View previous topic :: View next topic |
Author |
Message |
f100 Newbie cheater Reputation: 0
Joined: 10 Nov 2005 Posts: 15
|
Posted: Wed Nov 16, 2005 11:02 am Post subject: Can Someone Help me with (base)Pointer ? |
|
|
i could help with following situation:
i found the adress of a value i want to freeze. lets say its the address: 1FF34A34. i did view what access this address. it was
CMP [ECX+00000010c],EAX
so i searched after the value stored in ECX and found the 1 address(202A9140) , i added a pointer that value(1FF34A34) of it and the 10c ofset and froze it - everything nice and fine.
but
it wasnt a static pointer i guess - cuz it also changes after gamereload/mapchange.
so i looked WHAT ACCESSES 202A9140 i got that thing:
code :005bde2b - 8b 4b 14 - mov ecx,[ebx+14]
code :005c25ab - 8b 4e 14 - mov ecx,[esi+14]
code :005c97d1 - 8b 47 14 - mov eax,[edi+14]
all 3x info said the value of pointer to find that address is 202A912C
but there was no search result.
then i tried search base pointer ON the pinter, but i didnt know what address he asks me for.
and the option find out what accesses this pointer on the pointer also end up in nothing
how can i go on now ?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Wed Nov 16, 2005 12:01 pm Post subject: |
|
|
Look at the assembler code above it and try t figure out how the register gets it's value.
e.g from a different register and then adding a value, or from the stack (and then you'll have to do some stacktracing to find out what called that function, and then look there gow that value got on the stack...)
it's going to be hard.
it would be easier to just nop the code that decreases the address, or if that doesn't give the results you want (e.g same also goes for the enemy) then do some basic code injection. (e.g find the code that is accessed only to read the address and draw it on the screen and then use that register+offset to set it o the value you want)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
f100 Newbie cheater Reputation: 0
Joined: 10 Nov 2005 Posts: 15
|
Posted: Wed Nov 16, 2005 2:13 pm Post subject: |
|
|
ty DB for your reply.
nop not possible due crc
stacktracing imho also not due debugger prevention
welcome to planet nprotect
i'll try harder
|
|
Back to top |
|
|
Turtle Advanced Cheater Reputation: 7
Joined: 25 Jul 2004 Posts: 85
|
Posted: Wed Nov 16, 2005 5:15 pm Post subject: |
|
|
Does code injection affect the CRC also? Or just Noping?
There is another method for finding static pointers:
in mhs,
After you find a value that you want to resolve, and you find it's address, say it's address is (34891278). Try the following:
1. Select the pointer search.
2. Choose a "range" type search.
3. For the max value of the range put the address of the value you want resolved, for example (34891278). For the lowest part of the range set all the last 5 digits to '0' so (34800000). Make sure that the "only find static" pointers" box is ticked.
The first box is for the lowest value of the range, and the 2nd box, (the one on the right) is for the max value of the range.
That should search for static pointers that point to addresses in that range that are before the address of the value that you want resolved. Also, in the box that says "save offsets from", just put in the same address as the max value of the range (34891278).
Now in the results window it will show each static pointer and the offset distance between the address that they point to and the address of the value you want resolved. All the offsets distances will be listed with a "-" sign in front of them, since we are saving offsets from the max part of the range, so pick the one with the smallest negative offset, so "-500" is better than "-1000". The decimal offset distance is shown in brackets. It's easier to work with decimal offsets. There is also a "go to closest" button on the results window which should automatically show you the pointer with the smallest offset distance, it will highlight it.
Now with that static pointer, to test it just remember that you are adding that 500 to the address that the pointer points to, in order to get the value that you want resolved. So test it.
If that static pointer turns out to be unreliable, then you can try the next best one, for example the next best one could be "-600", it's a larger offset, but it may be a more reliable static pointer.
Last edited by Turtle on Wed Nov 16, 2005 6:37 pm; edited 11 times in total |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25295 Location: The netherlands
|
Posted: Wed Nov 16, 2005 5:36 pm Post subject: |
|
|
It's basicly the same. (nopping is just code injection and write nop's instead of normal code)
But you may be able to rewrite the crc check routine to always return the same value.
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
|