I already made a CT for NA, if you want to learn for yourself how to add certain things, just use baseaddress+offset = pointer. How to find base addresses? Use "what access/writes" this address with CE (on debugger enabled clients). Simply using ce 6.1 64bit doesn't allow you to attach a debugger to cabal without the gameguard detection/.erl error.
The base address+offset has to = P->(your static address). If it equals your static address, the one you searched for when you started the game you know the base addy+offset was correct.
For example 00A483A0 (base address for EU) + 4264 (offset for level found using what access/writes this address) = Static address that you searched for every-time.
Code:
http://www.youtube.com/watch?v=wQ89-BQFhI4&hd=1
As you can see in the video, I had 3 pointers on the list, and one normal address that you scanned for, I clicked "What writes this address" and then went and leveld up since it was level address I was searching the pointer for.
That should pretty much show you from non pointer to pointer how to do it, its just finding the base address and offset, its called trial and error, if you put some random address in the base address spot, the offsets displayed (usually 4 numbers) won't add up to the dynamic address we had (non pointer address). As your adding base address and offset in, it should say right above the offset window "the offset you chose brings it to".
[Only registered and activated users can see links. Click Here To Register...]
You can see its bringing me to 067EC5A7 with 1fff but 067EECAC is where I need to be so I'm able to assume since I know this base address is pointing in the general memory region as the dynamic address it may be the correct base address, and just need to tweak the offsets a little.
This is helpful when you have the dynamic address that changes every time you open the client, and you know what the base address is too, you just want to find the functions offset, you can pretty much find the offset yourself without using CE's "what writes/accesses", because for some stuff on NA i couldnt attach debugger like EU, so I would just use base address that I knew was right, and Started with offset as 1FFF, to see where it brought me, then i would go 2FFF if the address wasnt pointing near the dynamic address, i would increase untill I knew the pointer address the offset was bringing me to was passed the address I needed, then I would leave the first number, and move to the 2nd F and decrease that (012345679abcdef) <- hex values so you know you can move it all the way back to 0 to see if your getting closer to the pointer pointing to the right address. Thats a crude way of doing it and only is done because I wouldn't have debugger attach ability, like in the video for EU, or if i didn't wanna go through and manually add every offset for that base address in the memory region I use to find the base address/offsets...
For using debugger, it would be alot easier as in the video where everything is displayed for you, and if you cant see it just go memory view on the address holding the mov function and view it yourself.
ofc thats only if you wanted to actually learn how to set them it would be easier to just leech my .ct file and not learn where the base addresses are in memory region for when content updates ect come.