View previous topic :: View next topic |
Author |
Message |
Onelio Newbie cheater Reputation: 0
Joined: 22 Mar 2016 Posts: 20
|
Posted: Thu Mar 24, 2016 5:12 pm Post subject: |
|
|
Am... I'm not sure.. But the game "load" it when it's running so I think that it's dynamically allocated.
This dynamic string is just a path that added to the domain make another url that download more data.
That is why I want both of the strings, the static and the dynamic one.
(Forget about the static one, I'm just mean it for explaining better where is the dynamic one)
I've tryed using WireShark to detect the dynamic path everytime the game download it and then I tryed to scan the memory searching for the offset but it always show 0 in the second scan...
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Thu Mar 24, 2016 6:22 pm Post subject: |
|
|
Ok, search for the string using CE. Find the string and bring it down to the address list. Double click on the number under the "Address" column. If the same number is there, then it was dynamically allocated. If it shows something like derp.dll+DAF7, then it is a static address.
Try searching for the address of the string directly. Set the value type to 4 bytes, check the "Hex" checkbox, set the "Writable" and "Executable" checkboxes to grey (neither checked nor unchecked), and uncheck the "Fast Scan" checkbox. If anything pops up, disassemble that region and see if it looks like it's valid asm. If it is, then you should be able to copy the address of that instruction to some registered symbol just by using an AoB scan. You might be able to even if it's not valid asm, but try to find something that is.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Onelio Newbie cheater Reputation: 0
Joined: 22 Mar 2016 Posts: 20
|
Posted: Fri Mar 25, 2016 10:55 am Post subject: |
|
|
I've restarted the computer many times but I'm still getting more than 10.000 results... Am I missing something?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Fri Mar 25, 2016 11:09 am Post subject: |
|
|
No; that many results is pretty common. Just pick one and it should work for you. I generally go for the pointers with the lowest number of offsets and/or those in an important-looking module (i.e. the exe). You can also rescan the list at different points in the game. For example, rescan it when you start the game up, after you've played it for a while, and after you're ready to quit.
Those pointers should work for you; however, if you want a pointer that should also work for other people, you should rescan that list on another computer.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Onelio Newbie cheater Reputation: 0
Joined: 22 Mar 2016 Posts: 20
|
Posted: Fri Mar 25, 2016 11:32 am Post subject: |
|
|
One thing more, Some of the items in my list have as baseaddress "ThreadSTACK0"...
What this mean? Usually they should be more like "Process.exe"
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4299
|
Posted: Fri Mar 25, 2016 11:59 am Post subject: |
|
|
Threadstack addresses reside pretty low in the stack of the first few threads. These addresses are unlikely to change and as such can sometimes be treated as static addresses. Add it to your cheat table and see what's being written to it (if anything) to make sure that it's reasonably safe to use.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Onelio Newbie cheater Reputation: 0
Joined: 22 Mar 2016 Posts: 20
|
Posted: Fri Mar 25, 2016 12:03 pm Post subject: |
|
|
Mm.. I thnk I will pass of using them xD.
|
|
Back to top |
|
|
WilliamW1979 How do I cheat? Reputation: 0
Joined: 08 May 2020 Posts: 1
|
Posted: Fri May 08, 2020 9:12 pm Post subject: Thank You! |
|
|
I was going nuts trying to figure out why I couldn't find a pointer, but your advice let me fine them all when I increased the offset searches. I appreciate this help, even if it is 4 years old it is still great advice that works today! Just in case anyone searches and finds this, they know it still works! Thanks again!
|
|
Back to top |
|
|
|