#SPEEDRUNNERS GAME LAUNCH OPTIONS CODE#
If you look closely, you see that the last offsets is often 0x110, but in the assembly code from the previous post, we found the offset 0x180 being used to access that variable: mov, edx
/cdn.vox-cdn.com/uploads/chorus_image/image/53660143/2017031016223500_F1C11A22FAEE3B82F21B330E1B786A39.0.jpg "speedrunners game launch options")
We can also sort them by offset to find other interesting paths. We can remember this as one possible pointer path. Let's look at one example.įrom the base address of the DLL, if we go up 0x00097E48 and when following that address and if we go to the offset 0x110 we find the address or pointer to our variable. After the scan is complete, we find about 20000 pointers, 20414 to be precise. Now searching might take a while depending on the size of the memory. So for the base address scanning range, I looked at the memory map of the GameLogic.dll and added the rough range there. So it makes sense to guess that this DLL might have some global variable pointing to some object which we can use to get to the actual value. From the last post, we know that the code that accesses this variable is in GameLogic.dll. This lets us scan only a certain range of addresses to find the base address. This shows us a dialog window with various options - we'll keep most all of them with default settings except we change the "Base address must be in specific range" option. And Cheat Engine has a nice feature to simplify this for us and its called Pointer Scan. GameObject->WorldObject īasically, you just have to follow these pointers and offsets until you find what we want. If you know how this is implemented on a lower level, you'd know that these objects are somewhere in memory so they have an address and their variables are located at some offset from the start of that object. There could be a general GameObject which has a reference to the WorldObject which has reference to the CurrentPlayer and then we use the current player object to get a reference to the SkillSlotNumber.
Here is how it could look like (this is just a guess): var GameObject Let's think about this in a programmers point of view. Obviously the game has to know where the value is present in memory - so can we somehow do the same? Pointer Scan Now we want to find this value every time we restart the game. Let's attach Cheat Engine again to the game and search for the selected skill in memory and find the correct address by scanning for the selected skill slot number. So we need a generic way so that even if we restart the game we will find the correct pointer s. The addresses these processes get are different every time we run it (ASLR - Address Space Layout Randomization). Why did it change after restarting the game? But when we restart the game, we'll loose the variable and see instead a bunch of ? or random stuff - which indicates that the Cheat Engine has a wrong address/pointer. In the last post, we saw that Cheat Engine could read the game's memory, and we used this to find the variable of the selected skill in memory. Watch on YouTube Prefaceīefore jumping into the cool stuff, you need to know a couple of things. In this post we will look at "time splitters" used by speedrunners and how it's related to game hacking.
0 kommentar(er)
