Pointer Search
A Pointer Search is the process of scanning more than one memory dumps for paths that always point to a specific target value which address is not static. If you have found a cheat (or value at a certain address) and realise it no longer works after some time, changing the location or reloading the game, you might have to perform such a scan. MungPlex offers a pointer Search window that uses BullyWiiPlaza's Universal Pointer Searcher Engine.
Before you start, please read the following about the pointers to fully understand what they actually are.
- Pointer Searches in Detail
- Save Memory Dumps
- Open Memory Dumps
- Pointer Scan Settings
- Creating a Cheat with Pointers
In detail, a Pointer Search scans a memory dump for pointers that point to or near the target value. This process is then repeated with at least one more memory dump and target address. Paths that match between the all memory dumps are then returned as results.
The below example shows a pointer path starting at 0x801B61AC in two different memory dumps. At 0x801B61AC a pointer is located to an in-game object. Adding 0x40 to the pointer will lead to the x-coordinate of the object.
On the bottom of the Pointer Search frame you can find options for memory dumping. Simply select the target region from the drop down menu and click Dump. This will same the memory dump to .../Documents/MungPlex/PointerSearch/*platform*/*game_id*/.
The Add File button opens a file dialog to add memory dumps to the list.
-
Starting Address: The memory dump's logical starting address. -
Target Address: Where the value has been found within the memory dump. -
Correspondence: The corresponding Search. 0 = initial, 1 = first comparison, 2 = second comparison, ...
-
System Preset: Auto-selects certain settings depending on the selected system. -
Big Endian: Whether the memory dumps are big endian (reversed byteorder) -
Print Visited Addresses: Additionally print visited addresses -
Print Module Names: Whether to print file/module names instead of initial address -
Minimum Offset: Smallest offset value to be considered. Negative values allowed. A lower value may increase results count but also the scan time -
Maximum Offset: Biggest offset value to be considered. A bigger value may increase results count but also increase scan time -
Min. Pointer Depth: Minimum pointer depth level. A value of 1 means a single pointer redirection is being considered. Values bigger than 1 mean that pointers may redirect to other pointers. This value is usually always 1 -
Max. Pointer Depth: Maximum pointer depth level. A value of 1 means a single pointer redirection is considered. Values bigger than 1 mean that pointers may redirect to other pointers. This value can be the same as Min. Pointer Depth if you don't want any extra depth. A higher value will increase the results count but also scan time -
Address Width: Address width of the dump's system -
Results File: Where to save the results file -
Max. Pointer Count: Maximum amount of pointers to be generated. Smaller values may decrease scan time and but also the likeability to find working pointer paths -
Input Filetype: Whether to use Memory Dumps or Pointer Maps -
Clear List: Clears the dump file list -
Scan: Performs the pointer scan -
Results: Lists all results -
Region: Select region to be dumped -
Dump: Dump selected region
With MungPlex' custom Lua functions it is possible to easily implement cheats that use pointer paths. First load the initial pointer into a variable and then add the offset to it. Then you can read from that pointer or write to it. The IsInRange() function can be used to ensure only valid pointer paths are accessed to prevent crashing the game.
ptr = ReadUInt32(0x801B61AC)
xPos
if IsInRange(ptr, 0x80B00000, 0x80D00000) then
ptr = ptr + 0x40
xPos = ReadFloat(ptr)
end