Cheat Engine

[Michaelc]

With a game, I found 5 address, each containing the precise value I specified, but when I select find what access this address and get the hex number and do a 4 bytes search for the pointer, it doesn't return anything with all 5 address that I tried this on!

What do I do now?

thx!

[ParkourPenguin]

Use the pointerscanner.

If you know assembly, you can backtrace the program to look at how it's calculating that address and use that pointer path.

[Michaelc]

i tried running the scanner, but i ended up with like 3 million paths?

How do I know which one is a good one to go after?

[ParkourPenguin]

Restart your computer, find the address of that value again, and rescan the list with that new address.

[Michaelc]

but it apears the address of the said value changes everytime!
how do you get away with rebooting? there has to be a way.

[ParkourPenguin]

That is to be expected. The purpose of finding a pointer to your value is so that you don't have to go through the process of finding it every time. So, do the initial pointer scan, remember where you saved the pointer scan file, restart your computer, find the address again, open the list up again, and rescan that list with the new address.

[Michaelc]

[ParkourPenguin]

There's this, but it only talks about the very basics, oversimplifies a lot of things, and is easy to misconstrue.

You'd be better off getting that address from an instruction that access it. See this topic ("injection copies" section) for information on that.

[cooleko]

ParkourPenguin is giving really good advice. There isn't a shortcut to finding the best pointer or finding the instruction that modifies the value you want.

For pointers, if you have the first offset (for example A0), then when you perform the pointer scan, you can tell the pointer scan that the first offset must be A0 before you start the scan, this will save time and make your searching easier.

Once you have completed the first scan, there is no way around rebooting the computer (or even better yet, using a different computer). You have to reset the state of the game so that you have the best chance to find the correct pointer. Once you log back into the game, find either the value or the address, you can rescan for the value or address. I would recommend using address, as when I use value it seems to take much longer (when searching millions or billions of pointer chains, it can take a few hours). Then you keep rebooting and performing a new rescan until the pointers stop shrinking in value. Once this occurs, you simply try each one and if it breaks after a few games, just select another one from the list.

For the assembly method, it is fairly complicated, but at the same time much easier and less time consuming (until it isnt). (please note that ParkourPenguin referred to using the assembly to find the pointer structure, but this explanation is to use asm to to always edit the value)

Since you seem to want to edit a precise value, I think assembly is the way to go. add all addresses into your address list, change the first address to +1, second address to +2, third address to +3, fourth address to +4, and fifth address to +5. You can be more dramatic (recommended) and use 10, 20, 30, 40, 50 or any values you desire. The objective is to see which address is actually in charge of your value. In game, modify the value by either getting hit, purchasing something, or however you need to.

Observe which address the value changed to. One of the addresses worked (or none of the addresses worked). If none of the addresses worked, then you need to find another way to approach the value you want (such as using item amounts instead of trying to hack gold, then sell those items).

With the value that worked, right click, and select "see what writes" or "see what accesses." I always start with writes and move to accesses if the writes doesn't pan out. This is because instructions that access are typically reused, so will require some extra steps to filter the values.

When you find the instruction that writes, right click and select disassemble this instruction.

Then right click in the memory view and select see what addresses this instruction accesses.

Perform the action that triggered the instruction again. If only one address appears, then you have a strong suggestion you found an instruction that only accesses your value, so it is safe to edit.

Make sure the instruction is selected in memory view, select tools, and select auto-assemble.

In the new window that pops up, just press ok several times to accept the default values (as you become more skilled, you will likely edit the name).

Select Template menu option, AOB Injection, press ok twice.

If the AOB scan works (it will tell you in the aobscanmodule the auto populates), then you can edit the assembly code associated with your instruction to do what you want to do (for instance, set the value to 100 or something).

Here is a helpful guide: forum.cheatengine . org / viewtopic.php?t=570083

Good luck! I find editing the instructions themselves to be much quicker than using pointers (unless the instructions are needlessly complicated).
This guide skipped every more complicated scenario that can arise with ASM, just search google for cheatengine *whatever is confusing to you* and you will find numerous guides or explanations to aid you in your understanding.

[Michaelc]

my game, when run, have 2 game.exe in the task manager window!

Also, my pointer scan of a value of character coordinates returned 0 pointers!

Is it possible that the pointer i am looking for is not in the game.exe i open processed and is in the other game.exe?





also, my extra info windows says

01A16FF0 - fstp qword ptr [edi + 04]



does ptr here mean something special?

when I try to find the pointer like the tutorial taught me, I found out that searching for it by copy and pasting the "The value of the pointer needed to find this address is probably C7E4D920" into the search, it doens't return anything!

Also, C7E4D920 here is exactly the address that i used find out what accessed it. I mean, I searched for my x coordinate and found 5 addresses that have it, and while checking out the extra info with the "find out what access this address, the value it recommends to try is the same address I already have with the value scanning!





I am not trying to change a few numbers in the game, I am trying to extract useful information such as health or coordinates so I can use it in my bot that will be smart enough to play the game for me. So not going for editing here.

[ParkourPenguin]

Those are two different processes with two different virtual address spaces. I doubt it contains a pointer to a value in another process.

I'm guessing you left all the pointer scan settings at their default values. Try increasing the max level and/or max offset until you do find something.

"qword ptr" means the value at the memory address that instruction is accessing is 8 bytes long. The only thing that means is that you're working with a double value.

The reason why you're not finding anything by searching for the pointer manually is probably because the game already offset the edi register from the base of the structure that double is a part of. Something like this:

[++METHOS]

Depending on the target, you may be out of luck using traditional methods.

If you can provide the name, platform/environment and language of the target, it might help to determine how you should proceed. For example, if the game is java-based, online or being emulated etc.. may all have different answers.

[Michaelc]

star Ward the old republic. online game. win 10 64bit

IS it allowed to talk about online game?
i am trying to write a bot, not to change my health or money.
thx

[Michaelc]

"what access this address" gave me a hex number, but this number cannot be found in new scan!

[++METHOS]

That's an MMORPG with paid subscription. You're probably not going to have any luck with that. Also, such games are prohibited for discussion here.