointers (e.g maps, lists, arrays)

as for the questions:
1: yes
it's recommended to use the smallest map as base and the others as compare maps. It's doing a rescan for every result on each compare map, so only those that match all maps are left and get written to disk saving a lot of time writing to disk and reading it out later on rescans

2: offset 10000 level 10 max node of 3 or 2

3: offset 3128 level 7 max node 3 or 4

4: doesn't matter one bit. The base address is the last thing looked at when doing a pointerscan

5: Just some debug info that can give a slight idea of how long it may take. If all the fields contain the maximum offset you're at the end. Of course, many fields will be skipped as not every address os a pointer or what's currently looked for. But at least it's something tonshow it's 'doing something'

6: to show you how much time you have wasted by not using pointermaps

7: the number of unique pointers in the pointermap. The lower the shorter the scan will likely take (less branches to follow)

8: no for the debugging. that is up to you. (too many things can branch of there)
but you can input information like :ends with offsets and fill in what you found. it will speed up the scan as it will have less levels to go through

[Paprikaskrumpli]

[Dark Byte]

still on my phone so there are typos

"variable indexes "

e.g an array of objects may get their order randomized due to harddiskspeed and threading.
the pointerscan does not handle indexes into arrays only pointers to objects

[Paprikaskrumpli]

[Dark Byte]

yes, it's likely an indexed variable

Look up in the code how that register got the value it is. Likely therer's a lea, or a add reg,xxx based on an index value that offsets the final address to the object

[Paprikaskrumpli]