View previous topic :: View next topic |
Author |
Message |
Radium93 How do I cheat? Reputation: 0
Joined: 20 Jan 2010 Posts: 6
|
Posted: Fri Jan 22, 2010 4:50 am Post subject: |
|
|
this was originaly a replie I never posted... Since the server went down this morning (or whatever happend).
---------To find a pointer:
Say you got an adress, doesn't matter what, but let's say it's for health. Right click it and select "find out what writes to this pointer". Get hit.
You'll have some code, maybe more pieces... they could be something like this:
Code:
dec [eax+65]
mov [eci+65],300
inc [eax+65]
So, clearly, there is something with the 65. It is the offset. Now, if you double click one of those lines, a window will pop-up. It will tell you the values of eax,eci and all the others. Find the one that you need (for the first it would be eax, the second eci and third eax again). Now, start a new scan, 4 bytes and tick the box HEX. Scan for the value that we just looked up.
Worst case scenario: you get thousends of adresses.
Best: you get one
If you get one adress it's simple... If you got more it gets a bit harder. Anyway, look for green adresses in the search list. They are static (meaning that it doesn't change). If there are no greens, than just continue with a black one.
Click the button "add manualy". Check the box pointer and enter the adress we just found. In offset, enter 65. Done.
Now, if you didn't have a green adress, repeat for the pointer from the beginning. But make sure you find out what writes to the pointer, not the value pointed to.
--------
There is another way... Let's say you found this:
mov [eax+65],300
And you can't seem to find a pointer. Click "show assembler". The top most line is the code we found. Scroll up a bit, and you might find a line writing to eax.. for example, you might see this:
Code:
mov eax,0026F286
mov [eax+65],300
Now you need to know what [] is for. When something is between [], it meens it is treated as a pointer.
so
Code:
mov eax,300 //moves 300 into eax
mov[eax],300 //moves 300 into the adress stored in eax.
Back to the example. eax now holds 0026F286. It might be an adress (and it is in this case)
Now, "mov [eax],300" will write to the adress stored in eax, wich we just saw. So, our pointer has to be 0026F286 with offset 65.
--------------------
it is also possible to treat adresses as pointers, instead of registers. So
mov [0026F286],300
is the same as
mov eax,0026F286
mov [eax],300
The problem with this way is that you can't use an offset.. unles "mov [0026F286]+65,300" is allowed. But I don't know that for sure... |
|
Back to top |
|
|
Xenico Advanced Cheater Reputation: 0
Joined: 27 Dec 2009 Posts: 94
|
Posted: Fri Jan 22, 2010 8:38 am Post subject: |
|
|
The short way:
The position were the data is stored is called the address. You can - in this case - say that the data is synonym for value.
The pointer is just a type of a variable which owns an address and its value is also an adress. The address of the described variable can be given to the pointer and then it's possible to access the value via the pointer.
-> A pointer's job is just the pointing. _________________
|
|
Back to top |
|
|
shawnpeter How do I cheat? Reputation: 0
Joined: 21 Jan 2010 Posts: 0
|
Posted: Fri Jan 22, 2010 9:29 pm Post subject: |
|
|
thanks to all both guys. i understand a little |
|
Back to top |
|
|
Penlord Newbie cheater Reputation: 0
Joined: 13 Feb 2010 Posts: 15
|
Posted: Sun Feb 14, 2010 9:18 am Post subject: |
|
|
I understand the information provided very well. Now I am just wondering how useful pointers are compared to regular code searching and editing. |
|
Back to top |
|
|
SimpleSam How do I cheat? Reputation: 0
Joined: 25 Jul 2010 Posts: 3
|
Posted: Tue Jul 27, 2010 10:20 pm Post subject: |
|
|
I thought in Memory there were only Addresses and values(Addresses hold values). Where does the code come in? I mean do addresses also store code to take actions? I'm probably looking at this at a wrong angle.
Example:
Code:
dec [eax+65]
mov [eci+65],300
inc [eax+65] |
|
Back to top |
|
|
XaLeX Expert Cheater Reputation: 0
Joined: 19 Aug 2008 Posts: 226
|
Posted: Sat Jul 31, 2010 6:49 pm Post subject: |
|
|
Addresses hold values. Values can be data or code.
Let's say you have code
at address 00400000.
The opcodes are FF 48 65.
If you memory browse address 400000 (as if it were data), it will hold the values FF 48 65. |
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Sat Jul 31, 2010 8:10 pm Post subject: |
|
|
Haha, but an address /is/ a value, too. I remember reading about a hacker named Mel who wrote code for Royal McBee on machines that used rotating drums for memory. He knew the speed of the drum's rotation relative to the speed of code execution and would pick up pieces of code for static values. God, I sure wouldn't want to have to debug that!!
Cheers,
adude |
|
Back to top |
|
|
SimpleSam How do I cheat? Reputation: 0
Joined: 25 Jul 2010 Posts: 3
|
Posted: Wed Aug 04, 2010 6:26 pm Post subject: |
|
|
XaLeX wrote: | Addresses hold values. Values can be data or code.
Let's say you have code
at address 00400000.
The opcodes are FF 48 65.
If you memory browse address 400000 (as if it were data), it will hold the values FF 48 65. |
Yea except I don't know what "FF 48 65". Aren't they bytes in a hexadecimal format? I don't know what to make of them or how they are used in memory. |
|
Back to top |
|
|
kinglitter How do I cheat? Reputation: 0
Joined: 04 Apr 2009 Posts: 4
|
Posted: Sat Oct 23, 2010 1:09 am Post subject: wow |
|
|
ive been so confused for a long time and its my fault i didnt search around thanks for this i finally understand |
|
Back to top |
|
|
BorutO How do I cheat? Reputation: 0
Joined: 29 Jun 2016 Posts: 5
|
Posted: Sat Jul 30, 2016 12:39 pm Post subject: |
|
|
is somewhere on YouTube very good tutorial how to find this address from step by step for amateur users? I know hacking games only with 2-8bytes and strings ... and changed value, that's all. |
|
Back to top |
|
|
|