View previous topic :: View next topic |
Author |
Message |
km2 Newbie cheater Reputation: 0
Joined: 16 Sep 2004 Posts: 11
|
Posted: Sat Dec 31, 2005 8:26 pm Post subject: Trouble finding pointer |
|
|
I am not sure if its a pointer in a pointer, because I cannot tell. This is how far I have gotten:
Loaded game, searched for the floating value, and got the address (Address changes every time the game loads or switchs levels).
Used 'find out what access this address" and got a huge list.
In this example, I used the first one listed:
I entered EDX into the 4byte hex search and came out with nothing, next I tried entered the value from the line above it, and still got nothing. I then went back to the large list and tried them all, with no avail. Am I doing something wrong?
|
|
Back to top |
|
|
Dood How do I cheat? Reputation: 0
Joined: 31 Dec 2005 Posts: 2
|
Posted: Sat Dec 31, 2005 11:57 pm Post subject: |
|
|
You should of done a 4byte hex scan for the value 0128B2FC.
If you get a bunch of them just try using the first one and click "Add address manually" and click the pointer box, which should change and ask for the pointer address. You put in the address of the first thing in the codelist with the value 0128B2FC and then add the offset, in this case B80. Searching for EDX is not the same as searching for the value 0128B2FC, so you should be searching for the EDX at that particular line of asm. You could also try "find out what writes to this address" since that usually (for me) has fewer addresses than "find out what accesses this address". Hope this helps. I'm still learning about pointers but I seem to get the jist of it.
|
|
Back to top |
|
|
km2 Newbie cheater Reputation: 0
Joined: 16 Sep 2004 Posts: 11
|
Posted: Sun Jan 01, 2006 1:09 am Post subject: |
|
|
That is what I entered already, no results
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25294 Location: The netherlands
|
Posted: Sun Jan 01, 2006 7:19 am Post subject: |
|
|
see the instruction above it ?
mov edx,[ebp-18]
edx gets it's value from the address at ebp-18
This is a stack address so not really trustable, but you can try going from there.
But I would suggest setting a breakpoint and then the stacktrace option to find out the caller, and then stepping through the code yourself. Or ue some code injection and save the value of edx somewhere or even freeze the address using the injection
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
km2 Newbie cheater Reputation: 0
Joined: 16 Sep 2004 Posts: 11
|
Posted: Sun Jan 01, 2006 8:04 pm Post subject: |
|
|
Dark Byte, can you explain in more detail about stacktrace and caller?
I became instantly confused after looking at the stacktrace list.
|
|
Back to top |
|
|
zingbats How do I cheat? Reputation: 0
Joined: 30 Jan 2006 Posts: 5
|
Posted: Mon Jan 30, 2006 12:51 pm Post subject: |
|
|
What if the results of the 4-byte scan are too large to enter the list view box? I cannot think of a way to refine the list.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25294 Location: The netherlands
|
Posted: Mon Jan 30, 2006 12:58 pm Post subject: |
|
|
try increasing the maximum numbr of addresses to show in settings, and hope there is a green address in the list, and hope it's the one you need
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
zingbats How do I cheat? Reputation: 0
Joined: 30 Jan 2006 Posts: 5
|
Posted: Mon Jan 30, 2006 2:39 pm Post subject: |
|
|
Makes sense.
I managed to find the location of a float that I want, and the pointer (and offset) to the float.
When a new game is loaded, the location of the float remains the same, but the pointer address changes totally! On the exe restart they both change. How can a trainer be built to overcome this?
I tried doing a "write check" on the pointer to see if there was a pointer that pointed to the other pointer, and I had no such luck.
Do I need to check all the pointers in the 500+ list? None of them keep pointing to the float address when a new game is loaded so it seems pretty pointless (no pun intended ).
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25294 Location: The netherlands
|
Posted: Mon Jan 30, 2006 2:51 pm Post subject: |
|
|
but the address stays the same while all level1 pointers change?
thats weird, unless the address you found is already a static address
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Zhoul Master Cheater Reputation: 1
Joined: 19 Sep 2005 Posts: 394
|
|
Back to top |
|
|
zingbats How do I cheat? Reputation: 0
Joined: 30 Jan 2006 Posts: 5
|
Posted: Tue Jan 31, 2006 11:56 am Post subject: |
|
|
Dark Byte wrote: | but the address stays the same while all level1 pointers change?
thats weird, unless the address you found is already a static address |
Below: Finding the suspected address of the float pointer
Below: Finding the suspected address of the float pointer (NOTE: Usually only one opcode is found)
Searching for the address of the pointer (515 results)
Adding the pointer and offset.
The table when a new game is started, but the process isn't
New game and process complete with new pointer / float addresses.
|
|
Back to top |
|
|
Leonidas Advanced Cheater Reputation: 0
Joined: 07 Mar 2005 Posts: 98
|
Posted: Wed Feb 01, 2006 4:21 am Post subject: |
|
|
Ah, I see, you chose the wrong pointer
at the image of : "The table when a new game is started, but the process isn't " you see most addresses changed, so the ones thatchanged are wrong pointers, but the ones that didn't change have the most chance of being the right pointer. (of course, none of them is a green address, so after a restart it can change, but thats for later)
As you see 042701ce stayed the same, as did 04270224 and 042702e6 (also, I recommend checking fastscan so it filters out 042701ce and 042702e6 because there's 99% chance that those are wrong pointers)
|
|
Back to top |
|
|
zingbats How do I cheat? Reputation: 0
Joined: 30 Jan 2006 Posts: 5
|
Posted: Wed Feb 01, 2006 3:24 pm Post subject: |
|
|
Fast scan yields 15 results. None of which remain the same when the game is changed (process = same)
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25294 Location: The netherlands
|
Posted: Thu Feb 02, 2006 2:33 am Post subject: |
|
|
then continue scanning the pointer before changing the game.
find oyt whatr accesses the pointer you found, and find that pointer for that, and go on till you've found the base address.
if all offsets are right and the base pointer is correct it will work
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
bitterbanana Cheater Reputation: 0
Joined: 28 Nov 2004 Posts: 44
|
Posted: Sun Feb 05, 2006 11:50 am Post subject: |
|
|
I can tell that there isn't a static pointer for that address. You're going to have to backtrace the assembly command and find out what is writing to edi. If you don't want to get your hands dirty in that, you can always just inject code to write the value of edi to a desired static address.
|
|
Back to top |
|
|
|