Memory Hacking Software

[Torero]

I am looking at the pointer search with minesweeper.

I can find the width, height and array of the board; what I am trying to do is to find out what pointer search can do for me in this example.


Maybe when I posted above I didn't understand pointers clearly. I did 4 byte search on exact address of the witdth, and I have 4 results. all of them point to exactly the width with the distance being zero.

What does this mean?

how do I go from here?

[L. Spiro]

also, if the pointer is quite close (as it is small ) , they most likely wouldnt not be inside a module.

You know if a pointer is inside a module if its address is inside the range of a modules address space. Period.

if i can find values inside a module, i don't need pointer right?

Typically.

and if they are not inside a module, the values most likely are far enough away from the modules that the bases themselves cannot be labeled with {module + offset}.

You can’t have a module+offset if there is no module. That is why you use pointers starting from a module+offset.

what should i do?

I wouldn’t know that. What are you trying to do?


L. Spiro

[Torero]

how do I use pointer to write the bot for minesweeper?

or, maybe I don't know that the pointer search is actually another way to learn about the process; and the only thing I will learn and need is {module + offse} which is already clear without using the pointer search

[Torero]

also, if the pointer is quite close (as it is small ) , they most likely wouldnt not be inside a module.

You know if a pointer is inside a module if its address is inside the range of a modules address space. Period.







ok, so what I should do is to find the pointer of the pointer of the pointer of the pointer ...
until it's firmly found inside a module, right?




what if the game generate a different chain of pointers all the time ?

[L. Spiro]

how do I use pointer to write the bot for minesweeper?

You don’t. There are none.

or, maybe I don't know that the pointer search is actually another way to learn about the process; and the only thing I will learn and need is {module + offse} which is already clear without using the pointer search

Pointer Search is made to quickly find…
…pointers.
It assumes you already know what pointers are and how module+offset works and why.

ok, so what I should do is to find the pointer of the pointer of the pointer of the pointer ...
until it's firmly found inside a module, right?

Something like that.

what if the game generate a different chain of pointers all the time ?

It can’t.


L. Spiro

[Torero]

so to repeat your anwser:

I can use pointer search to find the source of the chat lines from within a module, and then I can reference from that to find the locations where the chat strings are stored all the time?

[Torero]

I read from somewhere that says I can set breakpoints from the lines of code that prints the chat window, is that you meant when you said it's typically done through disasembly?

but can I pause the game to set the break point ?

[esco]

Aight Spiro, I looked into that address I was using to get around DMA... turns out there are AT LEAST 3 possible places it can be (7ffd9008, 7ffda008 and 7ffdb008) ... so of course then I searched for the pointer to that pointer... and I found out. It's: 01ccfc34. Which is close to the range where the info for the game iso starts. (1ccf000).

But then I look on another computer, the data for this pointer to the pointer is different AGAIN! HOWEVER, the 3 possible pointers are still the same (7ffd9008, 7ffda008 and 7ffdb008) So of course, that means I haven't accomplished SQUAT here. How do I find out where the rom game data begins? What do I use and where do I look. The only thing constant that I have found so far is where the emulator starts (400000) and I have no idea what pointer or value to search for.

[L. Spiro]

I can use pointer search to find the source of the chat lines from within a module, and then I can reference from that to find the locations where the chat strings are stored all the time?

Correct.

I read from somewhere that says I can set breakpoints from the lines of code that prints the chat window, is that you meant when you said it's typically done through disasembly?

Essentially.

but can I pause the game to set the break point ?

You don’t pause the game to set breakpoints.

out there are AT LEAST 3 possible places it can be (7ffd9008, 7ffda008 and 7ffdb008)

The only way these can be the correct addresses is if they are copies of values returned by the Windows® API used to load the file.
For example, CreateFileMapping().

However, if they are used in connection with the game loading process, you can set breakpoints on them before they load the game and see what creates these values, and follow the code back to the emulator code.

How do I find out where the rom game data begins?

By searching for it and/or by doing the above.

The only thing constant that I have found so far is where the emulator starts (400000) and I have no idea what pointer or value to search for.

Then the base pointer is required to be from 0x00400000 to (0x00400000 + module size).
Unless it uses a special DLL to load the ROM, in which it would just be in that DLL instead of the main process. Either way, same thing.


L. Spiro