Mrxdot wrote: ↑Sun Nov 24, 2019 6:20 pm
First of all thank you! Secondly, How find structers or pattern with CE in FM? Do you have a chance to make a tutorial?
I'm willing to give limited advice but I'm not going teach how to use CE in general and I don't really have time to write wikis or tutorials. There are better forums and tutorials here and on ce site for that kind of thing. I'm willing to share my findings if that helps but might be to advanced for some that are not familiar with CE or programming so might not actually be useful to everyone.
Obviously first thing is game is 64-bit so all pointers are 64 bit/8 bytes long. Next is that the game is definitely written in C++ and uses multiple class inheritance which leads to virtual function tables (aka vtables). This manifests in that every class has a pointer to an array of functions as the first 8 bytes in the class. There might be offsets to other inherited classes around this vtable managed by the compiler which i have used to move between person/player/staff for instance.
I'm pretty sure they use STL for collections (this is because most lists have a begin, end, allocated end). This means makes it easier to locate collections since the pointers will usually have 3 pointer in sequence where the second and third pointer are frequently the same value (which is the end of data and end of allocated memory) and the first pointer is usually slightly lower than the second. Size of the array is not stored in STL but the start and end pointers are. One can expect repeating blocks of the same ordered memory.
Also they do not use general purpose heap allocators for everything but use per class allocators. This is useful because you can find all similar structures as they are mostly gathered in same place and you can use that the memory before and after that class since it is of the same time and the vtable pointers (if the class is virtual) will be beginning and end of class and be used to figure out how big the class is since the next class will start with the same vtable pointer.
Regarding CE, one of the useful and under utilized features is the Dissect Data Structures dialog. This is a tree of structures that can automatically dissect and guess what data types the memory is like pointer or float or string. I included a zip of classes I dissected in the past in the first post but it is by no means complete and I've probably changed that a bit since last posting.
The way I tend find pointers now is now that I found the function which seems to be related to selecting and showing a screen. That is the "Update on Focus Change" script which is called once per window change. I get the class being selected and copy it to the basSelect pointer and then use the vtable pointer to determine what kind of object it is. No easy way to know what it is other than manual testing and correlating but the vtable is very stable per executable.
Anyway now that there is a means of collecting information about what is selected you can use that pointer in the Dissect Data Structures window to inspect several of the same class side by side. So put 3 players in that windows by adding additional addresses and using the current basSelect (or basPerson). Hint either put the address directly or type [basSelect] or [basPerson] or whatever in the address field. Then select the correct Structure from the Structures list. For example, for players I might use [basPlayer] and the Player structure or [basPerson] and the Person structure or [basComp] and the Competition Structure or [basClub] and the Club structure ....
Some things to note, if you build a big list of vtables pointers then you can use those pointers to determine what kind of structure is a child structure might be. I find the FM20 Editor to be very useful especially with competitions as you can import/export the contents of a complete competition to XML and then compare values in memory to figure things out. Also a lot of structures follow a pattern where there is a Unique ID (UID) that is shown in Debug modes and in the FM20 Editor. So you can use those UIDs to compare what is in game with what is in the editor of a database you loaded. Also FM20 editor is useful as you can make changes to something in the database and create a new game with that and then see if it shows up in memory. This is very slow way of doing things but I suppose it works. The problem with FM is that you might find these values but then they are only used for display purposes and are not used in game mechanics.
Once you have values figured out then you can use the "Find out what access/writes to this address" feature of CE to figure out what functions do what. I used this to find out what was using the vtable for example to find the select function. Also used to find what functions were changing player/staff attributes.
Finally, I guess you can use tools like IDA Pro or Ghidra to reverse the binary extract classes get C code from functions. I have issues with that with this game so dont really recommend it but in theory could be useful. Ghidra has issues with this game and will parse the exe forever so you just need to cancel auto-analyze at some point.