[Tutorial] Finding pointers & offsets (Cheat Engine)

You can find tutorials and ask questions about memory editing here. You may also post any game-specific information you find (ie. cheat tables or addresses).
Message
Author
User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#21 Post by Administrator » Wed Jun 11, 2008 6:28 pm

That's because it's a byte, and you're writing an integer (4 bytes), causing the first byte to not be effected under your endianness. Basically, try using memoryWriteBytePtr instead.

cokelat70
Posts: 14
Joined: Mon Nov 17, 2008 7:37 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#22 Post by cokelat70 » Fri Dec 05, 2008 7:13 am

Nice Tuts,

I try it to game shaiya, and I got it.

But when I try to another game, I got like this

Code: Select all

mov [ecx+eax*4+000000bc],edx  ????
The value of the pointer needed to find this address is pobably 14B8A218
I scan and got green address "00612608", and try it with offset "bc", I don't my hp value?
ImageImage

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#23 Post by Administrator » Fri Dec 05, 2008 12:02 pm

0xBC isn't the full offset. eax*4+000000bc is. But you don't know what eax is, so that's kind of problematic. Often when you are looking up what accesses that pointer, it will list ~10 entries. Try looking at one of the other entries, and see if it has a simpler offset.

Otherwise, you could try doing it mathematically. You've got your static base, 00612608? First, find out what it points to. Lets pretend it's 0234F200. If the found address you have for HP is then 0234F528 then you can just subtract the two addresses to get your offset: 0x328.

User avatar
3cmSailorfuku
Posts: 354
Joined: Mon Jan 21, 2008 6:25 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#24 Post by 3cmSailorfuku » Fri Dec 05, 2008 1:17 pm

Also, lately I've found out that the automatic pointer search is actually very fast and reliable. You might wanna try that out if you can't find the pointer.

cokelat70
Posts: 14
Joined: Mon Nov 17, 2008 7:37 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#25 Post by cokelat70 » Fri Dec 05, 2008 10:29 pm

Wow, I try doing it mathematically and got it, thanks.
Btw can you make tutorial to bypass xtrap or GG like you did at Shaiya :) , I try search google, but not lucky.


@3cmSailorfuku automatic pointer search? but how?
ImageImage

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#26 Post by Administrator » Sat Dec 06, 2008 2:26 am

I would, but it's not information I'd like to make public, due to the creators of GameGuard/XTrap/whatever finding it and patching it up. Sure, there are several methods that work, but I'd like to keep as many of them working as long as possible.

User avatar
3cmSailorfuku
Posts: 354
Joined: Mon Jan 21, 2008 6:25 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#27 Post by 3cmSailorfuku » Sat Dec 06, 2008 5:35 am

cokelat70 wrote:Wow, I try doing it mathematically and got it, thanks.
Btw can you make tutorial to bypass xtrap or GG like you did at Shaiya :) , I try search google, but not lucky.


@3cmSailorfuku automatic pointer search? but how?
First you get the current adress of your HP or anything you'd like.
Add it to the adress list, rightclick and pick "Pointer Scan for this Adress".
Then choose default and enter the level of your pointer, in Shaiya's case you could choose
3 Levels to look for, just in case. But the Player Base etc only has one level in Shaiya.
In NosTale however, it's a bit more complicated and can reach to more than 10 levels.
In Shaiya you get your pointer then in like 2 seconds.

Mesosmagnet
Posts: 37
Joined: Wed Apr 23, 2008 7:11 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#28 Post by Mesosmagnet » Sun Jan 18, 2009 5:23 pm

I'm sorry for BUMPing an old topic, but I need some help. And probably this is the best place to be asking it.
Firstly, the game is Nostale. I am trying to make a bot that consumes potions when HP is below a certain %.

I found that the HP address wasnt static, and the first pointer to it isnt static either. So I got a 2nd pointer that thankfully is static. However I have no idea how to use double pointers in my script.

Code: Select all

proc		= 0;
win		= 0;
char_Ptr		= 0x00784D70;
HP_Ptr_offset	= 0xAC;
curHP_offset	= 0x4C;
maxHP_offset	= 0x48;
MP_Ptr_offset	= 0xB0;
curMP_offset	= 0x4C;
maxMP_offset	= 0x48;

char_target		= 0x00784D74;
target_Ptr_offset	= 0xBC;
target_offset	= 0x18;

HP_Ptr		= 0;
MP_Ptr		= 0;
target_Ptr		= 0;

HP		= 0;
HPmax		= 0;
MP		= 0;
MPmax		= 0;
target		= 0;

function main()

 win = findWindow("Nomad of Silver Spirit - Nostale");
 hdc = openDC(win);
 proc = openProcess( findProcessByExe("NostaleX.dat") );
 attach(win);

  HP_Ptr = memoryReadHexPtr(proc, char_Ptr, HP_Ptr_offset);
  HP = memoryReadIntPtr( proc , HP_Ptr, curHP_offset);
  HPmax = memoryReadIntPtr(proc, HP_Ptr, maxHP_offset);

  MP_Ptr = memoryReadStringPtr(proc, char_Ptr, MP_Ptr_offset, 8);
  MP = memoryReadIntPtr(proc, MP_Ptr, curMP_offset);
  MPmax = memoryReadIntPtr(proc, MP_Ptr, maxMP_offset);

  target_Ptr = memoryReadStringPtr(proc, char_target, target_Ptr_offset);
  target = memoryReadIntPtr(proc, target_Ptr, target_offset);

printf("\n\t%s\n", HP_Ptr);
printf("\n\t%d\n", HP);
printf("\n\t%d\n", HPmax);
printf("\n\t%s\n", MP_Ptr);
printf("\n\t%d\n", MP);
printf("\n\t%d\n", MPmax);
printf("\n\t%s\n", target_Ptr);
printf("\n\t%d\n", target);

end

startMacro(main);

This is a simple script I used to test whether my function was returning the correct values. But I am facing some problems.
I need to use one memoryRead function to save a pointer address which is usually a combination of numbers and letters.
The few memoryRead deviations only allow for "byte", "int", "short", "float", "string". Out of those only string is able to store a combination of numbers and letters, but when I use memoryReadStringPtr(...) It returns gibberish like symbols.

I have been stuck on this script for 3 days now trying to fix my errors some of which were carelessly overlooked. :P

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#29 Post by Administrator » Sun Jan 18, 2009 5:44 pm

Pointers are always* 4 bytes and should be read using memoryReadInt() or memoryReadIntPtr(). It's just typically stored in hex notation, but really it's only a number. That number signifies the offset from the first byte of the program (not the program origin, mind you).

Basically, it works like this:

Code: Select all

local pointer = memoryReadIntPtr(proc, staticaddress, offset1);
local playerAddr = memoryReadIntPtr(proc, pointer, offset2);

local HP = memoryReadInt(proc, playerAddr + HP_offset);

Mesosmagnet
Posts: 37
Joined: Wed Apr 23, 2008 7:11 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#30 Post by Mesosmagnet » Sun Jan 18, 2009 5:56 pm

Thank you so so much.
So actually although I have 2 pointers I really only need one memoryReadIntPtr() as the 2nd pointer pointing to my actual HP should not be using memoryReadIntPtr() because that would make it read a pointer? Sorry if I sound confusing. And also thanks for clearing up the fact that a pointer is actually numbers in a hex form. :P
Thank you!

Schurke
Posts: 4
Joined: Thu Feb 26, 2009 12:09 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#31 Post by Schurke » Fri Feb 27, 2009 4:14 pm

I made some little training programms to train those skills, im currently still trying to solve them by myself :D, solutions will follow.

( Always scan files ! )
Attachments
Pointer Chains.rar
(465.73 KiB) Downloaded 2383 times

User avatar
Gulron
Posts: 12
Joined: Mon Dec 29, 2008 8:10 pm
Location: United States

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#32 Post by Gulron » Mon Mar 23, 2009 7:50 pm

I have been taking apart your Shaiya Bot for reference and I have come across a memory address I don't understand.

Code: Select all

playerptr_addr = 0x00825CB4;
I think I understand the HP and MaxHP offsets but not the playerptr_addr. Also, what exactly is the offset?

Thanks
Image

User avatar
Tsutomu
Posts: 77
Joined: Thu Mar 24, 2011 1:50 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#33 Post by Tsutomu » Thu Mar 24, 2011 7:18 am

Administrator wrote:You can take a look at the Perfect World script I posted in the scripts section. It uses a pointer to a character pawn, which contains pointers to the actual data. You have 'staticbase' pointing to 'charptr_addr', which points to HP, MP, etc.

Code: Select all

staticbase_ptr = 0x00903804;
staticbase_offset = 0x20;
charptr_addr = 0;
targetid_offset = 0xA18;

charptr_addr = memoryReadInt(proc, staticbase_ptr) + staticbase_offset; -- get the address of your character pawn
Now that you have charptr_addr, you can read a value from it.

Code: Select all

local readval = memoryReadUIntPtr(proc, charptr_addr, targetid_offset);

Code: Select all

[[[[9BC394]+598]+EC]+B4]
(i have this for the addresses that i want to alter - LAST one actually but to it i should come through all these)

Code: Select all

first staticbase_ptr = 0x9bc394
second staticbase_offset = 0x598
third is skillBuffFlag_offset = 0xEC
fourth is mycustom_offset = 0xB4
I want to change and freeze the value on 0xB4 last offset from 1 to 3 for ex.

Do i do this like this or not?

Code: Select all

charptr_addr = memoryReadInt(proc, staticbase_ptr) + staticbase_offset;
skillbuff_addr = memoryReadInt(proc, charptr_addr,  skillbuffFlag_offset);
mycustom_value = memoryReadIntPtr(proc, skillbuff_addr,  mycustom_offset);
i'm not good with using these mem functions :(

One more try and i'm out of guessess:

Code: Select all

charptr_addr = memoryReadIntPtr(romProcess, staticcharbase_address, charPtr_offset);
	skillbuff_addr = memoryReadIntPtr(romProcess, charptr_addr,  skillbuffFlag_offset);
	mycustom_addr = memoryReadIntPtr(proc, skillbuff_addr,  mycustom_offset);
	myValue = memoryReadInt(romProcess, mycustom_addr);
How do i change the value in memory and keep it that way (freeze)?

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#34 Post by Administrator » Thu Mar 24, 2011 11:08 am

Tsutomu wrote:

Code: Select all

first staticbase_ptr = 0x9bc394
second staticbase_offset = 0x598
third is skillBuffFlag_offset = 0xEC
fourth is mycustom_offset = 0xB4
I want to change and freeze the value on 0xB4 last offset from 1 to 3 for ex.

Do i do this like this or not?

Code: Select all

charptr_addr = memoryReadInt(proc, staticbase_ptr) + staticbase_offset;
skillbuff_addr = memoryReadInt(proc, charptr_addr,  skillbuffFlag_offset);
mycustom_value = memoryReadIntPtr(proc, skillbuff_addr,  mycustom_offset);
No. Reading memory will have no effect on it's value.

Code: Select all

memoryWriteIntPtr(proc, staticbase_ptr, {staticbase_offset, skillBuffFlag, mycustom_offset}, value);
How do i change the value in memory and keep it that way (freeze)?
By re-writing it continually. That's all a "freeze" is.

User avatar
Tsutomu
Posts: 77
Joined: Thu Mar 24, 2011 1:50 am

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#35 Post by Tsutomu » Fri Mar 25, 2011 5:50 pm

Thanks for the info. I've learned much about micromacro memory functions, i feel a bit confident about that now. ;)
There is only one function it's missing.

Code: Select all

VirtualProtectEx(opClient, (void *) 0x0091D3B4, 4, PAGE_READWRITE, &oldData); //This address is protected from modification, let's fix that.
A function that edits the flag of the memory address.

If we need to make it readwrite, i think no function in micromacro for that. :(
At least not in online library.

Is there any way to change the memory address flag to writable in micromacro?
Thanks in advance.

User avatar
Administrator
Site Admin
Posts: 5312
Joined: Sat Jan 05, 2008 4:21 pm

Re: [Tutorial] Finding pointers & offsets (Cheat Engine)

#36 Post by Administrator » Sat Mar 26, 2011 1:07 pm

See my post here: http://www.solarstrike.net/phpBB3/viewt ... 588#p19588

If the need arises, I'll add whichever functions are needed.

Post Reply

Who is online

Users browsing this forum: No registered users and 1 guest