Guide:Finding pointers and offsets: Difference between revisions
Guide:Finding pointers and offsets (view source)
Revision as of 19:26, 13 September 2023
, 8 months agoAdded navbox
TheOnlyZac (talk | contribs) (Fixed typo, minor tweak) |
TheOnlyZac (talk | contribs) (Added navbox) |
||
| (5 intermediate revisions by the same user not shown) | |||
Line 1:
{{Infobox guide
This tutorial will teach you how to find pointers to structs and use offsets to access values stored within those structs. Basically every value the game uses is stored in a struct somewhere in memory, so if you can find a global pointer to a struct, and then figure out the offset to access a value in that struct, you can access that value in any map without having to scan for it. The steps below should work for all three games, but Sly 1 structs are organized slightly differently than Sly 2 and 3 structs.▼
| sly1 = y
| sly2 = y
| sly3 = y
| difficulty = Intermediate
| time = 10-20 mins
}}
▲This tutorial will teach you how to find pointers to structs and use offsets to access values stored within those structs. Basically every value the game uses is stored in a struct somewhere in memory, so if you can find a global pointer to a struct, and then figure out the offset to access a value in that struct, you can access that value in any map without having to scan for it. The steps below should work for all three games,
==How to find the pointer/offset to a value
#'''Find the address of the value within the struct you want to find the pointer for.'''
#*In this tutorial we will use [[Sly 2:Jt|Sly
#*We don't need to the 0x20 at the front of the address because the <tt>0x20000000</tt> is the emulator base address, and pointers are automatically read relative to the base address.
#'''Set a read breakpoint on that address in the PCSX2 debugger.'''
#*In PCSX2, click '''Debug > Open Debug Window'''.
#*Once it opens, click '''Set Breakpoint'''.
#*In the '''Address''' box,
#*Check the box for
#*Click '''OK'''.
#:[[File:Pointer tutorial breakpoint.png]]
#'''Do something to make the game read the value.'''
#*
#*When your breakpoint hits
#'''In the Debugger, look at the assembly code instruction that reads the value, and see what address is in the register it used.'''
#*For example, the instruction will probably be something like <code>sw s0, 0x30(s1)</code>. The register in parenthesis (in this case, <tt>s1</tt>) will contain the base address of the struct, and the number before the parenthesis
#*So, if the s0 register contains the value <tt>FB36E0</tt>, then the base address of the struct is <tt>0xFB36E0</tt>, and Sly's X
#:[[File:Pointert tutorial debugger.png]]
#'''Do a 4-byte scan in Cheat Engine to find an address which stores a pointer to that base address.'''
#*Take the value from the register in Step 4, and do a '''4-byte / Exact Value''' scan in Cheat Engine for that value (remember to check the box that says '''Hex''').
#*All the resulting addresses are pointers to that struct
#:[[File:Pointer tutorial ce scan.png]]
#*If you have too many results, load another map, and repeat the process until you narrow it down (however, this will only work if one of the pointers you found is a global value).
===A struct can store pointers to other structs===
If you followed the above steps to find the pointer to the struct that stores Sly's X position, you might think you've found the pointer to the '''Sly Entity struct'''. However, since this is Sly 2, what you have actually found is the pointer to Sly's '''Transform Component struct'''.
Each entity in the game has a Transform Component, which is referenced by a pointer inside it's Entity struct. This means the pointer you found will not work to find Sly's X position on every map. '''But,
===To find the actual Sly Entity Struct pointer===
Line 37 ⟶ 43:
====Option B====
Use the tutorial below to find the base address of the Sly entity struct using the [[Sly 2:FK$x|FK$
Once you know the offset of the Transform Component from the entity struct, and the offset of the X coordinate from the transform component, you can find the coordinates for every entity in the game without having to repeat the steps above every single time.
==How to find the
This will work for Sly 2 and Sly 3 entities like Sly, Bentley, Neyla, guards, antennas, cars, trees, bombs, bullets, music box, etc. since Sly 2 and 3 have a method for easily finding pointers to these structs.
#'''Find the FK$X struct for the entity you want'''
Line 51 ⟶ 57:
#*Right click in the memory viewer, and change the display mode to '''4-byte Hex'''.
#*It should look like this:
#:[[File:Pointer tutorial fkx entry.png]]
#'''Use the entity list pointer to find the array of pointers to each instance of that entity in the world'''
#*Ignoring the zeroes at the start of the line, the second value in the FK$X struct is a pointer to the entity pool for that entity
#*The third value value in the FK$X struct is how many of that entity the game instantiated when the level was loaded
#:[[File:Pointer tutorial pool pointer.png]]
#*Copy the value of the pool pointer, press Ctrl+G, paste it, and press OK to go to that address in the memory viewer.
#**I am using the emuprm script so these screenshots do not include the <tt>0x20000000</tt> base address. If you don't have the script, you will have to add <tt>0x20000000</tt>.
#:[[File:Pointer tutorial goto address.png]]
#'''You are now looking at the proxy pool for that entity, which is an array of pointers to instances of that entity in the current map.'''
#*These are pointers to Entity structs. Each 4-byte value is a pointer to an instance of that entity.
#*There will be a number of pointers equal to the pool size you saw in the FK$X struct. For the antennas, there are 4.
#:[[File:Pointer tutorial proxy pool.png]]
#*You can use the '''Dissect Data Structures''' tool in Cheat Engine to easily view/edit the values stored on the struct.
Line 71 ⟶ 77:
* [https://docs.google.com/document/d/12XPT3YeYfiwtyEcJOJfOAMNKklIuc4MyXkLM6YAUXU0 Zac's PCSX2 Pointer Tutorials - Google Docs, Aug 8 2021]
{{Navbox guides}}
| |||