First, you found not a base, you found module offset for multilevel pointer base address.
Anyway, it depends on which memory block game is using for storing some values. 2MB (VideoMemory), 4MB, 16MB.
Usually it is 16MB. Paste this code to addresslist:
Code: Select all
<?xml version="1.0" encoding="utf-8"?>
<CheatTable>
<CheatEntries>
<CheatEntry>
<ID>0</ID>
<Description>"Find and set user symbols"</Description>
<LastState/>
<VariableType>Auto Assembler Script</VariableType>
<AssemblerScript>{$Lua}
if syntaxcheck then return end
[ENABLE]
for i,v in ipairs(enumMemoryRegions()) do
if v.RegionSize==0x1001000 and v.AllocationProtect==4 then
unregisterSymbol('GameMemoryStart') registerSymbol('GameMemoryStart',v.BaseAddress+0x20)
end
end
[DISABLE]
unregisterSymbol('GameMemoryStart')
</AssemblerScript>
</CheatEntry>
<CheatEntry>
<ID>1</ID>
<Description>"GameMemoryStart"</Description>
<VariableType>Byte</VariableType>
<Address>GameMemoryStart</Address>
</CheatEntry>
</CheatEntries>
</CheatTable>
Attach CE to dosbox, activate "Find and set user symbols", then just use "GameMemoryStart" symbol.
For example there is table for "Cosmo's Cosmic Adventure 1 V1.20"
viewtopic.php?t=412
Health is pointer with last offset 1FCFC.
With "GameMemoryStart" symbol you can just use GameMemoryStart+1FCFC. It is universal, whatever DOSBOX version you use, it should work.
(at least all DOSBox versions up to this date)
If you really want to use pointers than symbols - you can do pointer scan with max level 1 ( and max offset 128 to speedup scanning even more)
In previous page I showed how to do this for pointers for VideoMemory, you can do the same for for 16MB and 4MB memory blocks.
Right click "GameMemoryStart" and choose "pointer scan for this address", max level 1, like in this screenshot:
(of course you will have different address)
That way, after few pointer rescans, I found pointers to GameMemoryStart (the 16MB memory block):
["DOSBox.exe"+0193C370]+0
["DOSBox.exe"+0074D728]+0
["DOSBox.exe"+0074D6D4]+0
["DOSBox.exe"+0074D6D0]+0
["DOSBox.exe"+0034DACC]+0
["DOSBox.exe"+0034DA94]+0
["DOSBox.exe"+0034D728]+0
["DOSBox.exe"+0034D6D4]+0
["DOSBox.exe"+0034D6D0]+0
As you see, there's also a pointer with base address: DOSBox.exe+0193C370 (modulename+moduleoffset)
And moduleoffset is the same as yours.