Cheat Engine

x86asm · How do I cheat? Reputation: 0 Joined: 11 May 2016 Posts: 8

Say the address of our pointer is 0x1000. At 0x1004 we have player health. At 0x1100 we have player mana. At 0x1500 we have player ammo
------------------------------
Suppose we only know the player health at 0x1004 and we want to find the offset for mana (0x100 but we dont know that) and ammo (0x500 but we dont know that)

How can I find this out? Is there any way to find every instruction that accesses our pointer + some offset? Like say these instructions exist somewhere in memory:

1) 0x12345678: mov eax, [esi+0x100] ;esi=0x1000
2) 0x13231111: mov eax, [esi+0x4] ;esi = 0x1000
3) 0x13888888: mov eax, [esi+0x500] ;esi = 0x1000

How can we find them? In other words, if I know for a fact I have some pointer which will point to a bunch of different things like player health, blablabla, how can I find everything this pointer points to?

ParkourPenguin · Posted: Sat Jul 23, 2016 8:40 pm Post subject:

Look at how the game accesses those addresses.

For example, you find an address. Go to some address later on, find out what's accessing it, and if the difference between the offsets in instructions that accesses those addresses is the same as the distance away you moved in memory, they're very likely in the same structure. When you get to the point where nothing matches up like this anymore, you're probably at the end of the structure.

To figure out what kind of stuff is in a structure, you look at it. If you don't know what a particular value is, either change it or look at how the game uses it.

x86asm · How do I cheat? Reputation: 0 Joined: 11 May 2016 Posts: 8

According to somebody else who has already analyzed the game, the offsets are all over the place and aren't ordered like you would expect them to be. I.e. X,Y,Z aren't ordered sequentially in memory, but instead have random offsets with no relation to each other

ParkourPenguin · Posted: Sat Jul 23, 2016 9:21 pm Post subject:

And according to the information in your first post, what I said is valid.

Let's say you find the address of your health.
You see something that looks like mana 0xFC bytes after the address of your health.
You find out what instructions access those addresses and that the common offsets are 0x4 for your health and 0x100 for your mana.
You notice 0x100 - 0x4 = 0xFC, the exact amount of bytes away your mana is from your health.
This probably means your mana and your health are in the same structure since they're accessed from a common base address.

I never claimed everything would be ordered sequentially, nor did you ask about that. There is no rule or standard applicable to every type of program dictating the storage of analogous values.

atom0s · Posted: Sat Jul 23, 2016 9:25 pm Post subject:

Overall it depends on the game. Not every game is setup / designed the same way, and not every game is compiled in the same language. Different languages treat things in different manners. While one language may compile an object down into a block of memory easily mapped back to the original, not all languages are that elegant for a reverse engineer.

Things can be attached to others as well depending on the language. For example in C++, you could have a player object that inherits from other base objects, as well as includes pointers to other objects after that. Such as: