View previous topic :: View next topic |
Author |
Message |
KrisperKIA How do I cheat? Reputation: 0
Joined: 28 Jul 2020 Posts: 2
|
Posted: Tue Jul 28, 2020 8:15 pm Post subject: "Shared Code" Tutorial - Unexpected Information at |
|
|
I have gone over how to solve the shared code problem a few times, and I have a method for doing it by inserting the four base addresses into a dissector. I'm getting all relevant information that everybody else on the Internet seems to get, except for the values at offset 10. For everyone else, this is a 4-byte value indicating the team the person is on (1 or 2), but for me, it's a pointer. Why is this happening? Where is the team number stored in the memory? Below is a picture for reference.
EDIT: I just realized that the pointer 0010 drops down into several other addresses, the values for which are ??? for both of the computer players.
Please let me know any advice/pointers (haha) you might have. Thank you very much!
Description: |
|
Filesize: |
120.56 KB |
Viewed: |
6743 Time(s) |
|
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Tue Jul 28, 2020 9:28 pm Post subject: |
|
|
CE has to guess what value type the data it reads is. Sometimes it guesses wrong (like here).
Add a new offset manually at 0x14 with type 4-byte (right click menu).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Wed Jul 29, 2020 3:14 am Post subject: |
|
|
Just confirming, you are using the 64 bit tutorial right?
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
KrisperKIA How do I cheat? Reputation: 0
Joined: 28 Jul 2020 Posts: 2
|
Posted: Wed Jul 29, 2020 10:00 pm Post subject: |
|
|
Quote: | CE has to guess what value type the data it reads is. Sometimes it guesses wrong (like here).
Add a new offset manually at 0x14 with type 4-byte (right click menu). |
That worked - thanks for the help! Just wondering, how did you know to pick an offset of 14? Was it arbitrary?
Quote: | Just confirming, you are using the 64 bit tutorial right? |
Yes.
|
|
Back to top |
|
|
ParkourPenguin I post too much Reputation: 140
Joined: 06 Jul 2014 Posts: 4300
|
Posted: Wed Jul 29, 2020 10:45 pm Post subject: |
|
|
Pointers take up 8 bytes of memory in a 64-bit process.
In the instances of the structure, the pointers at offset 0x10 have values "1001A0317", "100121E59", "20015BBBB", and "2000B25EC".
In little endian, values that take up multiple bytes are stored with the least significant bytes first. i.e. for the pointer whose value is "1001A0317", the array of bytes in memory would be "17 03 1A 00 01 00 00 00".
I don't know what the first 4 bytes of each pointer are, but the more significant 4 bytes (i.e. offsets 0x14 - 0x17 inclusive), when interpreted as 4-byte integers, are "1", "1", "2", and "2" respectively. These values are what I thought you expected to see.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
Back to top |
|
|
|