View previous topic :: View next topic |
Author |
Message |
Glest Master Cheater Reputation: 0
Joined: 12 Jul 2006 Posts: 334 Location: The Netherlands
|
Posted: Fri Sep 08, 2006 7:32 am Post subject: Pointer Tutorial |
|
|
this was originaly a replie I never posted... Since the server went down this morning (or whatever happend).
---------To find a pointer:
Say you got an adress, doesn't matter what, but let's say it's for health. Right click it and select "find out what writes to this pointer". Get hit.
You'll have some code, maybe more pieces... they could be something like this:
Code: | dec [eax+65]
mov [eci+65],300
inc [eax+65] |
So, clearly, there is something with the 65. It is the offset. Now, if you double click one of those lines, a window will pop-up. It will tell you the values of eax,eci and all the others. Find the one that you need (for the first it would be eax, the second eci and third eax again). Now, start a new scan, 4 bytes and tick the box HEX. Scan for the value that we just looked up.
Worst case scenario: you get thousends of adresses.
Best: you get one
If you get one adress it's simple... If you got more it gets a bit harder. Anyway, look for green adresses in the search list. They are static (meaning that it doesn't change). If there are no greens, than just continue with a black one.
Click the button "add manualy". Check the box pointer and enter the adress we just found. In offset, enter 65. Done.
Now, if you didn't have a green adress, repeat for the pointer from the beginning. But make sure you find out what writes to the pointer, not the value pointed to.
--------
There is another way... Let's say you found this:
mov [eax+65],300
And you can't seem to find a pointer. Click "show assembler". The top most line is the code we found. Scroll up a bit, and you might find a line writing to eax.. for example, you might see this:
Code: | mov eax,0026F286
mov [eax+65],300 |
Now you need to know what [] is for. When something is between [], it meens it is treated as a pointer.
so
Code: | mov eax,300 //moves 300 into eax
mov[eax],300 //moves 300 into the adress stored in eax. |
Back to the example. eax now holds 0026F286. It might be an adress (and it is in this case)
Now, "mov [eax],300" will write to the adress stored in eax, wich we just saw. So, our pointer has to be 0026F286 with offset 65.
--------------------
it is also possible to treat adresses as pointers, instead of registers. So
mov [0026F286],300
is the same as
mov eax,0026F286
mov [eax],300
The problem with this way is that you can't use an offset.. unles "mov [0026F286]+65,300" is allowed. But I don't know that for sure...
_________________
|
|
Back to top |
|
|
Pory Advanced Cheater Reputation: 0
Joined: 13 Aug 2005 Posts: 55
|
|
Back to top |
|
|
Glest Master Cheater Reputation: 0
Joined: 12 Jul 2006 Posts: 334 Location: The Netherlands
|
Posted: Fri Sep 08, 2006 3:34 pm Post subject: |
|
|
well, first of all, you might wonder what the offset is. It should be 0. Do keep in in dthat when you don't fill in anything in the offset field (in add adress manualy), your pointer wont work. It really needs to contain a zero.
The value you'll have to scan for should be 1824418C in hexadeciml. Did tick the box "Hex" when scanning for the pointer's adress?
If you did, and you still can't find it that means the game builds up the pointer. You'll have to browse in the disasembler to find out how ecx got to be what it got to be. So, you scroll up from the command nd write down every command writing to ecx.
If you can't you'll have to use assembler to eliminate the need of a pointer, or maybe just some simple nop's.
_________________
|
|
Back to top |
|
|
Pory Advanced Cheater Reputation: 0
Joined: 13 Aug 2005 Posts: 55
|
Posted: Fri Sep 08, 2006 7:19 pm Post subject: |
|
|
Glest wrote: | If you did, and you still can't find it that means the game builds up the pointer. You'll have to browse in the disasembler to find out how ecx got to be what it got to be. So, you scroll up from the command nd write down every command writing to ecx.
If you can't you'll have to use assembler to eliminate the need of a pointer, or maybe just some simple nop's. |
Know of any tutorials that could help me better understand this?
_________________
<+billy_s> im taking a break from programming and trying to escape the world of geekness and then winamp brings up "Norah Jones - Pointer Song" GODAMN IT LEAVE ME ALONE |
|
Back to top |
|
|
bluehairman Expert Cheater Reputation: 0
Joined: 10 Sep 2006 Posts: 218 Location: Athomedonigstuffthatyounotneedknow
|
|
Back to top |
|
|
Glest Master Cheater Reputation: 0
Joined: 12 Jul 2006 Posts: 334 Location: The Netherlands
|
Posted: Tue Sep 12, 2006 11:36 pm Post subject: |
|
|
I'll write a tutorial on finding pointers by browsing the dissasembler when I get back from school.
_________________
|
|
Back to top |
|
|
dEagle Expert Cheater Reputation: 0
Joined: 17 Jun 2006 Posts: 225 Location: CheatEngine Forum
|
Posted: Sat Sep 16, 2006 2:56 am Post subject: |
|
|
OMFG Thanks Man! It Really Helped Me Out! With Finding pointers
|
|
Back to top |
|
|
Thebug247 Advanced Cheater Reputation: 0
Joined: 17 Oct 2006 Posts: 55
|
Posted: Tue Oct 17, 2006 8:15 pm Post subject: |
|
|
thx for making this tutorial help me a lot, but I have one problem though. I found the pointer and everything, but even though I freeze the value, my lifepoint on the game still goes down. I tried the "replace address that does nothing" option but it gives me this error
"Access violation at address xxxxxxxx in module 'DualEngine.exe'. Read of address xxxxxxxx."
Is there any other way to do this
|
|
Back to top |
|
|
Glest Master Cheater Reputation: 0
Joined: 12 Jul 2006 Posts: 334 Location: The Netherlands
|
Posted: Sat Oct 21, 2006 2:36 am Post subject: |
|
|
what game is it? Cause if you're using Dual Engine it's probably an online game... And thus it may be serversided.
_________________
|
|
Back to top |
|
|
lllll Newbie cheater Reputation: 0
Joined: 08 Oct 2006 Posts: 22
|
Posted: Sun Oct 22, 2006 11:20 am Post subject: |
|
|
a question do I really need to search with 4 byte becaus its a flash player game and with 4 byte i will not find any address??
|
|
Back to top |
|
|
Glest Master Cheater Reputation: 0
Joined: 12 Jul 2006 Posts: 334 Location: The Netherlands
|
Posted: Sun Oct 22, 2006 1:49 pm Post subject: |
|
|
I'm not sure if flash games use pointers... Anyway, you won't find any valid pointer if you open it with your browser (I think).
_________________
|
|
Back to top |
|
|
Alcatis Newbie cheater Reputation: 0
Joined: 22 Oct 2006 Posts: 14
|
Posted: Sun Oct 22, 2006 2:05 pm Post subject: |
|
|
Flash games does not use pointers.
|
|
Back to top |
|
|
me Grandmaster Cheater Reputation: 2
Joined: 24 Jun 2004 Posts: 733 Location: location location
|
Posted: Sun Oct 29, 2006 8:53 am Post subject: |
|
|
Pory wrote: | Thank you so much for this! I'm having a hell of a time with pointers in Far Cry.
EDIT: One thing though... this is what I get when I "view what writes to this address" for health, ammo, etc...
35501275 - 89 01 - mov [ecx],eax
Any help would be greatly appreciated, thanks.
EDIT #2: Also...
"The value of the pointer needed to find the address is probably 1824418C"
But when I scan for that I get no results. I don't understand pointers at all, I have very little ASM knowledge (I only know the number converting system and a little about how the registers work.)
Here's a screenshot if it helps any...
|
esp is a stack pointer,
cant see all your code there but the call before ecx is loaded with the stack pointer might have the code that pushes or mov's your address you neeed onto the stack..........
_________________
|
|
Back to top |
|
|
Ulixes How do I cheat? Reputation: 0
Joined: 12 Dec 2006 Posts: 4
|
Posted: Tue Dec 12, 2006 10:52 am Post subject: |
|
|
Can you explicate me what is a pointer and how i can find it?
I've read something, but i didn't understand a lot, cause i do not know assembler and so other things that you do like drink.
What is the correct pointer address if I've found more than a value??
Thanks
|
|
Back to top |
|
|
Thebug247 Advanced Cheater Reputation: 0
Joined: 17 Oct 2006 Posts: 55
|
Posted: Tue Dec 26, 2006 6:38 am Post subject: |
|
|
hello, im trying to find a pointer but. I cant find it I dont know what im doing wrong here's what i got so far.
>>51406e7b - mov eax,[ebx+20]
EAX=00000161 EDX=77C60440 ESP=0012EBD8
EBX=0DF919DC ESI=00000000 EBP=0012EC44
ECX=0012EC1C EDI=0012EC2C EIP=51406E7E
now I think 20 should be the offset now what hex should i search for????
|
|
Back to top |
|
|
|