| View previous topic :: View next topic |
| Author |
Message |
Charkel
How do I cheat?
![]() Reputation: 0
Joined: 30 Jan 2021
Posts: 7
|
 Posted: Sun Mar 14, 2021 4:47 am Post subject: What is this CE black magic? |
 |
|
I am a Newbie. Trying to find backpack slot 1 pointer.
I have just started to learn about pointers. Tried pointerscanning for hours with multiple 4 pointermaps but I just get too many pointers linking to same address even on a new save. People said go for the pointers with least offsets so I added them to my list.
SO i found a cheating table on a patreon site. So I bought it thinking Aha! Now I can learn from this what I'm looking for. But, then this happened.. (see code in picture)
Made picture as attachment as I'm not allowed to post pictures with [img] until 16 days... Weird rule but ok.
| Description: |
|
| Filesize: |
24.9 KB |
| Viewed: |
1736 Time(s) |
|
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 473
Joined: 09 May 2003
Posts: 25910
Location: The netherlands
|
| Posted: Sun Mar 14, 2021 8:34 am Post subject: |
|
|
that means that backpack is a pointer to the e0 part
after derefencing it it adds a offset of a48 with a offset of 0
you can also write it as a normal pointer as
offset 1:0
offset 0:a48
base address=backpack
as for how backpack gets it's address is likely based on a code injection where it hooks code that accesses the backpack and then stores that address in an address registered with the name 'backpack'
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Charkel
How do I cheat?
![]() Reputation: 0
Joined: 30 Jan 2021
Posts: 7
|
| Posted: Sun Mar 14, 2021 12:21 pm Post subject: |
|
|
| Dark Byte wrote: | that means that backpack is a pointer to the e0 part
after derefencing it it adds a offset of a48 with a offset of 0
you can also write it as a normal pointer as
offset 1:0
offset 0:a48
base address=backpack
as for how backpack gets it's address is likely based on a code injection where it hooks code that accesses the backpack and then stores that address in an address registered with the name 'backpack' |
Alright so the brackets are just offsets and backpack is a base address collected from somewhere else in the table functions. That was my guess. So that means in this game all backpack slots has the same address with different offsets?
Also I did not find the same pointer apparently
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 473
Joined: 09 May 2003
Posts: 25910
Location: The netherlands
|
| Posted: Sun Mar 14, 2021 12:38 pm Post subject: |
|
|
there are more paths to the same destination
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Charkel
How do I cheat?
![]() Reputation: 0
Joined: 30 Jan 2021
Posts: 7
|
| Posted: Sun Mar 14, 2021 1:13 pm Post subject: |
|
|
| Dark Byte wrote: | | there are more paths to the same destination |
So the 'backpack' must be a variable with the 'base address'?
If that is the case is the variable set around line 49 of the .CT? (all search hits on string 'backpack')
| Code: | Line 49: label(backpack)
Line 51: backpack:
Line 54: mov [backpack], rcx
Line 63: registersymbol(str_back_pack backpack)
Line 135: <Address>[[backpack]+9F8+50]</Address> |
Really sorry for all the stupid questions but I'm thankful for you trying to answer them 
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 473
Joined: 09 May 2003
Posts: 25910
Location: The netherlands
|
| Posted: Sun Mar 14, 2021 2:23 pm Post subject: |
|
|
As I said, it allocates some memory for a variable named backpack
then tells CE where to find that memory by name name of 'backpack'
it does a code injection somewhere where rcx contains the address of the backpack or something related top the backpack and then stores rcx into that address it allocated
that way the addresslist can figure out what the address is
_________________
Tools give you results. Knowledge gives you control.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 154
Joined: 06 Jul 2014
Posts: 4754
|
| Posted: Sun Mar 14, 2021 4:04 pm Post subject: |
|
|
A "base address" is just where a pointer path starts. Sometimes it's a static stored in a module (exe/dll), sometimes it's some other symbol. backpack is a user-registered symbol.
Both your and the other author's pointer paths end up in the same place; it's just that the other author's path starts half way into yours.
| Code: | Your path:
0
A48
E0
0
game.exe+1234ABC
"[[[[game.exe+1234ABC]+0]+E0]+A48]+0"
Other path:
0
A48
backpack
"[[backpack]+A48]+0" |
The "+0" in pointer path strings is unnecessary.
Notice how "backpack" is basically substituted for "[[game.exe+1234ABC]+0]+E0".
As for where the symbol backpack comes from...
| Quote: | | Code: | Line 49: label(backpack)
Line 51: backpack:
Line 54: mov [backpack], rcx
Line 63: registersymbol(str_back_pack backpack) |
|
I'm assuming lines 49-63 are all in the same AA script.
Line 49 doesn't do much. It just declares the string "backpack" will come up later as a symbol in the script.
Line 63 registers the symbol "backpack" (along with some other symbol) so that it can be used outside the AA script- i.e. in the address list.
Lines 51 and 52 probably initialize the symbol backpack, giving it a memory address and an initial value (probably 0).
Line 54 is what actually gives backpack a meaningful value. When the game eventually decides to execute the code at the injection point, the instruction "mov [backpack],rcx" will move an address into backpack.
Look up "injection copy" for more information.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
