Pointer Scanner Help

Memory scanning, code injection, debugger internals and other gamemodding related discussion
Post Reply
HailoSir
Noobzor
Noobzor
Posts: 8
Joined: Thu May 18, 2017 3:16 pm
Reputation: 0

Pointer Scanner Help

Post by HailoSir » Thu Aug 03, 2017 6:23 pm

For the GPS 4 : Power and Revolution, I found the value for the postal office which was a green base address but the problem is that I am trying to find the base(base) address for it. Think of it like Services -> whole bunch services with one of them being postal office. So i am trying to get the base address for services. I used the address I got for postal office in the pointer scanner but doesn't this make the pointer scanner useless if the base address doesn't change and if so how would I arrive at the base address for category of services.

Using the Manual Method:
For postal office I got 223A4E8C
Then I used " what writes to this address and got - fstp dword ptr [esi+00000254] / esi - 223A4C38
Checked hex and searched for this value and got 5 results and while the addresses were made into a pointer with the offset which worked for the postal office but I am trying to make for it for the services category. Those 5 addresses never changed and were stuck on the value for postal office when I switched sections.
After using one of the addresses I repeated this step using what accessed this address and it was empty so I am stuck.

PS: I did the exact same thing on the third version of the game GPS3 using the manual method and it only required 1 pointer to make it work for the services category. But another guy who had a similar table had like 4 offsets and while I had 1 so I assumed he used the pointer scanner which is why I am trying it. Do the number of offsets matter?

dl748
Expert Cheater
Expert Cheater
Posts: 105
Joined: Sun Jul 09, 2017 3:17 am
Reputation: 83

Re: Pointer Scanner Help

Post by dl748 » Thu Aug 03, 2017 6:43 pm

Sometimes, the base value (ESI in your case) is an offset. For example, if there is a mov esi, ecx at the beginning of the function, the function call has something like lea ecx, [edi + 000000C4].

So the REAL offset is not 0x254, but 0x318.

Mostly, but not always, if the base address does not end in a zero, you probably haven't found the beginning of the "record". Usually if I search for an address and ONLY find values in a thread stack. It means the address is calculate some how. Sometimes values will pass through a stack, in that case you should use the non stack values you find.

To find out, you generally have to go down the stack. When using the "what * to this address", you can right click the asm line, and select "More Info" then in that window click the "S" button. You can recurse the stack following the value until you find where its being modified.

HailoSir
Noobzor
Noobzor
Posts: 8
Joined: Thu May 18, 2017 3:16 pm
Reputation: 0

Re: Pointer Scanner Help

Post by HailoSir » Thu Aug 03, 2017 6:59 pm

Should of mentioned that its been around a week and everything I know about CE is limited to AOB injection, pointer scanner, and the manual multilevel pointer thing with very limited assembly knowledge. So I have to ask what is a thread stack and how do I identify non stack values?

Is there a tutorial about these specifically?

TheByteSize
Expert Cheater
Expert Cheater
Posts: 152
Joined: Sat Mar 04, 2017 7:28 am
Reputation: 74

Re: Pointer Scanner Help

Post by TheByteSize » Mon Aug 07, 2017 11:48 pm

The Find Pointer feature isn't a good method any more. It's better to use Find What Access this Address and narrow down to an instruction and use the address stored within the Register as base pointer.

dl748
Expert Cheater
Expert Cheater
Posts: 105
Joined: Sun Jul 09, 2017 3:17 am
Reputation: 83

Re: Pointer Scanner Help

Post by dl748 » Wed Sep 06, 2017 5:36 am

I use that feature to find the pointers down to a static address.

Post Reply

Who is online

Users browsing this forum: No registered users