Jump to content
  • 0

Pointer Search

Laifsyn

Asked by Laifsyn,

Question

Laifsyn Newbie

Laifsyn

Posted
Posted

Summary at end:

I've searched pointers in CE where I had to first search the correct Address for a value, let's say the Float for a Cooldown Ability. 

If I were to Search its pointer, I would end up with millions of values which would be reduced to near nothing the next time I re-search the pointers when I log Back in. 

I tried something similar in Soul Knight for the abilities Cooldown. I searched for the Float Value of the Cooldown (Tha's been found only in  the range B7000000~B7FFFFFF so far) and then I ran the Search Pointer function with the found value with an offset of FFFFFF. It found around 30k values.

I tried to simulate what Cheat Engine does by trying to export the found values but it seems to only import 100 Values of the 30 thousands of values. 

Summary:

-How can I Pointer Search like CE Does or is it even possible? 

-And how can I reliably search for a game's pointer so I don't ned to search for it again the next time I run the game? 

5 answers to this question

Recommended Posts

  • Administrators
Enyby Grand Master

Enyby

Posted
  • Administrators
Posted

Windows and Android are significantly different. There is no ASLR in Windows (except for the latest versions, and that is not always).
Therefore, the conversations "to look like in CE" do not make sense.
As for finding a pointer to a value, it is quite simple if you know the address of the value and know that there is a pointer to it.
There can not be 30,000 results.
Obviously you think something else is a "pointer."
And yes, the pointer is not a solution against the ASLR.
Usually there is a chain of pointers.
Only if you know the whole chain, can you bypass the ASLR.

For example, it could be this: determined the address of the .so library.
We determined the address in .bss or .data for the first pointer of the chain, followed this pointer, determined the new pointer by the known offset, and so on, until you find the desired value.
But even a complete knowledge of all the chains may not give the desired result.
For example, somewhere there is an array of pointers. Today is the fifth index, tomorrow is the thirty fifth. The index may depend on the order of filling or something else.
And everything, your chain does not work.
Part of the chain (or its start) may be on the stack. Then everything gets complicated too.
This is not a very reliable way.

A more or less reasonable way is group searching by known signatures.
This may not be just a group search that includes the desired value.
For example, you can search for something nearby, and then go to the offset.
Or look for one of the pointers, and then go on it. And the pointer can be not only on the value itself, but also on something nearby.

frenchiveruti Newbie

frenchiveruti

Posted
Posted
On 11/10/2018 at 5:55 PM, Enyby said:

Windows and Android are significantly different. There is no ASLR in Windows (except for the latest versions, and that is not always).
Therefore, the conversations "to look like in CE" do not make sense.
As for finding a pointer to a value, it is quite simple if you know the address of the value and know that there is a pointer to it.
There can not be 30,000 results.
Obviously you think something else is a "pointer."
And yes, the pointer is not a solution against the ASLR.
Usually there is a chain of pointers.
Only if you know the whole chain, can you bypass the ASLR.

For example, it could be this: determined the address of the .so library.
We determined the address in .bss or .data for the first pointer of the chain, followed this pointer, determined the new pointer by the known offset, and so on, until you find the desired value.
But even a complete knowledge of all the chains may not give the desired result.
For example, somewhere there is an array of pointers. Today is the fifth index, tomorrow is the thirty fifth. The index may depend on the order of filling or something else.
And everything, your chain does not work.
Part of the chain (or its start) may be on the stack. Then everything gets complicated too.
This is not a very reliable way.

A more or less reasonable way is group searching by known signatures.
This may not be just a group search that includes the desired value.
For example, you can search for something nearby, and then go to the offset.
Or look for one of the pointers, and then go on it. And the pointer can be not only on the value itself, but also on something nearby.

Thanks for solving my question about pointers like CE.

It's there a good tutorial on how to get the group searchs done right? I am also playing soul knights and the game keeps resetting the value of the shield each time you finish an stage, I found that the stage value adress for each game you play stays the same for the whole game, and only changes when the game is restarted.

Archived

This topic is now archived and is closed to further replies.

Go to question listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.