Guide:Finding pointers and offsets: Difference between revisions

This tutorial will teach you how to find pointers to structs and use offsets to access values stored within those structs. Basically every value the game uses is stored in a struct somewhere in memory, so if you can find a global pointer to a struct, and then figure out the offset to access a value in that struct, you can access that value in any map without having to scan for it. The steps below should work for all three games, though keep in mind that [[Sly 1]] structs are organized slightly differently than [[Sly 2]] and [[Sly 3]] structs.

 

==How to find the pointer/offset to a value stored in any struct==

#*Check the box for '''Read''', but not Write or Execute.

#*Click '''OK'''.

#'''Do something to make the game read the value.'''

#*In this case, all you have to do is play as Sly, since the game constantly reads Sly's position while he's active.

#*For example, the instruction will probably be something like <code>sw s0, 0x30(s1)</code>. The register in parenthesis (in this case, <tt>s1</tt>) will contain the base address of the struct, and the number before the parenthesis is the offset (in this case, <tt>0x30</tt>).

#*So, if the s0 register contains the value <tt>FB36E0</tt>, then the base address of the struct is <tt>0xFB36E0</tt>, and Sly's X Position is at offset <tt>0x30</tt> from that address.

#'''Do a 4-byte scan in Cheat Engine to find an address which stores a pointer to that base address.'''

#*Take the value from the register in Step 4, and do a '''4-byte / Exact Value''' scan in Cheat Engine for that value (remember to check the box that says '''Hex''').

#*All the resulting addresses are pointers to that struct

#*If you have too many results, load another map, and repeat the process until you narrow it down (however, this will only work if one of the pointers you found is a global value).

 

#*Right click in the memory viewer, and change the display mode to '''4-byte Hex'''.

#*It should look like this:

#'''Use the entity list pointer to find the array of pointers to each instance of that entity in the world'''

#*Ignoring the zeroes at the start of the line, the second value in the FK$X struct is a pointer to the entity pool for that entity

#*The third value value in the FK$X struct is how many of that entity the game instantiated when the level was loaded

#*Copy the value of the pool pointer, press Ctrl+G, paste it, and press OK to go to that address in the memory viewer.

#**I am using the emuprm script so these screenshots do not include the <tt>0x20000000</tt> base address. If you don't have the script, you will have to add <tt>0x20000000</tt>.

#'''You are now looking at the proxy pool for that entity, which is an array of pointers to instances of that entity in the current map.'''

#*These are pointers to Entity structs. Each 4-byte value is a pointer to an instance of that entity.

#*There will be a number of pointers equal to the pool size you saw in the FK$X struct. For the antennas, there are 4.

#*You can use the '''Dissect Data Structures''' tool in Cheat Engine to easily view/edit the values stored on the struct.