Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Finding code that writes to changing pointer

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine
View previous topic :: View next topic  
Author Message
rphii
How do I cheat?
Reputation: 0

Joined: 19 Aug 2022
Posts: 6

PostPosted: Fri Aug 19, 2022 11:11 am    Post subject: Finding code that writes to changing pointer Reply with quote

I have a (multilevel) pointer to a value that (I assume) gets assigned a value once I load into a level in a game:

That value represents an enemy type. When I replace that value before a certain point with a different enemy value, that enemy gets successfully replaced in game, once fully loaded. If I don't replace the value next time I load into the level, it is back to it's default one. (That's why I assume it gets a value assigned)

I want to know what is writing to that value.

The problem is that pointer keeps changing when loading into a level and, when outside, the value is unknown (question marks). It only starts to appear once I set a breakpoint before that a point (mentioned two paragraphs above).

Below are some examples of that pointer when I loaded into that level consecutively. I believe it's impossible to tell to which point it points next.
P->239594CC4F0
P->239598AF950
P->23959A3B5D0
P->23959AEFF90

To my knowledge that 'certain point' is already the earliest one I could set a breakpoint to, meaning, it really only breaks once I'm loading the level. Any single point before that and the game keeps pausing, even while in the menu...

Is there any way I could set a breakpoint once that pointer changes?
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Fri Aug 19, 2022 12:51 pm    Post subject: Reply with quote

Make a copy of your pointer, delete the last offset until the pointer exists outside of the level. Find what accesses that pointer as you enter the level. Now for each of those instructions, see which one is followed by a write to the next offset. The one you find that matches your offsets is the correct address. How you can hook from there.

For example:

Pointer is game.exe +A] +B] +C
Delete C, does the pointer resolve? If yes, proceed and look for the next instruction(s) in the instruction list for one that uses the offset C in a subsequent instruction.

If not, Delete B, and so forth.
Back to top
View user's profile Send private message
rphii
How do I cheat?
Reputation: 0

Joined: 19 Aug 2022
Posts: 6

PostPosted: Fri Aug 19, 2022 1:47 pm    Post subject: Reply with quote

Quote:
Find what accesses that pointer


Oh yea, that's one approach I see genuinely working...

Just to be really clear, I should press: "Find out what accesses this address" and then "Find out what accesses this pointer" and NOT "Find out what accesses the address pointed at by this pointer" ?
Back to top
View user's profile Send private message
cooleko
Grandmaster Cheater
Reputation: 11

Joined: 04 May 2016
Posts: 717

PostPosted: Fri Aug 19, 2022 8:50 pm    Post subject: Reply with quote

That might actually work faster than the method I suggested. I never use the pointer one, just the address. So the pointer one very likely already does what I layed out.
Back to top
View user's profile Send private message
rphii
How do I cheat?
Reputation: 0

Joined: 19 Aug 2022
Posts: 6

PostPosted: Sat Aug 20, 2022 8:49 am    Post subject: Reply with quote

Okay, I now tried everything you suggested and more, forwards, backwards, several times... Without success :I

Either it doesn't work for my case (which I believe) or I did something wrong.

I'm almost out of ideas, on what to do. Still sane, but if someone has any other idea/approach/method or whatever, please, speak your mind Very Happy
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sat Aug 20, 2022 10:22 am    Post subject: Reply with quote

I'm pretty sure "Find out what accesses this pointer" only watches the base address. You'll have to watch each node of the pointer path individually to see which one is breaking it.

I'd open the "Change address" window to view the pointer path, note the values of each node, do whatever in game, and see which of them change.
e.g. if one node says "[0C543128 + 154] -> 21E57870" one iteration and "[0C543128 + 154] -> 359B4B30" the next iteration, that node changed its value. Add the address "0C543128 + 154" to the address list and see what's writing to it.

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
rphii
How do I cheat?
Reputation: 0

Joined: 19 Aug 2022
Posts: 6

PostPosted: Sat Aug 20, 2022 1:39 pm    Post subject: Reply with quote

Quote:
I'm pretty sure "Find out what accesses this pointer" only watches the base address.


Good to know... I followed your suggestion and did find some things.

Quote:
see what's writing to it.


There are some results that pop up and seem promising. Not quite sure what I can begin with those... I assumed that the best course of action is to set a breakpoint on them.

I also followed it up with a break+trace somewhere around there. I found reads from that pointer/address that I'm looking for, all of which I already knew about. With that however, my original problem is not solved, because there is still an instruction that writes to there... Which happens before that.

I forgot to mention this beforehand, but I'm assuming that the address I'm searching for is in a block of (dynamically) allocated memory... I found this topic number "php?t=1213" (can't post links) with the point 69. However, in my quick search for how to use that feature, I sadly didn't find much info about it.

I haven't given up yet. I mean, I accidentally found the main game loop and the windows layer. LOL. But honestly, I'm slowly running out of ideas. My next one seems quite stupid, (please tell me if it is) I'd set a breakpoint on each conditional jump in each function and sub-function to see which one interrupts the moment when I load the level... Then, I could do a break+trace to finally figure out what writes to that address...
Back to top
View user's profile Send private message
ParkourPenguin
I post too much
Reputation: 138

Joined: 06 Jul 2014
Posts: 4275

PostPosted: Sat Aug 20, 2022 5:51 pm    Post subject: Reply with quote

rphii wrote:
I'd set a breakpoint on each conditional jump in each function and sub-function...
Every conditional jump in the game? I think you underestimate how many there are.

Look into Ultimap / Ultimap 2 / Code Filter first. (Memory View -> Tools menu)

_________________
I don't know where I'm going, but I'll figure it out when I get there.
Back to top
View user's profile Send private message
rphii
How do I cheat?
Reputation: 0

Joined: 19 Aug 2022
Posts: 6

PostPosted: Sat Aug 20, 2022 11:14 pm    Post subject: Reply with quote

Not every conditional jump, but those near the main game loop. I know there are many, but doing something instead of nothing is better, right? Kappa


About Ultimap / Ultimap 2 : It says something like 'only supported on Intel CPUs' but I have an AMD one, so that's a bummer.

Although, thanks for reminding me of Code Filter. I actually already tried it once, however it immediately crashed the game. Right now I opened the window and I remember there are a few buttons which I didn't check out what they really do (or how to use them properly). I'll thoroughly inform myself about Code Filter, guess that would be a better way to start than going with my idea.

Quick update:

I think I found it with the help of the code filter. The game does still crash, albeit only while in a level (in level selector it's just fine). I pressed "from unwind info", then "start", and in the level selector I could enter the level. The game didn't fully let me in, aka it blacked out and there was probably some error. But I did see that the address was written. With that I then could filter it down. The next time it (often) didn't crash my game anymore.

This isn't really important, but just as a fun fact: If it is true that I really did find it, it's in a function that is stupidly often accessed by other stuff... And, it's using xmm registers. Time to investigate how that works.

Anyways, I think this case is closed, thanks to you two that tried to help me.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites