View previous topic :: View next topic |
Author |
Message |
Phillip How do I cheat? Reputation: 0
Joined: 22 Oct 2008 Posts: 1
|
Posted: Tue Oct 28, 2008 5:09 pm Post subject: Could someone help me out with this? |
|
|
Ok, so I've gone through all the pointer tutorials and I still can't seem to figure this out.
I find the address that I want, but it's not static(screenshot1)
Then I click on find out what writes to this address and I get (screenshot2)
But when I search for the edx address it turns up with nothing.(screenshot3)
Can anybody help me out? I've searched through the forums and I still don't know what to do.
I haven't tried anything with a code cave yet because I don't really know how to do any of that stuff
Oh and I'm like 90% sure the variable is in a struct (if that makes a difference)
Description: |
|
Filesize: |
46.12 KB |
Viewed: |
7330 Time(s) |
|
Description: |
|
Filesize: |
31.34 KB |
Viewed: |
7330 Time(s) |
|
Description: |
|
Filesize: |
45.3 KB |
Viewed: |
7330 Time(s) |
|
|
|
Back to top |
|
|
Labyrnth Moderator Reputation: 9
Joined: 28 Nov 2006 Posts: 6285
|
Posted: Wed Oct 29, 2008 10:03 am Post subject: |
|
|
Do a hex search for 3203674
Then you will get and address.
Take this address and subtract it from the address you found first.
320367C - address found in hex = ?
So click add address manually.
Tick pointer and type address xxxxxx and offset x.
Also, you really dont need this pointer to hack you could use what you found.
47d02f mov [edx+08],eax
Take a look at that for a second.
You can pass anything you want to this instruction here.
This address will not change, with the exception that there is no codeshifting, only DMA.
[edx+08] is the address you found. 320367C
Value moved into this address is 7
eax = 7
So to make your change you would do something like.
mov eax,63 <--- 63 hex = 99 dec. *Dec is what you see in game.
mov [edx+08],eax <-- eax will now = 99
So simply put you could solve your problem by doing a code injection changing eax value.
_________________
|
|
Back to top |
|
|
Recifense I post too much Reputation: 166
Joined: 17 Mar 2008 Posts: 3688 Location: Pernambuco - Brazil
|
Posted: Wed Oct 29, 2008 10:42 am Post subject: |
|
|
Hi Phillip,
It sometimes does happen. EDX could have been initialized to point to any part of a structure via instructions like LEA.
Try to figure out how EDX is initialized looking at the instruction that are executed before the one you are investiganting.
Another try is to look for range value. Values between 3203074 and 3203674 for instance
Or try the option "Pointer scan for this address"
Cheers.
|
|
Back to top |
|
|
|