Cheat Engine

zonemikel · Newbie cheater Reputation: 0 Joined: 20 Dec 2007 Posts: 18

Ok i have been searching for a string. I find the string then i do a "pointer scan for this address" i do like a level 6 and get about 400 results.

Then i restart game/computer or go to another computer and find the same string then i load the result of that "pointer scan for address" and put the new address(remove invalid pointers) and it returns zero. So it finds tons of addresses but when you restart none of them work.

do i just keep going up in level ? I just did a level 8 and found 22 then i restarted and none of them were valid.

I have found tons of other stuff this way, but this dont seem to be working, any ideas ? I could just do like lvl 10 but that takes forever i will do it but i just want to know if thats what i "should" do

tia

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

Depends on what the game is, You have not said what game. So the answers you will get are random.

example: flash games. If you find a pointer, it will definitely change after restart of the game.

Regular game, Your getting a code shift.

zonemikel · Newbie cheater Reputation: 0 Joined: 20 Dec 2007 Posts: 18

Its a mmorpg (shadowbane) i just did a search for up to 15 level pointers and found some 25k results after restarting game 0 pointed to the right place Sad

what do you mean by a "code shift" and is there any way around it ?

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

Any level 1 pointers? Or any less then 4?

Also, try altering assembly instruction that you find that write to the address or read/access it.
Be sure to use module+remainder of the offset so it can calculate the address from the base address of the module you are in.

zonemikel · Newbie cheater Reputation: 0 Joined: 20 Dec 2007 Posts: 18

The assembly address that writes to it is normally a function that handles allmost all text that goes out to the screen. It moves it around and stuff. so if i edit that it normally crashes because it might work for the string im working with but not every string printed to the screen..

im gonna do a lvl2 scan see what i get

oh the base address "sb.exe" is always the same 0x400000 i think thats what you mean.

well maybe there aren't any >4 level pointers i looked found nothing.

this is what reads it im not the greatest at asm but when i put a bp on this it breaks for all kinds of other text, so its not just the text im looking for i wish it was.

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

Looking in text, the first one you find is not static?
Yeah you will need to manually look for a pointer and see what
[ESP+8]
[ESP+4]

ESP+? is and address so,

ESP = ???????? + offset of 8 Theres 1 pointer,
ESP = ???????? + offset of 4 this is another one.

You will have to try and track it down.

???????? + offset = pointer

It is hard to tel you what to do, since im not in the game and looking as well. But i think your getting the idea since you understood about the base address of the exe/module was 400000.

If you had an address 331290 and base of the module was 400000 your not in your exe. Or the base address of it is not 400000

zonemikel · Newbie cheater Reputation: 0 Joined: 20 Dec 2007 Posts: 18

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

Heh, told yah you wasnt in the exe.

Now manually track down a pointer.

Example:

1. Find out what writes to the address you find. *Read or Access also if nothing useful found.
2. Now click more info on what it found.
You find this: 71a5162f - ff 75 08 - push [ebp+08]

So you see the spot that says:
"The value of the pointer needed to find this address is probably"
02CFFAD4

Ok so in CE you do this:

After you find an address on the left, if it is green you have found the level 1 pointer. If not then you will have to figure your offset from this find.
By subtracting the 2 address's to get the offset.

zonemikel · Newbie cheater Reputation: 0 Joined: 20 Dec 2007 Posts: 18

So just trace it back and write down the offsets, like in your example i would write down -08 for the last offset. I thought thats what cheat engine does ?

Dont get me wrong ive done tons of what your talking about i just thought that the "scan for pointers to this address" would do it much better than i would. Like i would never attempt to find a pointer thats 10 levels deep manually.

So i guess by me doing it manually i will for some reason have better results ?

NE way thanks Labyrinth and merry Christmas.

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

Not sure ce does it that way or not, But it does miss pointers with pointer scan.
I have come across nothing using it, then manually found some level 1 and 3 pointers. So i could not really say how it does it.

One such game right now that no pointers are found using pointer scan is Angels Online.
But i find them manually. So no big deal really.

zonemikel · Newbie cheater Reputation: 0 Joined: 20 Dec 2007 Posts: 18

Well i tried it a few times (find out what reads from this address) it took me to some semi familiar functions that read strings into other functions and stuff like
[eax+ecx*2] but it seems to be crashing all the time, funny it never crashed before. Im gonna peruse other methods. I have reliably found a string but its the players name so different players have different names (lenghts) im gonna try and find how to make their names longer and just leave my menu there.

thanks again

Labyrnth · Moderator Reputation: 10 Joined: 28 Nov 2006 Posts: 6301

I see whats going on, You need to lower the start address from 400000 when doing pointer scan. Since the base you are in is not 400000.
I bet it will find pointers then.

zonemikel · Newbie cheater Reputation: 0 Joined: 20 Dec 2007 Posts: 18

Great idea ill try it.

What about all that other stuff (checkboxes)
"Writable memory as base only" is the only one i have checked