wkPointerScan

From Worms Knowledge Base

Revision as of 13:37, 6 September 2010 by CyberShadow (Talk | contribs) ({{OSS}})

Jump to: navigation, search
(Up to WormKit)
wkPointerScan
Developer: Pisto
Latest version: 16 August 2009
Supported games: W:A
Language: C++
License: Open-source
Website: www.webalice.it/micioptah
Download: wkPointerScan.dll (326KB)

This wormkit module is not for players, but it's a tool for programming other wormkit modules, expecially those that change the gameplay. This module makes easier to find the chain of pointers that lead to the specific memory structure that you want to modify, and fetches (if it doesn't fail) a static base.

The module is "optimized" for w:a. It means that a valid pointer path must:

  • lie only in heap blocks allocated by the module WA.exe
  • contain only positive offsets
  • use aligned pointers

Scanning is quite fast (almost istantaneous with a maximum pointer chain length of 7, the default value), because, before scanning, the entire valid memory is scanned once, and a "web" of pointers is memorized: the scan will work on this web.

There are also addition features: you can print a list of the heap blocks, with their size, their references from other heap blocks, the stacktrace of the thread that allocated them, and info about reallocations (original size, minimum size).

Control

You can send command to this module through a console. All offsets, addresses, size etc. are in hex format. The commands are:

  • web: manually creates a web (if you want to print out references).
  • print: prints in output.txt (a new file in worms folder) a list of all the heap blocks, with length, reallocation info (original, minimum size), cross references (if a web has made). A corss reference is printed out with the format @x(y:z): x is the offset to which the pointer points in the current heap block (the "son"), y is the address of the heap block with the pointer (the "dad"), z is the offset of the pointer in the "dad".
  • print [address]: as above, but just for one block, and shows also the allocation stacktrace and its functions' arguments. Since it's impossible to determine how many arguments a function takes, you can see always 6 DWORD values: if you know, for instance, that a function takes 2 arguments, the last 2 of these 6 values are the arguments, in the same order as in the source code.
  • start [address]: start a new scan for address. Automatically deletes old scan results and webs.
  • checknow: checks that the pointer paths found are still valid.
  • checknow [address]: same as above, but changes the target address first.
  • printpath: shows the paths currently found, giving the base address, the relative offsets. You can add manually these numbers in Cheat Engine.
  • save [filename]: save the current results to a file
  • load [filename]: load results from a file (web will be deleted if the static base area saved in the file is different from the current)
  • setmax [depth]: set the maximum length of the pointers chain (default: 7).
  • setstatic [start] [end]: set the static base area. Default is from 0x6a3000 to 0x975400.
  • heapcount: shows the number of heap blocks.
  • cls: clear output.txt
Personal tools