Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Pointer is always fail to point to correct address

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
bshi02
Newbie cheater
Reputation: 0

Joined: 08 Apr 2020
Posts: 17

PostPosted: Wed Mar 15, 2023 7:56 pm    Post subject: Pointer is always fail to point to correct address Reply with quote

I found health address for 64bit game, and When I did pointer scan for this health address, I found that there is more than a hundred thousand address of pointer.
But After exiting and relaunching game,It seems that Among a hundred thousand pointer, there is absolutely no pointer which point to correct health address at all .
all of them displays ?? question marks or point to peculiar address where is very far from correct address.
Is there any way to get correct address even though all of the pointer, which I have found, always point to incorrect address as soon as I relaunching game?


Last edited by bshi02 on Sun Mar 19, 2023 7:00 pm; edited 1 time in total
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 468

Joined: 09 May 2003
Posts: 25709
Location: The netherlands

PostPosted: Thu Mar 16, 2023 12:33 am    Post subject: Reply with quote

Increase level and max offset size

also, never stop the pointerscan

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
bshi02
Newbie cheater
Reputation: 0

Joined: 08 Apr 2020
Posts: 17

PostPosted: Thu Mar 16, 2023 5:24 am    Post subject: Reply with quote

Dark Byte wrote:
Increase level and max offset size

also, never stop the pointerscan

I set level 9 and max offset size to 8192 for pointer scan and Now It is already past 5 hours but it seems pointer scan is far from over...
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 468

Joined: 09 May 2003
Posts: 25709
Location: The netherlands

PostPosted: Thu Mar 16, 2023 6:52 am    Post subject: Reply with quote

try level 8 first

And in the first post scan (assuming level 7) did you stop it or was that the full run? If you stopped it, try again

also, use pointermaps else a lot of time will be spend on writing invalid results to disk

_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu Mar 16, 2023 12:52 pm    Post subject: Reply with quote

You can also try to capture the address using injection, if you get tired of messing around with pointers.
Back to top
View user's profile Send private message
bshi02
Newbie cheater
Reputation: 0

Joined: 08 Apr 2020
Posts: 17

PostPosted: Thu Mar 16, 2023 7:45 pm    Post subject: Reply with quote

++METHOS wrote:
You can also try to capture the address using injection, if you get tired of messing around with pointers.

I try to pointer scan for 10 hours and It used up 200GB which is my last available space for hard drive, and in spite of my efforts,I also failed to locate a pointer which must point to correct health address... Sad

By the way,How can I capture the address using injection in order to locate point address which point to correct health address?
Is there any tutorial for this "capture the address using injection"?
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Thu Mar 16, 2023 11:38 pm    Post subject: Reply with quote

Probably, there are many text and video tutorials for this. I have probably written one several times on this forum.

1. Once you have found your health address, you will add it to your cheat table and right-click on it to check to see what is accessing it.

2. A window should pop up and a list of instructions should populate the list. From here, you can right-click in the empty white area of the new window and check to see if the instructions are accessing any other addresses. You will see a number show up for each entry, ranging from 1 to 8. If you see any entries that are 'constantly' accessing health, and are only accessing (1) address, then you can use that instruction for your injection point, to permanently capture the health address.

3. Click stop on the debugger window and also stop checking if instructions are accessing other addresses.

4. Highlight the instruction that looks good, and view in the disassembler.

5. From inside the memory viewer window, with the correct instruction highlighted, you can click on 'Tools' from the drop-down menu and choose 'Auto Assemble'. A new window should pop up.

6. In the new window, click on 'Template' from the drop-down menu and select 'Cheat Table Framework Code'.

7. Click on 'Template' again, and choose 'AOB Injection'.

8. Click on 'File' and select 'Assign to Current Cheat Table'.

9. Once that is done, open the script from your cheat table by double-clicking on it and copy/paste the contents here.

If there are no instructions that are exclusive to the health address, per step #2, and do not show a number (1), then you will have to take additional steps to filter out any addresses that you are not interested in. If this happens, I would recommend studying the CE tutorial before proceeding so that you can learn how to do that. I would strongly recommend doing that anyway, if you have not completed it.

As a side note, some of this may seem a little intimidating at first, but it is very much worth investing the time to learn. If you stick with it and learn it well, then you may never have to use the pointer scanner again, unless you really want to (you probably won't).
Back to top
View user's profile Send private message
bshi02
Newbie cheater
Reputation: 0

Joined: 08 Apr 2020
Posts: 17

PostPosted: Sun Mar 19, 2023 1:01 am    Post subject: Reply with quote

++METHOS wrote:
Probably, there are many text and video tutorials for this. I have probably written one several times on this forum.

1. Once you have found your health address, you will add it to your cheat table and right-click on it to check to see what is accessing it.

2. A window should pop up and a list of instructions should populate the list. From here, you can right-click in the empty white area of the new window and check to see if the instructions are accessing any other addresses. You will see a number show up for each entry, ranging from 1 to 8. If you see any entries that are 'constantly' accessing health, and are only accessing (1) address, then you can use that instruction for your injection point, to permanently capture the health address.

3. Click stop on the debugger window and also stop checking if instructions are accessing other addresses.

4. Highlight the instruction that looks good, and view in the disassembler.

5. From inside the memory viewer window, with the correct instruction highlighted, you can click on 'Tools' from the drop-down menu and choose 'Auto Assemble'. A new window should pop up.

6. In the new window, click on 'Template' from the drop-down menu and select 'Cheat Table Framework Code'.

7. Click on 'Template' again, and choose 'AOB Injection'.

8. Click on 'File' and select 'Assign to Current Cheat Table'.

9. Once that is done, open the script from your cheat table by double-clicking on it and copy/paste the contents here.

If there are no instructions that are exclusive to the health address, per step #2, and do not show a number (1), then you will have to take additional steps to filter out any addresses that you are not interested in. If this happens, I would recommend studying the CE tutorial before proceeding so that you can learn how to do that. I would strongly recommend doing that anyway, if you have not completed it.

As a side note, some of this may seem a little intimidating at first, but it is very much worth investing the time to learn. If you stick with it and learn it well, then you may never have to use the pointer scanner again, unless you really want to (you probably won't).


Thank you very much for your tutorial!
After bunch of trial and error,I finally to succeed to make invincible code for this game like below auto assemble script. Very Happy
Code:

[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(INJECT,Launch.exe,D9 40 14 D9 5C 24 0C) // should be unique
alloc(newmem,$1000)

label(code)
label(return)

newmem:

code:
mov [eax+14],(float)999
  fld dword ptr [eax+14]
  fstp dword ptr [esp+0C]
  jmp return

INJECT:
  jmp newmem
  nop 2
return:
registersymbol(INJECT)

[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
  db D9 40 14 D9 5C 24 0C

unregistersymbol(INJECT)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: Launch.exe+522AC7

Launch.exe+522AA1: 89 AF 44 11 00 00     - mov [edi+00001144],ebp
Launch.exe+522AA7: 81 FE 96 00 00 00     - cmp esi,00000096
Launch.exe+522AAD: 73 1B                 - jae Launch.exe+522ACA
Launch.exe+522AAF: 8B 15 70 58 31 01     - mov edx,[Launch.exe+6A5870]
Launch.exe+522AB5: 8D 0C 76              - lea ecx,[esi+esi*2]
Launch.exe+522AB8: 03 C9                 - add ecx,ecx
Launch.exe+522ABA: 8D 84 CA 10 B2 06 00  - lea eax,[edx+ecx*8+0006B210]
Launch.exe+522AC1: 85 C0                 - test eax,eax
Launch.exe+522AC3: 74 05                 - je Launch.exe+522ACA
Launch.exe+522AC5: DD D8                 - fstp st(0)
// ---------- INJECTING HERE ----------
Launch.exe+522AC7: D9 40 14              - fld dword ptr [eax+14]
// ---------- DONE INJECTING  ----------
Launch.exe+522ACA: D9 5C 24 0C           - fstp dword ptr [esp+0C]
Launch.exe+522ACE: D9 44 24 0C           - fld dword ptr [esp+0C]
Launch.exe+522AD2: E8 29 0F C9 FF        - call Launch.exe+1B3A00
Launch.exe+522AD7: 33 C9                 - xor ecx,ecx
Launch.exe+522AD9: 85 C0                 - test eax,eax
Launch.exe+522ADB: 0F 98 C1              - sets cl
Launch.exe+522ADE: 89 87 48 11 00 00     - mov [edi+00001148],eax
Launch.exe+522AE4: 49                    - dec ecx
Launch.exe+522AE5: 23 C8                 - and ecx,eax
Launch.exe+522AE7: 3B CD                 - cmp ecx,ebp

But It is still impossible for me to get health address( eax+14) from auto assemble script in order to add health address in cheat engine table.
It would be still great if there is any tutorial for getting any desired address from register in auto assemble script
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sun Mar 19, 2023 2:59 am    Post subject: Reply with quote

bshi02 wrote:
But It is still impossible for me to get health address( eax+14) from auto assemble script in order to add health address in cheat engine table.
-This is why I say to copy/paste contents here so that we may continue. Mr. Green

Assuming that you have carefully followed the instructions and that there are no other addresses being accessed by the instruction:

Try altering the script to match the code below. Once altered, approve the changes and enable the script inside of your cheat table. Once enabled, click on 'Add Address Manually' in the upper-right corner of your cheat table. A new window should pop up. Check the box that says 'Pointer'. In the bottom text field, paste health_address. Change the value type to Float. and click 'OK'.

Code:
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat

 
 
aobscanmodule(INJECT,Launch.exe,D9 40 14 D9 5C 24 0C) // should be unique
alloc(newmem,$1000)

label(code)
label(return)
label(health_address)

registersymbol(INJECT)
registersymbol(health_address)

newmem:

code:

  push edi
  lea edi,[eax+14]
  mov [health_address],edi
  pop edi

  mov [eax+14],(float)999
  fld dword ptr [eax+14]
  fstp dword ptr [esp+0C]
  jmp return

health_address:
  dd 0

INJECT:
  jmp newmem
  nop 2
return:


[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
  db D9 40 14 D9 5C 24 0C

unregistersymbol(INJECT)
unregistersymbol(health_address)
dealloc(newmem)

{
// ORIGINAL CODE - INJECTION POINT: Launch.exe+522AC7

Launch.exe+522AA1: 89 AF 44 11 00 00     - mov [edi+00001144],ebp
Launch.exe+522AA7: 81 FE 96 00 00 00     - cmp esi,00000096
Launch.exe+522AAD: 73 1B                 - jae Launch.exe+522ACA
Launch.exe+522AAF: 8B 15 70 58 31 01     - mov edx,[Launch.exe+6A5870]
Launch.exe+522AB5: 8D 0C 76              - lea ecx,[esi+esi*2]
Launch.exe+522AB8: 03 C9                 - add ecx,ecx
Launch.exe+522ABA: 8D 84 CA 10 B2 06 00  - lea eax,[edx+ecx*8+0006B210]
Launch.exe+522AC1: 85 C0                 - test eax,eax
Launch.exe+522AC3: 74 05                 - je Launch.exe+522ACA
Launch.exe+522AC5: DD D8                 - fstp st(0)
// ---------- INJECTING HERE ----------
Launch.exe+522AC7: D9 40 14              - fld dword ptr [eax+14]
// ---------- DONE INJECTING  ----------
Launch.exe+522ACA: D9 5C 24 0C           - fstp dword ptr [esp+0C]
Launch.exe+522ACE: D9 44 24 0C           - fld dword ptr [esp+0C]
Launch.exe+522AD2: E8 29 0F C9 FF        - call Launch.exe+1B3A00
Launch.exe+522AD7: 33 C9                 - xor ecx,ecx
Launch.exe+522AD9: 85 C0                 - test eax,eax
Launch.exe+522ADB: 0F 98 C1              - sets cl
Launch.exe+522ADE: 89 87 48 11 00 00     - mov [edi+00001148],eax
Launch.exe+522AE4: 49                    - dec ecx
Launch.exe+522AE5: 23 C8                 - and ecx,eax
Launch.exe+522AE7: 3B CD                 - cmp ecx,ebp
Back to top
View user's profile Send private message
bshi02
Newbie cheater
Reputation: 0

Joined: 08 Apr 2020
Posts: 17

PostPosted: Sun Mar 19, 2023 9:51 am    Post subject: Reply with quote

Thank you very much for creating auto assemble script which contains global variable of health_address which I really want to know how to create.
It seems that when I declared registersymbol at the very beginning,I am able to use it even in cheat engine table until I disable this script.

And auto assemble script seems to be very picky in pairs of registersymbol and unregistersymbol.
Frankly speaking, I failed to execute your auto assemble script for an hour until I realized that I have omitted "unregistersymbol(health_address)" beneath [disable] section. At that time, I didn’t noticed that it caused syntax error.

anyway,I really appreciate your help which play a huge role for me in understanding auto assemble script in Cheat engine. Laughing
Back to top
View user's profile Send private message
++METHOS
I post too much
Reputation: 92

Joined: 29 Oct 2010
Posts: 4197

PostPosted: Sun Mar 19, 2023 1:39 pm    Post subject: Reply with quote

I'm glad that it all worked out.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites