Search for Pointers. Example of "Warcraft 3"

You can use it if you have found some valid addresses and after restart they are not valid. Find the pointer and addresses always will be valid! The program has 3 different methods to search for pointers, including scanner for Pointer-to-Pointer structure up to 5 level (2 level for SE edition).

Addresses change every time after the restart of the game. But the game has to know where the value is now. The game has a special pointer to this address. The pointer contains the address of the value.

Address of the pointer does not change when the game is restarted. If the address stored in the table is a pointer, then we can get the real addresses of the values by following the pointer, even after restarting the game. We recommend to scan only static and even addresses (Search with "Scan only static addresses" option). Static pointers works on all computers. Select the cell with Experience, then use "Search the pointer to this address". After that click "Set the pointer to all" or "to group".

Oops, we found nothing. That is because in this game, the pointer contains the "address of the structure", but we do not know where that structure begins. Select the cell with Experience again. Use the command "Search the pointer with max available offset".

We found all the pointers between the beginning of the block and the address with Experience. There are 50 pointers.

Restart the game. Click "Filter" and enter the value of Experience - "650". Click "OK".

If there is more than one result after filtration, restart the game and repeat filtrations ("Pointer filtration"). Filter until the number of pointers will not decrease, select the cell in the right table with value 650, and use "Set the pointer to all".

Cool, it works! Now, this table work 100% of the time with any restart.

Pointer 6F71C7B8 contains address 01170088.
Address 01170088 is the address of the structure of our hero.
Address 01170088 plus offset 1684 equal 0117071C is the address of experience.
Address of experience is 1684 from the structure from pointer 6F71C7B8.
As a result, we have this table:
Pointer 6F71C7B8 + 1684 / Experience
Pointer 6F71C7B8 + 1688 / Points
Pointer 6F71C7B8 + 1692 / Power
Pointer 6F71C7B8 + 1712 / Dexterity
Pointer 6F71C7B8 + 1712 / Health
Pointer 6F71C7B8 + 1744 / Mana

If you does not find a pointer then try to search for "Pointer to pointer" structure. At first, search for pointer 2 level, if not find, then pointer 3 level. Each next level is searched in 10 times slower than previous level. If you have 1 minute for pointer 2 level, then time for 3 level will be 10 minutes, for 4 level will be 100 minutes. We recommend to decrease maximum offset to 500-1000 bytes for pointer 4-5 level.

  1. Save this address/pointer - save address/pointer/offset for later work
  2. Set the pointer to all (to group) - Select the Pointer cell (left table), and a relative cell (right table), then use this command. The address in the relative cell is matched to the Pointer cell in the left, and each new address in the right table is shifted by the original offset, relative to the old relative cell address. (Each address in the right table will be converted to this pointer with original offset).
  3. Set the saving pointer to all (to group) - same as above, except the new address is shifted by difference of current cell address and the address saved with 'Save this address/pointer' command. The new address is stored in the format of 'base address + offset', with base address equal to the address last saved with 'Save this address/pointer' command. And each offset will be increased by "saving offset".
  4. Set pointers to this address - All the pointers in the right table are set to the one address in the current field. This command changes the offsets only!
  5. Set pointers to saving address - same as above, except pointer is set to the last address set by the "Save this address/pointer" command.
  6. Convert pointers to addresses - It has the inverse effect of "Set pointer", but only applies to selected lines.
Back Contents Forward

Copyright (C) 1996-2013, System SoftLab
Last update of this page: December 26, 2013.