Page 1 of 1
What would this offset be?
Posted: Fri Aug 06, 2021 6:00 pm
by DellianEnt
Firstly apologies. I know these questions get asked a lot but I've really done my best trying to figure this out. It's just well above my very novice skill level at this stage.
The game is Hoard. Simple 2d game on steam.
I can find all my values, fire strength, health, gold capacity, speed etc. I'm trying to make a pointer map to keep it there but I can't narrow it down enough without the offset value.
I'd appreciate any help on this.
Re: What would this offset be?
Posted: Fri Aug 06, 2021 6:34 pm
by DrummerIX
Your probably looking at code that is shared. Either the edx*8 is telling it exactly where to go and edx is probably a number between 0 and some max number. It is probably always the same for whatever value you found.
so it goes something like
Code: Select all
cmp edx,1 (assume edx is 1 for what you want)
jne originalcode
mov [MyPointer],edx
imul [MyPointer],8
add [MyPointer],edi
add [MyPointer,30
originalcode:
blah blah (original code goes here)
Re: What would this offset be?
Posted: Fri Aug 06, 2021 7:42 pm
by aSwedishMagyar
More than likely it is an array and you can simply store the base (EDI) in your allocated pointer and make a record with an offset of 0x42*8+30. Check to see if all of the addresses that go through that instruction have the same base. If they do then that's all you need, no reason to do the multiplication in ASM.
If you want to only get that address and don't care about the rest then just do:
cmp edx,42
jne originalcode
lea eax,[edi+edx*8+30]
mov [MyPointer],eax
originalcode:
mov eax,[edi+edx*8+30]
But it still would make more sense to just get the base, especially since it's easier.
Re: What would this offset be?
Posted: Sat Aug 07, 2021 6:42 am
by Marc
Of course, copying the pointer with code injection is the best way, like DrummerIX and aSwedishMagyar already pointed out.
But since you asked for narrowing down your pointer list: to my knowledge, you can not reliably use the "offset must be xx" filtering in your case.
Instead, you can try two things:
1. reboot the pc, run the game again, search your value, invoke pointerscan and load your last results. filter out all pointer pathes which are wrong by filtering for the new address (not value, address filters out more wrong results)
2. click on the last offset-column of the result list. (Offset 6 or whatever). Cheat Engine will then sort the table by the pointer-length. Try the shortest pathes
Re: What would this offset be?
Posted: Sat Aug 07, 2021 12:29 pm
by DellianEnt
Really appreciate the replies. Thank you! Great opportunity for more learning.