 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
bshi02
Newbie cheater
![]() Reputation: 0
Joined: 08 Apr 2020
Posts: 17
|
 Posted: Wed Mar 15, 2023 7:56 pm Post subject: Pointer is always fail to point to correct address |
 |
|
I found health address for 64bit game, and When I did pointer scan for this health address, I found that there is more than a hundred thousand address of pointer.
But After exiting and relaunching game,It seems that Among a hundred thousand pointer, there is absolutely no pointer which point to correct health address at all .
all of them displays ?? question marks or point to peculiar address where is very far from correct address.
Is there any way to get correct address even though all of the pointer, which I have found, always point to incorrect address as soon as I relaunching game?
Last edited by bshi02 on Sun Mar 19, 2023 7:00 pm; edited 1 time in total |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 468
Joined: 09 May 2003
Posts: 25710
Location: The netherlands
|
| Posted: Thu Mar 16, 2023 12:33 am Post subject: |
|
|
Increase level and max offset size
also, never stop the pointerscan
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
bshi02
Newbie cheater
![]() Reputation: 0
Joined: 08 Apr 2020
Posts: 17
|
| Posted: Thu Mar 16, 2023 5:24 am Post subject: |
|
|
| Dark Byte wrote: | Increase level and max offset size
also, never stop the pointerscan |
I set level 9 and max offset size to 8192 for pointer scan and Now It is already past 5 hours but it seems pointer scan is far from over...
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 468
Joined: 09 May 2003
Posts: 25710
Location: The netherlands
|
| Posted: Thu Mar 16, 2023 6:52 am Post subject: |
|
|
try level 8 first
And in the first post scan (assuming level 7) did you stop it or was that the full run? If you stopped it, try again
also, use pointermaps else a lot of time will be spend on writing invalid results to disk
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Mar 16, 2023 12:52 pm Post subject: |
|
|
| You can also try to capture the address using injection, if you get tired of messing around with pointers.
|
|
| Back to top |
|
|
bshi02
Newbie cheater
![]() Reputation: 0
Joined: 08 Apr 2020
Posts: 17
|
| Posted: Thu Mar 16, 2023 7:45 pm Post subject: |
|
|
| ++METHOS wrote: | | You can also try to capture the address using injection, if you get tired of messing around with pointers. |
I try to pointer scan for 10 hours and It used up 200GB which is my last available space for hard drive, and in spite of my efforts,I also failed to locate a pointer which must point to correct health address... 
By the way,How can I capture the address using injection in order to locate point address which point to correct health address?
Is there any tutorial for this "capture the address using injection"?
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Thu Mar 16, 2023 11:38 pm Post subject: |
|
|
Probably, there are many text and video tutorials for this. I have probably written one several times on this forum.
1. Once you have found your health address, you will add it to your cheat table and right-click on it to check to see what is accessing it.
2. A window should pop up and a list of instructions should populate the list. From here, you can right-click in the empty white area of the new window and check to see if the instructions are accessing any other addresses. You will see a number show up for each entry, ranging from 1 to 8. If you see any entries that are 'constantly' accessing health, and are only accessing (1) address, then you can use that instruction for your injection point, to permanently capture the health address.
3. Click stop on the debugger window and also stop checking if instructions are accessing other addresses.
4. Highlight the instruction that looks good, and view in the disassembler.
5. From inside the memory viewer window, with the correct instruction highlighted, you can click on 'Tools' from the drop-down menu and choose 'Auto Assemble'. A new window should pop up.
6. In the new window, click on 'Template' from the drop-down menu and select 'Cheat Table Framework Code'.
7. Click on 'Template' again, and choose 'AOB Injection'.
8. Click on 'File' and select 'Assign to Current Cheat Table'.
9. Once that is done, open the script from your cheat table by double-clicking on it and copy/paste the contents here.
If there are no instructions that are exclusive to the health address, per step #2, and do not show a number (1), then you will have to take additional steps to filter out any addresses that you are not interested in. If this happens, I would recommend studying the CE tutorial before proceeding so that you can learn how to do that. I would strongly recommend doing that anyway, if you have not completed it.
As a side note, some of this may seem a little intimidating at first, but it is very much worth investing the time to learn. If you stick with it and learn it well, then you may never have to use the pointer scanner again, unless you really want to (you probably won't).
|
|
| Back to top |
|
|
bshi02
Newbie cheater
![]() Reputation: 0
Joined: 08 Apr 2020
Posts: 17
|
| Posted: Sun Mar 19, 2023 1:01 am Post subject: |
|
|
| ++METHOS wrote: | Probably, there are many text and video tutorials for this. I have probably written one several times on this forum.
1. Once you have found your health address, you will add it to your cheat table and right-click on it to check to see what is accessing it.
2. A window should pop up and a list of instructions should populate the list. From here, you can right-click in the empty white area of the new window and check to see if the instructions are accessing any other addresses. You will see a number show up for each entry, ranging from 1 to 8. If you see any entries that are 'constantly' accessing health, and are only accessing (1) address, then you can use that instruction for your injection point, to permanently capture the health address.
3. Click stop on the debugger window and also stop checking if instructions are accessing other addresses.
4. Highlight the instruction that looks good, and view in the disassembler.
5. From inside the memory viewer window, with the correct instruction highlighted, you can click on 'Tools' from the drop-down menu and choose 'Auto Assemble'. A new window should pop up.
6. In the new window, click on 'Template' from the drop-down menu and select 'Cheat Table Framework Code'.
7. Click on 'Template' again, and choose 'AOB Injection'.
8. Click on 'File' and select 'Assign to Current Cheat Table'.
9. Once that is done, open the script from your cheat table by double-clicking on it and copy/paste the contents here.
If there are no instructions that are exclusive to the health address, per step #2, and do not show a number (1), then you will have to take additional steps to filter out any addresses that you are not interested in. If this happens, I would recommend studying the CE tutorial before proceeding so that you can learn how to do that. I would strongly recommend doing that anyway, if you have not completed it.
As a side note, some of this may seem a little intimidating at first, but it is very much worth investing the time to learn. If you stick with it and learn it well, then you may never have to use the pointer scanner again, unless you really want to (you probably won't). |
Thank you very much for your tutorial!
After bunch of trial and error,I finally to succeed to make invincible code for this game like below auto assemble script. 
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(INJECT,Launch.exe,D9 40 14 D9 5C 24 0C) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
newmem:
code:
mov [eax+14],(float)999
fld dword ptr [eax+14]
fstp dword ptr [esp+0C]
jmp return
INJECT:
jmp newmem
nop 2
return:
registersymbol(INJECT)
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db D9 40 14 D9 5C 24 0C
unregistersymbol(INJECT)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Launch.exe+522AC7
Launch.exe+522AA1: 89 AF 44 11 00 00 - mov [edi+00001144],ebp
Launch.exe+522AA7: 81 FE 96 00 00 00 - cmp esi,00000096
Launch.exe+522AAD: 73 1B - jae Launch.exe+522ACA
Launch.exe+522AAF: 8B 15 70 58 31 01 - mov edx,[Launch.exe+6A5870]
Launch.exe+522AB5: 8D 0C 76 - lea ecx,[esi+esi*2]
Launch.exe+522AB8: 03 C9 - add ecx,ecx
Launch.exe+522ABA: 8D 84 CA 10 B2 06 00 - lea eax,[edx+ecx*8+0006B210]
Launch.exe+522AC1: 85 C0 - test eax,eax
Launch.exe+522AC3: 74 05 - je Launch.exe+522ACA
Launch.exe+522AC5: DD D8 - fstp st(0)
// ---------- INJECTING HERE ----------
Launch.exe+522AC7: D9 40 14 - fld dword ptr [eax+14]
// ---------- DONE INJECTING ----------
Launch.exe+522ACA: D9 5C 24 0C - fstp dword ptr [esp+0C]
Launch.exe+522ACE: D9 44 24 0C - fld dword ptr [esp+0C]
Launch.exe+522AD2: E8 29 0F C9 FF - call Launch.exe+1B3A00
Launch.exe+522AD7: 33 C9 - xor ecx,ecx
Launch.exe+522AD9: 85 C0 - test eax,eax
Launch.exe+522ADB: 0F 98 C1 - sets cl
Launch.exe+522ADE: 89 87 48 11 00 00 - mov [edi+00001148],eax
Launch.exe+522AE4: 49 - dec ecx
Launch.exe+522AE5: 23 C8 - and ecx,eax
Launch.exe+522AE7: 3B CD - cmp ecx,ebp
|
But It is still impossible for me to get health address( eax+14) from auto assemble script in order to add health address in cheat engine table.
It would be still great if there is any tutorial for getting any desired address from register in auto assemble script
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 19, 2023 2:59 am Post subject: |
|
|
| bshi02 wrote: | | But It is still impossible for me to get health address( eax+14) from auto assemble script in order to add health address in cheat engine table. |
-This is why I say to copy/paste contents here so that we may continue. 
Assuming that you have carefully followed the instructions and that there are no other addresses being accessed by the instruction:
Try altering the script to match the code below. Once altered, approve the changes and enable the script inside of your cheat table. Once enabled, click on 'Add Address Manually' in the upper-right corner of your cheat table. A new window should pop up. Check the box that says 'Pointer'. In the bottom text field, paste health_address. Change the value type to Float. and click 'OK'.
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
aobscanmodule(INJECT,Launch.exe,D9 40 14 D9 5C 24 0C) // should be unique
alloc(newmem,$1000)
label(code)
label(return)
label(health_address)
registersymbol(INJECT)
registersymbol(health_address)
newmem:
code:
push edi
lea edi,[eax+14]
mov [health_address],edi
pop edi
mov [eax+14],(float)999
fld dword ptr [eax+14]
fstp dword ptr [esp+0C]
jmp return
health_address:
dd 0
INJECT:
jmp newmem
nop 2
return:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
INJECT:
db D9 40 14 D9 5C 24 0C
unregistersymbol(INJECT)
unregistersymbol(health_address)
dealloc(newmem)
{
// ORIGINAL CODE - INJECTION POINT: Launch.exe+522AC7
Launch.exe+522AA1: 89 AF 44 11 00 00 - mov [edi+00001144],ebp
Launch.exe+522AA7: 81 FE 96 00 00 00 - cmp esi,00000096
Launch.exe+522AAD: 73 1B - jae Launch.exe+522ACA
Launch.exe+522AAF: 8B 15 70 58 31 01 - mov edx,[Launch.exe+6A5870]
Launch.exe+522AB5: 8D 0C 76 - lea ecx,[esi+esi*2]
Launch.exe+522AB8: 03 C9 - add ecx,ecx
Launch.exe+522ABA: 8D 84 CA 10 B2 06 00 - lea eax,[edx+ecx*8+0006B210]
Launch.exe+522AC1: 85 C0 - test eax,eax
Launch.exe+522AC3: 74 05 - je Launch.exe+522ACA
Launch.exe+522AC5: DD D8 - fstp st(0)
// ---------- INJECTING HERE ----------
Launch.exe+522AC7: D9 40 14 - fld dword ptr [eax+14]
// ---------- DONE INJECTING ----------
Launch.exe+522ACA: D9 5C 24 0C - fstp dword ptr [esp+0C]
Launch.exe+522ACE: D9 44 24 0C - fld dword ptr [esp+0C]
Launch.exe+522AD2: E8 29 0F C9 FF - call Launch.exe+1B3A00
Launch.exe+522AD7: 33 C9 - xor ecx,ecx
Launch.exe+522AD9: 85 C0 - test eax,eax
Launch.exe+522ADB: 0F 98 C1 - sets cl
Launch.exe+522ADE: 89 87 48 11 00 00 - mov [edi+00001148],eax
Launch.exe+522AE4: 49 - dec ecx
Launch.exe+522AE5: 23 C8 - and ecx,eax
Launch.exe+522AE7: 3B CD - cmp ecx,ebp |
|
|
| Back to top |
|
|
bshi02
Newbie cheater
![]() Reputation: 0
Joined: 08 Apr 2020
Posts: 17
|
| Posted: Sun Mar 19, 2023 9:51 am Post subject: |
|
|
Thank you very much for creating auto assemble script which contains global variable of health_address which I really want to know how to create.
It seems that when I declared registersymbol at the very beginning,I am able to use it even in cheat engine table until I disable this script.
And auto assemble script seems to be very picky in pairs of registersymbol and unregistersymbol.
Frankly speaking, I failed to execute your auto assemble script for an hour until I realized that I have omitted "unregistersymbol(health_address)" beneath [disable] section. At that time, I didn’t noticed that it caused syntax error.
anyway,I really appreciate your help which play a huge role for me in understanding auto assemble script in Cheat engine. 
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Sun Mar 19, 2023 1:39 pm Post subject: |
|
|
| I'm glad that it all worked out.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
