Solved Cheat Engine: Pointer Scan

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

KISKE

Game Developer
Meme Tier VIP
Fleep Tier Donator
Jul 27, 2016
168
3,938
16
Hi,
I have a couple of questions about this that I can't find answer in any tutorial.

1) Is there any way to filter a pointer scan, I mean, discard all modules except "module_name.exe", then, save it to use it on future scans over this ?

2) If my first result was something like 223,118,450 results, it's a good sign to stop when I reach 3,000 or less results ?

3) After I reach a few results (500 or less), in many tutorials I hear that doesn't matter which base address I choose, anyone is good, it's that true, why ?

4) Why is there so many "Module.exe"+same_address + different_offsets pointing to the same address ?

Example:
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,101
78,998
2,374
1) Is there any way to filter a pointer scan, I mean, discard all modules except "module_name.exe", then, save it to use it on future scans over this ?


Do a "find what accesses/writes to", find a good working instruction that edits the variable you want. This will give you the last offset.
Select "Show Advanced options"
Go to Cheat Engine Dissect PE Header and find the module you want to scan in, record the starting address and the end address which is imagebase + imagesize.
Put this range into the filter box
Put your offset into the "pointer must have these offsets" box

Best way to filter is to, do a pointer scan, close the game, restart the game, find the variable and then rescan. This will filter out the most bad results the fastest.

2) If my first result was something like 223,118,450 results, it's a good sign to stop when I reach 3,000 or less results ?
I don't stop until I have less than 500, maybe takes 5-10 minutes

3) After I reach a few results (500 or less), in many tutorials I hear that doesn't matter which base address I choose, anyone is good, it's that true, why ?
I don't stop rescanning until each subsequent restart and rescan yields me the same results everytime. Then I know they are all good. And save the pointer scan, if the game updates and breaks the pointer you chose, you can easily select another one unless the update was large enough to break them all

4) Why is there so many "Module.exe"+same_address + different_offsets pointing to the same address ?
Pointer scanner bruteforces all relative pointers, it does not follow the logical relative offsets that the game logic uses so it literally finds every single possible path. You can think of it reading 4/8 bytes from address 0x000000, checking if it points to allocated memory, if it does, it then checks every single offset to see if that address pointers to valid memory, and it just recursively does that for every address & offset until at some step it points to the variable you were scanning for.

Pointers are such an integral part of object oriented programming and relative offsets are how modern computing addresses specific code and data that there will always be many paths. You can basically get from any source address to any destination address by dereferencing pointers and adding offsets. It you take into account the fact that you can use negative offsets there is practically infinite number of pathways.

More simply put for example, both the scoreboard code and the minimap code needs to have a pointer to the player array. They may be the same pointer or there could be 2 pointers, so right there you have 2 pointers for just the scoreboard and minimap objects and there are thousands of objects interacting with each other and they do that using pointers and offsets. Want to get really crazy? Unreal Engine has a linked list that contains every single object in the game, just in simple single player games there can be 800,000+ objects and each one contains a pointer to the previous and next object, giving you bajillions of pointer paths, break out that mainframe for that pointer scan :p
 

KISKE

Game Developer
Meme Tier VIP
Fleep Tier Donator
Jul 27, 2016
168
3,938
16
You are amazing!
Thank you so much.
 

KISKE

Game Developer
Meme Tier VIP
Fleep Tier Donator
Jul 27, 2016
168
3,938
16
Can you explain me a little more about this:
Go to Cheat Engine Dissect PE Header and find the module you want to scan in, record the starting address and the end address which is imagebase + imagesize.
I mean, for example, in this case:


I think the starting address is 10900000 but where I can find the imagebase and imagesize ?
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,101
78,998
2,374
Can you explain me a little more about this:


I mean, for example, in this case:


I think the starting address is 10900000 but where I can find the imagebase and imagesize ?
Expand the PE header node on the table on the right and it lists all the variables in the PE Header including those variables
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods