Page 1 of 1

Advanced Pointer Scanning

Posted: Fri Jan 04, 2013 3:03 pm
by Sethioz
Before you read this topic any further, go and read my wiki article > Pointer Scanning / Finding Pointer - This explains everything you need to know on how to find a pointer, if unclear, come back here and read the rest.

* Video Tutorial on how to find multi level pointer without using "pointer scanning" feature < click on it, made by PinPoint


Now things i have not explained in that article. based on game, some games require higher offset range, while other games require higher level scans.
for a while now, i was unable to find pointers in Killing Floor, but then i did higher offset range scan and found tons.

for example in Cheat Engine, default offset value is 2048 which is very low.
however you must balance them, using level 7 at 2048 is a BAD idea, in some games scan size can be like 1tb or bigger and take 10h or more.
Level 7 scan can be performed using 1000 offset or so, but it's still low.
First thing to try, would be to use Level 1 and higher offset, like 200000
Level 2 scan is also thinkable with offset of 200000 or so, but i think level 3 at that offset would be too much.

If you are unable to find pointers with Cheat Engine, don't panic, because Cheat Engine is not the best tool for that at all, even when doing 1 byte search using cheat engine, it skips things (i have compared Tsearch and cheat engine against 1 byte search and cheat engine have failed a lot). Same with pointer scanning, ArtMoney is a lot better tool in some occasions.

However ArtMoney is more pro tool and a lot harder to use than Cheat Engine, maybe this is why noobs always go for cheat engine. don't get me wrong, ce is a good tool, but it lacks a lot and has many bugs in it that can cost you the positive results you are looking for.

I have updated the wiki article with quick guide on how to use Pointer Scan in ArtMoney, so follow that to learn how.
in ArtMoney, increasing/decreasing offset range is a lot harder than in CE.
so, to do 150000 range, you must do the following:
select "range" in ArtMoney's search.
DO NOT touch the >= and <= signs, leave as they are. these are simple math forumulas, meaning (is bigger or equal and is smaller or equal)
so first you put the exact address that you want to find the pointer for, lets say address is 3C150000
there are 2 fields, into first field you put the ranged address, so you substract the range you want to search for from the address, like so:
3C150000 - 150000 = 3C000000
so it will be like this:
>= 3C000000 to <= 3C150000
commence the scan (read wiki article for other parameters).
after scan is done, then filter can be used to filter for VALUE you are looking for, so reboot game, select process again (ArtMoney has a bug there, so you must choose another process, open it, then re-open the game, trust me, if you don't, you will get errors).
so now use "filter" and filter for the value that the address should hold (you MUST know it or there is nothing to scan for).

If you get stuck with Cheat Engine or ArtMoney, post here and I help you out. There is no ABC to this, what works in some games, doesn't work in other games.
Why i use pointer scans over code injection, is because when using a pointer + offset, it is virtually undetectable by any anti-cheat engine out there.
For example i can use Luigi's (aluigi.org) QuickBMS + script to get pointer results from game and then write to that address, this method is definetly undetectable by any anti-cheat engine out there. i have not tested this theory, but soon i will test it against VAC and im 99.999% positive it's undetectable.

Some might say .. what about server side ammo counter check?
I say .. what about lag? it is not thinkable that you get banned for lagging, for example you lag + shoot, so on your client side you spend ammo, but on server side you don't, so server just forces the last known value on your ammo instead, that is server side check indeed, but you will NOT get banned for this. value just goes back to what it was. this simply means that target value cannot be changed due the server check, but it will absolutely will not result in an ban.