| View previous topic :: View next topic |
| Author |
Message |
rain-13
Expert Cheater
![]() Reputation: 0
Joined: 18 Mar 2009
Posts: 110
|
 Posted: Mon Aug 08, 2011 6:09 am Post subject: Does anybody know what might cause problem on pointer scan? |
 |
|
I have quite strange problem that I can't find explanation for.
I am trying to find pointer for address that I just found. to do that I right click on found address and choose "Find out what writes to this address"
When I get that value changed I can see probable pointer on Extra info window
When I search for that probable pointer (i start new search in hex mode) I dont find anything. What causes such issue?
Here's image that shows problem
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Mon Aug 08, 2011 6:16 am Post subject: |
|
|
scroll up and find out how eax gets its value
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Geri
Moderator
![]() Reputation: 111
Joined: 05 Feb 2010
Posts: 5636
|
| Posted: Mon Aug 08, 2011 6:58 am Post subject: |
|
|
EDX seems like a good candidate for pointer scanning too. [eax+26] doesn't mean that the base of the structure is EAX for 100%. It could be EDX too as I see.
Besides, your code will copy ecx to [eax+26] and ecx is getting the value from a static address, 004BB954. It might worth checking out what is stored on 004BB954. You may not need a pointer at all.
_________________
|
|
| Back to top |
|
|
rain-13
Expert Cheater
![]() Reputation: 0
Joined: 18 Mar 2009
Posts: 110
|
| Posted: Mon Aug 08, 2011 8:08 am Post subject: |
|
|
| Dark Byte wrote: | | scroll up and find out how eax gets its value |
I got pointer by readin Geri's suggestion but it's just my curiosity....:
What exactly I need scroll up? Do you mean memory view? I clicked on Show disassembler
and got following: ( do you know what to do with it?
| Geri wrote: | EDX seems like a good candidate for pointer scanning too. [eax+26] doesn't mean that the base of the structure is EAX for 100%. It could be EDX too as I see.
Besides, your code will copy ecx to [eax+26] and ecx is getting the value from a static address, 004BB954. It might worth checking out what is stored on 004BB954. You may not need a pointer at all. |
004BB954 is green address that stores same value as found address. In other words it's a pointer., but sadly it's readonly but as it's different question I'll start new topic.
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8586
Location: 127.0.0.1
|
| Posted: Mon Aug 08, 2011 3:48 pm Post subject: |
|
|
There's a call 4 lines above where you were looking at the [eax+26] line. Step into the call and see if EAX is being set in there.
_________________
- Retired. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
