| View previous topic :: View next topic |
| Author |
Message |
tuxlu
How do I cheat?
![]() Reputation: 0
Joined: 24 Sep 2023
Posts: 9
|
 Posted: Sun Sep 24, 2023 2:05 pm Post subject: need explanation on the principle of pointer map |
 |
|
Hi!
I'm doing a presentation on Cheat Engine and now I want to be sure how the features I use really work...
So for pointer maps, is thie stackoverflow post "About Pointer Scanning" correct?
summarised, it says pointer map searches recursively in the game code for uses of the searched address, then for offsets like | Code: | | add [(addr-08) + 08, 42] |
what I don't understand really, is that dynamic debugging (find out what accesses this address feature ) finds only a few pertinent adresses, when pointer map always finds 10 000+ adresses. (thus the need to do multiple maps to generate a pertinent .PTR)
what obvious thing did I miss?
I know Guided Hacking has a detailed article on this, but I won't pay 75$ just for this answer :/
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Sun Sep 24, 2023 3:05 pm Post subject: |
|
|
Addresses don't get accessed if the code that accesses them doesn't run.
The overwhelming majority (>99.99%) of the pointer paths found by the pointer scanner are just a coincidence- e.g. offsets that exceed the size of the structure pointed at.
Basically, the pointer scanner can be dumbed down into this recursive operation:
1. Address is given to the pointer scanner
2. Scan for pointer values between (address - max_offset) and (address)
3. For each result, go back to step 1
There's lots of other small details
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
tuxlu
How do I cheat?
![]() Reputation: 0
Joined: 24 Sep 2023
Posts: 9
|
| Posted: Sun Sep 24, 2023 3:18 pm Post subject: |
|
|
ok, so it searches between (address - max_offset) and (address) and it often finds results that don't point yet to the adress but that could because the offset is a register?
like | Code: | | add [(addr-rax) + rax, 42] |
thanks for the quick reply 
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4719
|
| Posted: Sun Sep 24, 2023 7:03 pm Post subject: |
|
|
| tuxlu wrote: | | it often finds results that don't point yet to the adress but that could because the offset is a register? |
No. The pointer scanner has no concept of registers, debugging, or assembly in general. It's all just pointers- 8-byte integers (in a 64-bit process).
Set the "Value Type" combobox to 8-byte and the "Scan Type" to "Value between". That's basically what the pointer scanner is doing- just scanning for values.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25833
Location: The netherlands
|
| Posted: Mon Sep 25, 2023 12:27 am Post subject: |
|
|
That's why it's important to have a 2nd pointermap from a different instance to compare against. That way you won't be spendibgvtime writing several terrabytes of invalid potential paths but only paths that where valid between 2 different runs
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
tuxlu
How do I cheat?
![]() Reputation: 0
Joined: 24 Sep 2023
Posts: 9
|
| Posted: Mon Sep 25, 2023 3:38 am Post subject: |
|
|
So it's a simpler functioning than what I tought,
now I understand why you have 200K+ results with only 1 pointer map.
thanks again for your help.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
