[Tutorial] Finding pointers & offsets (Cheat Engine)

You can find tutorials and ask questions about memory editing here. You may also post any game-specific information you find (ie. cheat tables or addresses).
Message
Author
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

That's because it's a byte, and you're writing an integer (4 bytes), causing the first byte to not be effected under your endianness. Basically, try using memoryWriteBytePtr instead.

cokelat70
Posts: 14
Joined: Mon Nov 17, 2008 7:37 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

Nice Tuts,

I try it to game shaiya, and I got it.

But when I try to another game, I got like this

Code: Select all

``````mov [ecx+eax*4+000000bc],edx  ????
The value of the pointer needed to find this address is pobably 14B8A218
``````
I scan and got green address "00612608", and try it with offset "bc", I don't my hp value?

Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

0xBC isn't the full offset. eax*4+000000bc is. But you don't know what eax is, so that's kind of problematic. Often when you are looking up what accesses that pointer, it will list ~10 entries. Try looking at one of the other entries, and see if it has a simpler offset.

Otherwise, you could try doing it mathematically. You've got your static base, 00612608? First, find out what it points to. Lets pretend it's 0234F200. If the found address you have for HP is then 0234F528 then you can just subtract the two addresses to get your offset: 0x328.

3cmSailorfuku
Posts: 354
Joined: Mon Jan 21, 2008 6:25 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

Also, lately I've found out that the automatic pointer search is actually very fast and reliable. You might wanna try that out if you can't find the pointer.

cokelat70
Posts: 14
Joined: Mon Nov 17, 2008 7:37 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

Wow, I try doing it mathematically and got it, thanks.
Btw can you make tutorial to bypass xtrap or GG like you did at Shaiya , I try search google, but not lucky.

@3cmSailorfuku automatic pointer search? but how?

Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

I would, but it's not information I'd like to make public, due to the creators of GameGuard/XTrap/whatever finding it and patching it up. Sure, there are several methods that work, but I'd like to keep as many of them working as long as possible.

3cmSailorfuku
Posts: 354
Joined: Mon Jan 21, 2008 6:25 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

cokelat70 wrote:Wow, I try doing it mathematically and got it, thanks.
Btw can you make tutorial to bypass xtrap or GG like you did at Shaiya , I try search google, but not lucky.

@3cmSailorfuku automatic pointer search? but how?
First you get the current adress of your HP or anything you'd like.
Then choose default and enter the level of your pointer, in Shaiya's case you could choose
3 Levels to look for, just in case. But the Player Base etc only has one level in Shaiya.
In NosTale however, it's a bit more complicated and can reach to more than 10 levels.
In Shaiya you get your pointer then in like 2 seconds.

Mesosmagnet
Posts: 37
Joined: Wed Apr 23, 2008 7:11 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

I'm sorry for BUMPing an old topic, but I need some help. And probably this is the best place to be asking it.
Firstly, the game is Nostale. I am trying to make a bot that consumes potions when HP is below a certain %.

I found that the HP address wasnt static, and the first pointer to it isnt static either. So I got a 2nd pointer that thankfully is static. However I have no idea how to use double pointers in my script.

Code: Select all

``````proc		= 0;
win		= 0;
char_Ptr		= 0x00784D70;
HP_Ptr_offset	= 0xAC;
curHP_offset	= 0x4C;
maxHP_offset	= 0x48;
MP_Ptr_offset	= 0xB0;
curMP_offset	= 0x4C;
maxMP_offset	= 0x48;

char_target		= 0x00784D74;
target_Ptr_offset	= 0xBC;
target_offset	= 0x18;

HP_Ptr		= 0;
MP_Ptr		= 0;
target_Ptr		= 0;

HP		= 0;
HPmax		= 0;
MP		= 0;
MPmax		= 0;
target		= 0;

function main()

win = findWindow("Nomad of Silver Spirit - Nostale");
hdc = openDC(win);
proc = openProcess( findProcessByExe("NostaleX.dat") );
attach(win);

HP = memoryReadIntPtr( proc , HP_Ptr, curHP_offset);

MP_Ptr = memoryReadStringPtr(proc, char_Ptr, MP_Ptr_offset, 8);

printf("\n\t%s\n", HP_Ptr);
printf("\n\t%d\n", HP);
printf("\n\t%d\n", HPmax);
printf("\n\t%s\n", MP_Ptr);
printf("\n\t%d\n", MP);
printf("\n\t%d\n", MPmax);
printf("\n\t%s\n", target_Ptr);
printf("\n\t%d\n", target);

end

startMacro(main);

``````
This is a simple script I used to test whether my function was returning the correct values. But I am facing some problems.
I need to use one memoryRead function to save a pointer address which is usually a combination of numbers and letters.
The few memoryRead deviations only allow for "byte", "int", "short", "float", "string". Out of those only string is able to store a combination of numbers and letters, but when I use memoryReadStringPtr(...) It returns gibberish like symbols.

I have been stuck on this script for 3 days now trying to fix my errors some of which were carelessly overlooked.

Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

Pointers are always* 4 bytes and should be read using memoryReadInt() or memoryReadIntPtr(). It's just typically stored in hex notation, but really it's only a number. That number signifies the offset from the first byte of the program (not the program origin, mind you).

Basically, it works like this:

Code: Select all

``````local pointer = memoryReadIntPtr(proc, staticaddress, offset1);

``````

Mesosmagnet
Posts: 37
Joined: Wed Apr 23, 2008 7:11 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

Thank you so so much.
So actually although I have 2 pointers I really only need one memoryReadIntPtr() as the 2nd pointer pointing to my actual HP should not be using memoryReadIntPtr() because that would make it read a pointer? Sorry if I sound confusing. And also thanks for clearing up the fact that a pointer is actually numbers in a hex form.
Thank you!

Schurke
Posts: 4
Joined: Thu Feb 26, 2009 12:09 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

I made some little training programms to train those skills, im currently still trying to solve them by myself , solutions will follow.

( Always scan files ! )
Attachments
Pointer Chains.rar

Gulron
Posts: 12
Joined: Mon Dec 29, 2008 8:10 pm
Location: United States

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

I have been taking apart your Shaiya Bot for reference and I have come across a memory address I don't understand.

Code: Select all

``playerptr_addr = 0x00825CB4;``
I think I understand the HP and MaxHP offsets but not the playerptr_addr. Also, what exactly is the offset?

Thanks

Tsutomu
Posts: 77
Joined: Thu Mar 24, 2011 1:50 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

Administrator wrote:You can take a look at the Perfect World script I posted in the scripts section. It uses a pointer to a character pawn, which contains pointers to the actual data. You have 'staticbase' pointing to 'charptr_addr', which points to HP, MP, etc.

Code: Select all

``````staticbase_ptr = 0x00903804;
staticbase_offset = 0x20;
targetid_offset = 0xA18;

``````
Now that you have charptr_addr, you can read a value from it.

Code: Select all

``````local readval = memoryReadUIntPtr(proc, charptr_addr, targetid_offset);
``````

Code: Select all

``[[[[9BC394]+598]+EC]+B4]``
(i have this for the addresses that i want to alter - LAST one actually but to it i should come through all these)

Code: Select all

``````first staticbase_ptr = 0x9bc394
second staticbase_offset = 0x598
third is skillBuffFlag_offset = 0xEC
fourth is mycustom_offset = 0xB4``````
I want to change and freeze the value on 0xB4 last offset from 1 to 3 for ex.

Do i do this like this or not?

Code: Select all

``````charptr_addr = memoryReadInt(proc, staticbase_ptr) + staticbase_offset;
i'm not good with using these mem functions

One more try and i'm out of guessess:

Code: Select all

``````charptr_addr = memoryReadIntPtr(romProcess, staticcharbase_address, charPtr_offset);
How do i change the value in memory and keep it that way (freeze)?

Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

Tsutomu wrote:

Code: Select all

``````first staticbase_ptr = 0x9bc394
second staticbase_offset = 0x598
third is skillBuffFlag_offset = 0xEC
fourth is mycustom_offset = 0xB4``````
I want to change and freeze the value on 0xB4 last offset from 1 to 3 for ex.

Do i do this like this or not?

Code: Select all

``````charptr_addr = memoryReadInt(proc, staticbase_ptr) + staticbase_offset;
No. Reading memory will have no effect on it's value.

Code: Select all

``````memoryWriteIntPtr(proc, staticbase_ptr, {staticbase_offset, skillBuffFlag, mycustom_offset}, value);
``````
How do i change the value in memory and keep it that way (freeze)?
By re-writing it continually. That's all a "freeze" is.

Tsutomu
Posts: 77
Joined: Thu Mar 24, 2011 1:50 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

Thanks for the info. I've learned much about micromacro memory functions, i feel a bit confident about that now.
There is only one function it's missing.

Code: Select all

``VirtualProtectEx(opClient, (void *) 0x0091D3B4, 4, PAGE_READWRITE, &oldData); //This address is protected from modification, let's fix that.``
A function that edits the flag of the memory address.

If we need to make it readwrite, i think no function in micromacro for that.
At least not in online library.

Is there any way to change the memory address flag to writable in micromacro?