Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


When dissecting memory around found addresses...

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
infiniteDreams83
How do I cheat?
Reputation: 0

Joined: 30 Oct 2017
Posts: 3

PostPosted: Tue Nov 14, 2017 4:34 pm    Post subject: When dissecting memory around found addresses... Reply with quote

So, lets say I find the address of the players health. From here, naturally I would load this address up in Memory Dissect or ReClass to see what's hanging around these addresses...

This got me thinking though...

What if this is a dynamic address?

Would I want to pointer scan, find a static base address, then do all this memory dissecting from that address...?

Or is the idea here to dissect the data structure of the found health value (which thinking about it, would probably be an instance of the player object in memory)... and after that, use the pointer scanning to find a way to get near that structure again wherever it loads dynamically?

As a side note: What is normally hanging around the memory by base pointers...? What I mean by that is, lets say I find a base address to a pointer than leads me down to an instance of my player... what would be common around those memory regions? Or is there not much to be expected around there... (trying to picture how the code gets mapped live into memory... would this be the address to a class definition, or perhaps a virtual class? Just spit balling here).

Hope that makes sense... Trying to confirm ideas in my mind as I learn...

Smile
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 198

Joined: 25 Jan 2006
Posts: 8516
Location: 127.0.0.1

PostPosted: Tue Nov 14, 2017 5:18 pm    Post subject: Reply with quote

The structure is going to remain the same regardless of doing the dissection at the data itself or from its base pointer. So either way is fine to do. If the memory moves often though, it does help to do it from a pointer instead so you don't have to keep manually updating the tool you use with the new address.

Pointers are generally referenced in functions. For example:
Code:
.text:00000000                 mov     eax, [esp+arg_0]
.text:00000000                 mov     edx, dword_12345678 <== Here is a pointer inside of a function.
.text:00000000                 mov     byte_12341234, 0
.text:00000000                 sub     esp, 800h
.text:00000000                 lea     eax, [eax+eax*2]
.text:00000000                 shl     eax, 3
.text:00000000                 push    esi


The pointer is referenced in the function and then used later on to point to the data needed to be read.

_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites