0

I am trying to learn basic programming with Cheat Engine and games.

So far, I still can't grasp the pointer, particularly how to trace them.

Most of the tutorials on pointers work with 4-bytes long addresses, but what I have is 6-bytes long address. So far I have failed to track down the base address from this 6-bytes long address.

6-bytes long address

As shown in the screenshot, R9 is the offset and RCX should lead back to the pointer. R9 stays the same while RCX changing each time the game restart. Where should I go from here?

General Grievance
  • 4,555
  • 31
  • 31
  • 45
hstpctech
  • 1

1 Answers1

0

32bit Address space uses 32bit(4 Bytes) for memory addressing, while 64bit Address space uses 64bit(8 Bytes) for memory addressing.

In practice, 64bit is much, much more than required (larger than the estimated storage size of the entire internet) and hence systems have decided to use 48bit(6 Bytes) to address their memory.

Since most programming languages and computers in general only support 32bit and 64bit(do not support 48bit), the 48bit address is stored in a 64bit variable/register, with the higher most significant Bytes being zero (0x0000)

Therefore, in order to scan for the pointer value, you have to scan for an 8Byte value(with hex value being ticked as CE shows address values as hex by default)

Irad Ohayon
  • 174
  • 6
  • Thank you for the explanation. Unfortunately, CE still returned only a dynamic address instead of the base one. Would you share the steps I could do to find it? – hstpctech Apr 08 '21 at 21:14
  • Some addresses require a multi-level pointer(pointer to a pointer ...) until you reach a base address, and some pointers might not lead to a base address at all. The answer to your question really depends specifically on your executable and how the memory behaves. – Irad Ohayon Apr 08 '21 at 21:18