Page **1** of **1**

### Trying to find a pointer in Trove

Posted: **Sat Jan 09, 2021 3:02 pm**

by **xshiro5**

Hi guys, I've spent the entire day trying to figure it out on my own, but couldn't figure it out. I have a very basic understanding of CE in general, but I've seen a few tutorials. I want to find the pointer with offsets to increase the movement speed from the stats table. This is possible, I even have the script for the last version (before update), if that could help anyone help me. Trove has an encryption system meaning I can't enter the values that I see in game, however, I don't know how to find these values. Some people on the forums suggest to convert the float number to hexadecimal and xor it with the key that can be found in the beginning of the AOB. I tried googling what that means exactly, but it's either too vague or too specific. After finding the actual adress I would know how to find the pointer. Thanks for the help.

### Re: Trying to find a pointer in Trove

Posted: **Sat Jan 09, 2021 9:22 pm**

by **SinGul4ritY**

xshiro5 wrote: ↑Sat Jan 09, 2021 3:02 pm

convert the float number to hexadecimal and xor it with the key that can be found in the beginning of the AOB. I tried googling what that means exactly, but it's either too vague or too specific. After finding the actual adress I would know how to find the pointer. Thanks for the help.

hey xshiro5

sry i am just wondering as i don't own this game so i am prolly not of any use, but since i am currently working on an old game which is XORing some in-game values since later updates ( Geometry Wars Envolved )

You are mentioning that the AOB in the table contains the actual value so maybe you can find the address by searching that AOB but without the key part?

The address to be used is the address of the found AOB minus the XOR value ( 4 bytes if float ) minus the length of the instruction... see below: 35 or 81 F? ( 1 byte or 2 bytes )

i.e minus the length of the keypart in the AOB you mentioned

Code: Select all

```
-- LUA function for GW3: removing all encryption
RemoveXor("3532547698") -- 35 32 54 76 98 xor eax,98765432
RemoveXor("3578563412") -- 35 78 56 34 12 xor eax,12345678
RemoveXor("81F?32547698") -- 81 F? 32 54 76 98 xor e?x,98765432
RemoveXor("81F?78563412") -- 81 F? 78 56 34 12 xor e?x,12345678
```

Code: Select all

```
for example for xor eax,98765432:
with the opcode + key 35 32 54 76 98
AOBfound=AOBScan('3532547698blablablablabla' ,'-W+X')
AOBfound+01:
// next 4 bytes is the XOR value
```

without the instruction

Code: Select all

```
AOBfound=AOBScan('blablablablabla' ,'-W+X')
AOBfound-04:
// next 4 bytes is the XOR value
AOBfound-05:
// opcode + 4 bytes (float value)
or
AOBfound-06:
// 2 opcodes + 4 bytes (float value)
```

after that you can XOR it to decode it with the key in the AOB

change it

encrypt it again ( XOR with the same key )

but that needs a bit of LUA / CE scripting understanding ( see forums )

** note that this all is still only used to find the address of the code accessing it

** you can use it to make an actual pointer of it but you still working with a XORed value

### Re: Trying to find a pointer in Trove

Posted: **Sun Jan 10, 2021 6:05 am**

by **SinGul4ritY**

I just realized this is probably totally not helpful at all

oops

### Re: Trying to find a pointer in Trove

Posted: **Tue Jan 12, 2021 3:20 pm**

by **AddictedToCodes**

So you found the address which you can change for bigger/smaller movement speed?