| View previous topic :: View next topic |
| Author |
Message |
Zampfeo
How do I cheat?
![]() Reputation: 0
Joined: 24 Feb 2010
Posts: 4
|
 Posted: Wed Feb 24, 2010 6:40 pm Post subject: Problems with muliti level pointers |
 |
|
So I found my first pointer fairly easy, it didn't move when I logged off unlike the address, but it did move when the application was closed. So, I found what writes to the pointer while logging in and out and I got three opcodes:
mov [edi], 00000000
mov [esi], 00000000
mov [esi], ecx
From what I can tell these do not have an offset, so where should I go from here?
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25828
Location: The netherlands
|
| Posted: Wed Feb 24, 2010 7:46 pm Post subject: |
|
|
you can also read them as:
mov [edi+00000000], 00000000
mov [esi+00000000], 00000000
mov [esi+00000000], ecx
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Zampfeo
How do I cheat?
![]() Reputation: 0
Joined: 24 Feb 2010
Posts: 4
|
| Posted: Wed Feb 24, 2010 8:01 pm Post subject: |
|
|
| But doesn't that make the offset 0? This makes the value the same as the one I searched for to find it, it's completely different than the original dynamic address.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25828
Location: The netherlands
|
| Posted: Wed Feb 24, 2010 8:07 pm Post subject: |
|
|
no
Let's say the ADDRESS is 456000
the instruction that accesses that ADDRESS is "mov eax,[ecx+00000000]
ecx then contains the VALUE 456000
so, do a scan for the VALUE 456000, and you will get a bunch of ADDRESSES that contain the VALUE 456000 but aren't the ADDRESS 456000
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Zampfeo
How do I cheat?
![]() Reputation: 0
Joined: 24 Feb 2010
Posts: 4
|
| Posted: Wed Feb 24, 2010 9:02 pm Post subject: |
|
|
Thanks for all the help but there's something I'm either doing wrong or don't understand.
I get:
mov [edi], 00000000
mov [esi], 00000000
mov [esi], ecx
So I show more info to find what to search for to get my pointers (1083A970), I search for that and get 3 addresses. I make these addresses into pointers with an offset of 00000000. All three of these pointer's values don't match up with the value of my original dynamic address.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25828
Location: The netherlands
|
| Posted: Wed Feb 24, 2010 9:37 pm Post subject: |
|
|
To rephrase:
The register values contained the value 1083a970 ? (I assume so since that'd be the address you'd look for)
After doing a hexadecimal scan for 1083a970 you found 3 addresses with that specific value
Then I do not understand how the address containing the value 1083a970 with an offset of 0 returns any other address than 1083a970
a pointer ADDRESS with the VALUE of 1083a970, and an offset of 0 should return 1083a970
And if you mean the pointers aren't valid when you restart tha'ts because you might need to find out what accesses those pointers
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Zampfeo
How do I cheat?
![]() Reputation: 0
Joined: 24 Feb 2010
Posts: 4
|
| Posted: Wed Feb 24, 2010 9:48 pm Post subject: |
|
|
| What I mean is that I don't know what to do with these pointers, if anything, because they don't share the same value that my original dynamic address did. I.E. = value 1083a970 points to value 2 which points to value 2, with my first pointer I could freely change the value but the value of the static pointer does nothing to my original address.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
