1

if you not familiar with Pointer Scanning please read this post

i have while using cheat-engine to find static address in game or any programme using a Pointer Scanning method now i start thinking of make in my own trainer so after some search i find this: pseudocode

list<int> pointerScan(target, maxAdd, maxDepth) {
     for address = BASE, 0x7FFFFFF, 4 {
        ret = rScan(address, target, maxAdd, maxDepth, 1)
        if (ret.len > 0) {
            ret.pushFront(address)
            return ret
        }
    }
    return {}
}

list<int> rScan(address, target, maxAdd, maxDepth, curDepth) 
{
    for offset = 0, maxAdd, 4 
    {
        value = read(address + offset)
        if (value == target)
            return list<int>(offset)
    }
     if (curDepth < maxDepth) 
     {
        curDepth++
        for offset = 0, maxAdd, 4 
        {
            ret = rScan(address + offset, target, maxAdd, maxDepth, curDepth)
            if (ret.len > 0) 
            {
                ret.pushFront(offset)
                { 
                return ret
                }
            }
        }
        return {}
    }
}

target is the dynamic memory address to find

maxAdd is the maximum value of any offset

maxDepth is the maximum length of the pointer path

pointerScan() The pointerScan() function is the entry point to the scan. It takes the parameters target (the dynamic memory address to find), maxAdd (the maximum value of any offset), and maxDepth (the maximum length of the pointer path). It then loops through every 4-byte aligned address in the game, calling rScan() with the parameters address (the address in the current iteration), target, maxAdd, maxDepth, and curDepth (the depth of the path, which is always 1 in this case).

rScan() The rScan() function reads memory from every 4-byte aligned offset between 0 and maxAdd , and returns if a result is equal to target . If rScan() doesn’t return in the frst loop and the recursion is not too deep , it increments curDepth and again loops over each offset , calling itself for each iteration.

my problem with this pseudocode is i could not understand why address + offset in 

ret = rScan(address + offset, target, maxAdd, maxDepth, curDepth)

i think has no effect some tell me that increasing the depth but i could not see the point from increasing address because the first function (pointerScan) loop over all address that align in 4 byte

zerocool
  • 3,256
  • 2
  • 24
  • 40
  • 1
    Where did you find this, maybe there's some clue from context of the surrounding text? Looks weird to me, I can't see what that's doing that they couldn't do more easily with a simple loop that stops after `n` matches or something. (But it doesn't even check farther if the first loop finds something). I don't think it's considering the possibility of finding misaligned pointers or anything. – Peter Cordes Apr 26 '18 at 07:04
  • @PeterCordes i edit it – zerocool Apr 26 '18 at 07:42
  • src code from the book "GAME HACKING Developing Autonomous Bots for Online Games" by Nick Cano, listing 1-1 – JavaMan Jun 07 '19 at 19:15
  • @JavaMan ya but the book didn't explain it that much that's why – zerocool Jun 08 '19 at 00:08

1 Answers1

0

I have the same question after looked the code and i think it should be changed to:

list<int> rScan(address, target, maxAdd, maxDepth, curDepth) 
{
    value = read(address)
    for offset = 0, maxAdd, 4 
    {
        if (value + offset == target)
            return list<int>(offset)
    }
     if (curDepth < maxDepth) 
     {
        curDepth++
        for offset = 0, maxAdd, 4 
        {
            ret = rScan(value + offset, target, maxAdd, maxDepth, curDepth)
            if (ret.len > 0) 
            {
                ret.pushFront(offset)
                { 
                return ret
                }
            }
        }
        return {}
    }
}
john_1234
  • 1
  • 1
  • Please, consider adding explainations in order to describe how your solution solves the problem. – souki Jun 13 '18 at 11:07