[Tutorial] Finding pointers & offsets (Cheat Engine)

You can find tutorials and ask questions about memory editing here. You may also post any game-specific information you find (ie. cheat tables or addresses).
Message
Author
User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

[Tutorial] Finding pointers & offsets (Cheat Engine)

#1 Post by Administrator » Wed Apr 23, 2008 1:28 pm

Step 1: Find the current address for whatever you want to get the pointer & offset of.
In this tutorial, I'll be using max HP as an example. I first found my max HP by searching my current max HP, adding/removing equipment with + Max HP on it, and filtering the results.

Add that address to your address list (the bottom section in Cheat Engine).

Step 2: Find out what accesses that address
Now right click on the newly added address, and select "Find what accesses this address." You will be prompted if you want to attach the debugger; select yes.
ce_tut_1.png
You may need to go back into the game and wait a few seconds before anything is added to the opcode box. After a few results turn up, cycle through them look for an entry that is labled as "Copy memory" on the right side below the buttons.
ce_tut_2.png
Step 3: Get the offset, and probable address to search for
Double click on this entry, and you will receive another window with detailed information in it. This window contains two very important pieces of information: the offset, and address to search for. The red text shows us the offset in hex. It will look something like this: >>004971b0 - mov ecx, [esi+0000012c]
From this, we can tell that 12C is our offset. Write this down.

The second important line contains the address we need to search for. It will say "The value of the pointer needed to find this address is pobably <address>". Write down the address, and you can now close this window.
ce_tut_3.png
Step 4: Searching the address
Now go back to the Cheat Engine main window, and begin a new scan. You will have the "Hex" checkbox checked, have the value set to the probable address to search for, scan type as Exact Value, and value type as 4 bytes. Click First Scan.

Now we should have a few results. You hopefully won't have more than a few. Most likely, the address you want to use will appear green in the found list. The green text means that it is a static pointer (it will not change when you restart the game).
ce_tut_4.png
Now that you've found the pointer, you can put it to use. To add it into Cheat Engine, click the "Add address manually" button. Check Pointer, and copy the address from the green result in the address list (make sure it's the address, and NOT the value!), and type in the offset you wrote down earlier from step 3. You've now got your full pointer and offset.


If the green results do not appear to work, or you do not see any green results, it is possible that the game uses a double pointer to access this specific variable, and you will need to run another pointer-offset lookup on the already found pointer and offset. A quick explanation of what this is all about can be found here.

deaznracer
Posts: 59
Joined: Tue May 20, 2008 5:45 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#2 Post by deaznracer » Fri Jun 06, 2008 11:38 pm

I downloaded the software my virus scanner said it had a Virus. Is this programming error or is it an actual virus.

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#3 Post by Administrator » Sat Jun 07, 2008 12:04 am

They are false positives. That's the problem with heuristics. Cheat Engine does not contain a virus, but some of the methods it uses to avoid detection by software like GameGuard or XTrap may appear to be malicious to certain anti-virus softwares.

deaznracer
Posts: 59
Joined: Tue May 20, 2008 5:45 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#4 Post by deaznracer » Sat Jun 07, 2008 3:48 am

I am trying to get information about the target mob like it's current HP. But I keep getting nothing but pointers.

1) I targeted my friend and scan for his HP 734. It founded 13 address.
2)he took off his armor and I saw 1 address changed to the new value of the HP which is 647.
3)So i picked that address.
4)I clicked to see where it was written and I got an address of 08F4181.
5)When I restarted the game, that address has changed.

I tried finding it's pointer, and i believed I found it. What do I do with its pointer to find it's actual address.

User avatar
3cmSailorfuku
Posts: 354
Joined: Mon Jan 21, 2008 6:25 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#5 Post by 3cmSailorfuku » Sat Jun 07, 2008 5:16 am

deaznracer wrote:I am trying to get information about the target mob like it's current HP. But I keep getting nothing but pointers.

1) I targeted my friend and scan for his HP 734. It founded 13 address.
2)he took off his armor and I saw 1 address changed to the new value of the HP which is 647.
3)So i picked that address.
4)I clicked to see where it was written and I got an address of 08F4181.
5)When I restarted the game, that address has changed.

I tried finding it's pointer, and i believed I found it. What do I do with its pointer to find it's actual address.
Do the tutorial above.

Name of the game?

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#6 Post by Administrator » Sat Jun 07, 2008 7:41 am

It is quite possibly going to be in a chain of pointers. There probably will be a list (which may or may not be static) which contains pointers to character pawns which will contain pointers to actual data.

User avatar
3cmSailorfuku
Posts: 354
Joined: Mon Jan 21, 2008 6:25 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#7 Post by 3cmSailorfuku » Sat Jun 07, 2008 9:27 am

elverion wrote:It is quite possibly going to be in a chain of pointers. There probably will be a list (which may or may not be static) which contains pointers to character pawns which will contain pointers to actual data.
Or like Guild Wars where the location of the pointers is being calculated during the runtime. Makes it impossible to get pointers in cheat engine.

deaznracer
Posts: 59
Joined: Tue May 20, 2008 5:45 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#8 Post by deaznracer » Sat Jun 07, 2008 10:31 am

the name of the game is Shaiya. I tried multiple times repeating the steps above using the new address I found. It always Lead to these 3 addresses( that changes when restarting the game) which changes values when I buff. I traced these 3 address before and it always leads to the previous address that I have found.

What method should I use to get the actual data?
elverion wrote:It is quite possibly going to be in a chain of pointers. There probably will be a list (which may or may not be static) which contains pointers to character pawns which will contain pointers to actual data.
that seems about right when i look at it. How do i get pass pointers to the character pawns, so i can get the actual pointer to the actual data.

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#9 Post by Administrator » Sat Jun 07, 2008 2:02 pm

You can take a look at the Perfect World script I posted in the scripts section. It uses a pointer to a character pawn, which contains pointers to the actual data. You have 'staticbase' pointing to 'charptr_addr', which points to HP, MP, etc.

Code: Select all

staticbase_ptr = 0x00903804;
staticbase_offset = 0x20;
charptr_addr = 0;
targetid_offset = 0xA18;

charptr_addr = memoryReadInt(proc, staticbase_ptr) + staticbase_offset; -- get the address of your character pawn
Now that you have charptr_addr, you can read a value from it.

Code: Select all

local readval = memoryReadUIntPtr(proc, charptr_addr, targetid_offset);

deaznracer
Posts: 59
Joined: Tue May 20, 2008 5:45 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#10 Post by deaznracer » Sun Jun 08, 2008 3:56 am

Thank you so much for these helpful informations.

So i would use that code to find the actual address using LUA scripts and not cheat engine?

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#11 Post by Administrator » Sun Jun 08, 2008 5:42 pm

Well, yes. Kind of. You would figure out the pattern using Cheat Engine, then reconstruct the pointer chain using Lua. Once you've got your static pointer, you can use that address in your scripts like I showed you above. After you've done this once or twice, it'll make more sense.

deaznracer
Posts: 59
Joined: Tue May 20, 2008 5:45 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#12 Post by deaznracer » Mon Jun 09, 2008 4:59 am

Yea I'm in the process of still finding the static pointer. Static pointer is in green correct? and the value won't change in game or restarting the game correct?

Well I just figured something out. My objective is to find out more about the targeted NPC/PC in the game. Hp,damaged hp,color level, etc...

But what i do notice is something interesting. I just stand next to my other pc's char and exact scan for his hp without targeting him and his address and his hp value came up.

What does that mean?

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#13 Post by Administrator » Mon Jun 09, 2008 7:11 am

Yea I'm in the process of still finding the static pointer. Static pointer is in green correct? and the value won't change in game or restarting the game correct?
Yes, static pointers are green. No, their value can (and probably will) change when restarting the game. This static pointer points to (and has a value of the address of) a dynamic address, which is what changes every time.
Well I just figured something out. My objective is to find out more about the targeted NPC/PC in the game. Hp,damaged hp,color level, etc...
ZeroSignal could probably provide you with more information. The script he wrote is very nice, and I hope he will continue supporting it.
But what i do notice is something interesting. I just stand next to my other pc's char and exact scan for his hp without targeting him and his address and his hp value came up.

What does that mean?
That's normal. Some games do this, others do not. In this game, the server sends you basic information about nearby players regardless of whether it's necessary or not. This has uses in 'Dead Reckoning', but as this isn't a crash course in game programming, I won't explain about that further. What you are experiencing basically just means that the client-side player pawns (other player's objects) is keeping track of HP to the best of it's ability. Which is good for you, because you can now use this to programmatically keep track of another player's HP.

Why would it do this? Well, rather than request the information from the server every time you target another player, it will instead just assume that the local copy of that player's HP is correct until told otherwise. This can cut down on bandwidth usage and latency (lag) when retrieving the information.

deaznracer
Posts: 59
Joined: Tue May 20, 2008 5:45 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#14 Post by deaznracer » Tue Jun 10, 2008 11:31 pm

i been trying to figure this thing out for weeks now, and i'm not getting no where. lol. I been using different methods to scan. Is there any place i can read about this subject, besides the cheat engine tutorial.

I still can't find the static pointer, all the address i found has been changing everytime i restart. Any technique that i haven't read or don't know about that anyone might know to help me figure this thing out?

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#15 Post by Administrator » Wed Jun 11, 2008 12:49 am

You should try asking on the cheat engine forum. What game are you working on, anyways?

deaznracer
Posts: 59
Joined: Tue May 20, 2008 5:45 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#16 Post by deaznracer » Wed Jun 11, 2008 1:25 am

shaiya

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#17 Post by Administrator » Wed Jun 11, 2008 6:29 am

That's interesting. If you find HP, and then lookup the pointer, you should get 0x007835B4 + 0x128 (296 decimal). See if you've got this right.

There has got to be, at some point, a static pointer. However, in some instances, it may be very difficult to find the correct pointer, and different lookup methods work better. It's also possible that you'll have an easier time finding a pointer for people in your party rather than people nearby.

deaznracer
Posts: 59
Joined: Tue May 20, 2008 5:45 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#18 Post by deaznracer » Wed Jun 11, 2008 11:06 am

oh no thats not what im looking for. i already found the character's pointer(the green value) through your awesome tutorial which taught me a lot! (LOVN IT)

I also found an offset of 602 = movement speed. I'm trying to find the offset for attack speed :P. Do you know how would i start looking for that?

But what I'm really looking for is when the character clicks on a mob, it would tell me if the hp is still alive. Would that be in a different Address or Different offset.

example: local value = memoryReadInt(proc, 0x007835B4, *what offset*);

at the moment I am currently using zerosignal's getpixel function to identify the mobs hp. But that require to not move or readjust the status position to a certain spot.

If i had this I can do all sorts of crazy function that can use this.

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#19 Post by Administrator » Wed Jun 11, 2008 4:10 pm

It's likely to be both a different address and offset. The character stores (I believe, haven't tested this theory) a pointer to it's target. I would start by finding the unique ID of the selected object, which hopefully is a pointer. That way, you could do something like this:

Code: Select all

targetptr = memoryReadIntPtr(proc, 0x007835B4,  some_offset);
targethp = memoryReadIntPtr(proc, targetptr, some_other_offset);
As you'll see in my shaiya.lua script, I make use of 0x0062FAD4 to tell if you have a monster selected. This might be involved somehow. I guess it could be the location in a list or map. I'm not really sure how it's layed out.
I also found an offset of 602 = movement speed. I'm trying to find the offset for attack speed :P. Do you know how would i start looking for that?
Try byte at 601. Or maybe it's byte at 603? I can't remember. What you would typically do is use an unknown value search and switch between weapons with different attack speeds.

deaznracer
Posts: 59
Joined: Tue May 20, 2008 5:45 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#20 Post by deaznracer » Wed Jun 11, 2008 4:24 pm

cool thx i'll try it. The attack speed offset is 260 but when i try to replace the default value 516 to 520 it doesn't take effect

I did this in the LUA
speedatk_offset = 260
memoryWriteIntPtr(proc, address, speedatk_offset, 520);

it doesn't do anything but when I switch the value using Cheat engine it works.
and I can see the attack speed faster in game by changing value in Cheat engine but when i change value in LUA it doesn't take effect
Any idea what im missing?

EDIT *** nevermind I figured out the problem. I didn't convert the to Hex to Dec.

Will the server receive any signal if we increase the speed to extremely fast? Or they can't detect it at all since it is from the users side.
Last edited by deaznracer on Wed Jun 11, 2008 7:02 pm, edited 2 times in total.

Post Reply

Who is online

Users browsing this forum: No registered users and 0 guests