View previous topic :: View next topic |
Author |
Message |
Eizok How do I cheat? Reputation: 1
Joined: 05 Dec 2018 Posts: 4
|
Posted: Wed Dec 05, 2018 9:14 am Post subject: Newbie Question |
|
|
Hi, Everyone I'm very new here. I tried to search for the problem, but can't find it. Hope you guys can help me.
Can't Find the offset below, For what I understood the "EDI" is the base and the rest the offset but I try to solve it by multiply ("ESI"*4+Offset) but it doesn't work anyhow. what Should I do? the only thing I find on the internet it was Offset array but couldn't understand it.
and why is "EDi" so big if it's an offset?
Description: |
|
Filesize: |
43.7 KB |
Viewed: |
2283 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Wed Dec 05, 2018 9:25 am Post subject: |
|
|
Those register values are shown after the instruction has been executed. Since that instruction is writing to EDI, the value you see is the value that was stored in [esi+edi*4+2a48]. That is not the actual value of EDI as was used in address calculation.
Look at almost any other instruction there (except EAX) and you'll see the real value used as the index.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Eizok How do I cheat? Reputation: 1
Joined: 05 Dec 2018 Posts: 4
|
Posted: Wed Dec 05, 2018 9:30 am Post subject: |
|
|
ParkourPenguin wrote: | Those register values are shown after the instruction has been executed. Since that instruction is writing to EDI, the value you see is the value that was stored in [esi+edi*4+2a48]. That is not the actual value of EDI as was used in address calculation.
Look at almost any other instruction there (except EAX) and you'll see the real value used as the index. |
I'd started with an EAX value but it took me to this address it's the 4th Offset.
But what r u saying I should avoid EDI and try to work with EAX values?
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 138
Joined: 06 Jul 2014 Posts: 4275
|
Posted: Wed Dec 05, 2018 9:38 am Post subject: |
|
|
No; just look at a different instruction besides that one and the first one in the list (i.e. "mov eax,[ecx+eax*4+2a48]"). Everything else is writing to a different register, so the value of the index register won't be clobbered.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Eizok How do I cheat? Reputation: 1
Joined: 05 Dec 2018 Posts: 4
|
Posted: Wed Dec 05, 2018 10:19 am Post subject: |
|
|
ParkourPenguin wrote: | No; just look at a different instruction besides that one and the first one in the list (i.e. "mov eax,[ecx+eax*4+2a48]"). Everything else is writing to a different register, so the value of the index register won't be clobbered. |
OK, Eax it is the same thing how to calc offset?
is it like this
ECX*4+2A48?
therefore : 21396120*4+2A48?
Base Number : 2701EF30
Description: |
|
Filesize: |
228.52 KB |
Viewed: |
2267 Time(s) |
|
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 457
Joined: 09 May 2003 Posts: 25262 Location: The netherlands
|
Posted: Wed Dec 05, 2018 10:28 am Post subject: |
|
|
the stuff between [ecx+eax*4+2a48] matches 21398b74
eax is unkown, so:
ecx+?*4+2a48=21398b74
ecx=21396120
so 21396120+offset=21398b74
so offset=21398b74-21396120=2A54
(and not that it matters at all, but eax was apparently 3)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Eizok How do I cheat? Reputation: 1
Joined: 05 Dec 2018 Posts: 4
|
Posted: Wed Dec 05, 2018 11:18 am Post subject: |
|
|
Dark Byte wrote: | the stuff between [ecx+eax*4+2a48] matches 21398b74
eax is unkown, so:
ecx+?*4+2a48=21398b74
ecx=21396120
so 21396120+offset=21398b74
so offset=21398b74-21396120=2A54
(and not that it matters at all, but eax was apparently 3) |
I think I got it, I'll try later too see if it works.
It works Thanks
|
|
Back to top |
|
|
|