| View previous topic :: View next topic |
| Author |
Message |
Astaroth4256
Advanced Cheater
![]() Reputation: 0
Joined: 25 May 2014
Posts: 59
|
 Posted: Thu May 09, 2019 8:18 am Post subject: Can't find pointer path cause address points to itself? |
 |
|
I have an address that contains useful data for my bot. So I try to find a pointer path for it, I do a pointer scan and even a 7 level pointer scan gives no valid paths (they're invalid in other clients). I did several more pointer scans with different settings and none were successful.
So I try to do a manual scan, I select the address and check what accesses it. I get:
| Code: | | 011CACDF - 39 BE 44020000 - cmp [esi+00000244],edi << |
Ok then, I take esi, 4byte scan for it, find out what accesses the address with value of esi. I get another pointer level, so I repeat.
But at the third level there's an issue:
The address is 10C1A994 with value 0D964FF8
The opcodes are
| Code: | 00FE05EA - 75 F2 - jne ".exe"+A05DE
00FE05EC - 8B 5D F0 - mov ebx,[ebp-10]
00FE05EF - 8B 5B 04 - mov ebx,[ebx+04] <<
00FE05F2 - 89 5D F0 - mov [ebp-10],ebx
00FE05F5 - C7 45 FC 02000000 - mov [ebp-04],00000002 |
And the ebx is 0D964FF8
So it points back to itself. I'm not good with assembler and mostly have no idea what's going on there. How can I get a correct pointer path in this case, or what other methods can I use to find the "interesting address" every time the game is reloaded?[/code]
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 140
Joined: 06 Jul 2014
Posts: 4300
|
| Posted: Thu May 09, 2019 8:29 am Post subject: |
|
|
The values of the registers are taken after the instruction has been executed. CE should tell you this in the "more info" window.
You have [ebx + 4] = 0D964FF8. Search for 0D964FF8 and subtract 4 from the addresses found. Alternatively, use a (conditional) breakpoint (code breakpoints trigger before the instruction executes).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 458
Joined: 09 May 2003
Posts: 25296
Location: The netherlands
|
| Posted: Thu May 09, 2019 8:41 am Post subject: |
|
|
when doing a manual scan, never look at the register values
you did find what accesses on address 10C1A994 and found
so that means the offset is 04.
that also means the value of the pointer is 10C1A994-4 (10C1A990)
so scan for 10C1A990
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Astaroth4256
Advanced Cheater
![]() Reputation: 0
Joined: 25 May 2014
Posts: 59
|
| Posted: Thu May 09, 2019 8:48 am Post subject: |
|
|
Oops that's probably some basic stuff that I didn't know about, I managed to find a working pointer with that, thanks. It turned out to be 8 (or 9 I lost count after 2) levels deep, so would the pointer scanner pick it up if I set it to that much? Cause I always thought there's no need to go deeper than 7
I just checked and in case anyone else has this issue, yeah pointer scan will pick it up so it was just me being detarded.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
