Solved Help finding the entity list for bots in America's Army 2.8.3

[Luke04]

Game Name

America's Army Operations 2.x

Anticheat

Punkbuster

How long you been coding/hacking?

4 years coding, 2 months hacking

Coding Language

C++, C#

Hello everybody,

I was trying to figure out the entity list for bots in the old game America's Army: Special Forces.
I thought I could do it like I did it in Assault Cube, like in the tutorials I've seen, but when I find the health adress of a bot, and try to figure out what points to it, I get the same adress suggested as a pointer as the one that I already have and that holds the value of the bot's health -> the health value adress does not seem to have a pointer to it!

So how will I be able to find the entity list?
I already did try to close the game, find the health adress of a random bot again and do pointer scans each time, but it does not work.
A screenshot illustrating the problem:

Additional Info:
The game I used is called 'America's Army', the version is ' 2.8.3'.
You can also use 2.8.4 or 2.8.5, you can get it for free (google).
In game I used the map interdiction, I open it up offline like this:

Open console by pressing ^
command:
open interdiction

Once the map loaded, use god mode, ghost and get a weapon.
commands:
ghost
god
class r


Thanks in advance for your help!

 

[Rake]

the suggested pointer value is the same as the bots health address:

You either don't understand how pointers work or have a proper understanding of how this process works.

In the first screnshot:
[esi + F8] is the address of your health, ESI is 11E2DAE0. This is the address of your object. If you add offset F8 you get 11E2DBD8 which is the address of your health. Cheat engine is telling you that the pointer you need to find will hold the address in ESI which is 11E2DAE0. This is correct, what you said is wrong.

In the second screenshot:
"The value of the pointer needed to find this address is probably 3C6CC150". This is the value in EBX. there is no offset in this case, which is why the pointer you need to find holds the address of health. This level of the pointer chain, does not have an offset. So what you're saying is true, it's the same address as the health variable. So just scan for a pointer to that address and use no offset, or an offset of 0 if that makes it easier to understand.

I did some pointer scans with the same bots and I managed to get some static adresses, but the pointers seem really messy and I cannot find a reasonable structure in memory.

They are not messy. You have found your entity list. The ent list starts somewhere before *.dll+021b804.

The elements in the ent list are pointers. These pointers point to objects, if you want to get the health address of one of these objects, you just use offsets 8 ,8 ,8, D50.

 

[Rake]

A screenshot illustrating the problem:

What problem does this screenshot illustrate and how does it illustrate it?

I already did try to close the game, find the health adress of a random bot again and do pointer scans each time, but it does not work.

It would have to be the same bot element each time, which it won't be in this game.

did you try GH Entity List Finder ?

 

[Luke04]

What problem does this screenshot illustrate and how does it illustrate it?

In Assault Cube or other games I pick a bot, get its health adress and change it. Then I click on 'find out what accesses this address', shoot the bot again and CE suggests me a pointer value that is different than the address of the bot's health. The suggested address I can then use to work with any further.
But in America's Army this is different, the suggested pointer value is the same as the bots health address:

It would have to be the same bot element each time, which it won't be in this game.

I will try to do a pointer scan with the same bot each time, and then rescan after restarting the game.

Update:
I did some pointer scans with the same bots and I managed to get some static adresses, but the pointers seem really messy and I cannot find a reasonable structure in memory.

did you try GH Entity List Finder ?

I'll check it out

 

[Luke04]

They are not messy. You have found your entity list. The ent list starts somewhere before *.dll+021b804.

The elements in the ent list are pointers. These pointers point to objects, if you want to get the health address of one of these objects, you just use offsets 8 ,8 ,8, D50.

I understand it better now, but I can't find a pattern where when I increase the offset by 0x4 or more it will automatically point to the next bot entity.

 

[Rake]

Just keep working on it, you'll figure it out, you're like 1 step away from getting it

 

[Luke04]

Just keep working on it, you'll figure it out, you're like 1 step away from getting it

So I did some extensive pointer scans for 5 different bots, some gave me 42 results at the end, some gave more than 100.000 (!) results. I could not cut this big amount of results any further, I tried but it wouldn't cut the value by a significant amount.

I tried to find a pattern now, but I really cannot find one.
Any tips?

 

[Rake]

the scan on the far left, it's sorted by # of offsets. You need to do that on all of them to make it easier to understand. Ignore the libdauth.dll pointers and others that don't make any sense. I think engine.dll and core.dll are the only ones you need to consider.

What game engine is this? I'm not familiar with this game. Also try to find some public source codes for this game and see what you can figure out from reading them