|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
rphii How do I cheat? Reputation: 0
Joined: 19 Aug 2022 Posts: 6
|
Posted: Fri Aug 19, 2022 11:11 am Post subject: Finding code that writes to changing pointer |
|
|
I have a (multilevel) pointer to a value that (I assume) gets assigned a value once I load into a level in a game:
That value represents an enemy type. When I replace that value before a certain point with a different enemy value, that enemy gets successfully replaced in game, once fully loaded. If I don't replace the value next time I load into the level, it is back to it's default one. (That's why I assume it gets a value assigned)
I want to know what is writing to that value.
The problem is that pointer keeps changing when loading into a level and, when outside, the value is unknown (question marks). It only starts to appear once I set a breakpoint before that a point (mentioned two paragraphs above).
Below are some examples of that pointer when I loaded into that level consecutively. I believe it's impossible to tell to which point it points next.
P->239594CC4F0
P->239598AF950
P->23959A3B5D0
P->23959AEFF90
To my knowledge that 'certain point' is already the earliest one I could set a breakpoint to, meaning, it really only breaks once I'm loading the level. Any single point before that and the game keeps pausing, even while in the menu...
Is there any way I could set a breakpoint once that pointer changes?
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Fri Aug 19, 2022 12:51 pm Post subject: |
|
|
Make a copy of your pointer, delete the last offset until the pointer exists outside of the level. Find what accesses that pointer as you enter the level. Now for each of those instructions, see which one is followed by a write to the next offset. The one you find that matches your offsets is the correct address. How you can hook from there.
For example:
Pointer is game.exe +A] +B] +C
Delete C, does the pointer resolve? If yes, proceed and look for the next instruction(s) in the instruction list for one that uses the offset C in a subsequent instruction.
If not, Delete B, and so forth.
|
|
Back to top |
|
|
rphii How do I cheat? Reputation: 0
Joined: 19 Aug 2022 Posts: 6
|
Posted: Fri Aug 19, 2022 1:47 pm Post subject: |
|
|
Quote: | Find what accesses that pointer |
Oh yea, that's one approach I see genuinely working...
Just to be really clear, I should press: "Find out what accesses this address" and then "Find out what accesses this pointer" and NOT "Find out what accesses the address pointed at by this pointer" ?
|
|
Back to top |
|
|
cooleko Grandmaster Cheater Reputation: 11
Joined: 04 May 2016 Posts: 717
|
Posted: Fri Aug 19, 2022 8:50 pm Post subject: |
|
|
That might actually work faster than the method I suggested. I never use the pointer one, just the address. So the pointer one very likely already does what I layed out.
|
|
Back to top |
|
|
rphii How do I cheat? Reputation: 0
Joined: 19 Aug 2022 Posts: 6
|
Posted: Sat Aug 20, 2022 8:49 am Post subject: |
|
|
Okay, I now tried everything you suggested and more, forwards, backwards, several times... Without success :I
Either it doesn't work for my case (which I believe) or I did something wrong.
I'm almost out of ideas, on what to do. Still sane, but if someone has any other idea/approach/method or whatever, please, speak your mind
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Sat Aug 20, 2022 10:22 am Post subject: |
|
|
I'm pretty sure "Find out what accesses this pointer" only watches the base address. You'll have to watch each node of the pointer path individually to see which one is breaking it.
I'd open the "Change address" window to view the pointer path, note the values of each node, do whatever in game, and see which of them change.
e.g. if one node says "[0C543128 + 154] -> 21E57870" one iteration and "[0C543128 + 154] -> 359B4B30" the next iteration, that node changed its value. Add the address "0C543128 + 154" to the address list and see what's writing to it.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
rphii How do I cheat? Reputation: 0
Joined: 19 Aug 2022 Posts: 6
|
Posted: Sat Aug 20, 2022 1:39 pm Post subject: |
|
|
Quote: | I'm pretty sure "Find out what accesses this pointer" only watches the base address. |
Good to know... I followed your suggestion and did find some things.
Quote: | see what's writing to it. |
There are some results that pop up and seem promising. Not quite sure what I can begin with those... I assumed that the best course of action is to set a breakpoint on them.
I also followed it up with a break+trace somewhere around there. I found reads from that pointer/address that I'm looking for, all of which I already knew about. With that however, my original problem is not solved, because there is still an instruction that writes to there... Which happens before that.
I forgot to mention this beforehand, but I'm assuming that the address I'm searching for is in a block of (dynamically) allocated memory... I found this topic number "php?t=1213" (can't post links) with the point 69. However, in my quick search for how to use that feature, I sadly didn't find much info about it.
I haven't given up yet. I mean, I accidentally found the main game loop and the windows layer. LOL. But honestly, I'm slowly running out of ideas. My next one seems quite stupid, (please tell me if it is) I'd set a breakpoint on each conditional jump in each function and sub-function to see which one interrupts the moment when I load the level... Then, I could do a break+trace to finally figure out what writes to that address...
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Sat Aug 20, 2022 5:51 pm Post subject: |
|
|
rphii wrote: | I'd set a breakpoint on each conditional jump in each function and sub-function... | Every conditional jump in the game? I think you underestimate how many there are.
Look into Ultimap / Ultimap 2 / Code Filter first. (Memory View -> Tools menu)
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
rphii How do I cheat? Reputation: 0
Joined: 19 Aug 2022 Posts: 6
|
Posted: Sat Aug 20, 2022 11:14 pm Post subject: |
|
|
Not every conditional jump, but those near the main game loop. I know there are many, but doing something instead of nothing is better, right? Kappa
About Ultimap / Ultimap 2 : It says something like 'only supported on Intel CPUs' but I have an AMD one, so that's a bummer.
Although, thanks for reminding me of Code Filter. I actually already tried it once, however it immediately crashed the game. Right now I opened the window and I remember there are a few buttons which I didn't check out what they really do (or how to use them properly). I'll thoroughly inform myself about Code Filter, guess that would be a better way to start than going with my idea.
Quick update:
I think I found it with the help of the code filter. The game does still crash, albeit only while in a level (in level selector it's just fine). I pressed "from unwind info", then "start", and in the level selector I could enter the level. The game didn't fully let me in, aka it blacked out and there was probably some error. But I did see that the address was written. With that I then could filter it down. The next time it (often) didn't crash my game anymore.
This isn't really important, but just as a fun fact: If it is true that I really did find it, it's in a function that is stupidly often accessed by other stuff... And, it's using xmm registers. Time to investigate how that works.
Anyways, I think this case is closed, thanks to you two that tried to help me.
|
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|