| View previous topic :: View next topic |
| Author |
Message |
knightblizs
Advanced Cheater
![]() Reputation: 0
Joined: 18 Jun 2013
Posts: 56
|
 Posted: Tue Jun 18, 2013 7:32 pm Post subject: [Help] Search Address base + Offset (Statisc) |
 |
|
My Step :
1. Get Address and Find Out What Accesses This Address
2. Scan 043A5020 (hex)
3. Pointer Scan for this Address
4 Then Add Offset
my Question
1. What's the difference : Find Out What Accesses This Address and Find Out What Writes This Address ?
2. After step 4 how the next step to search the address and the offset static
| Description: |
|
| Filesize: |
381.77 KB |
| Viewed: |
13413 Time(s) |
|
|
|
| Back to top |
|
 |
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Tue Jun 18, 2013 9:07 pm Post subject: |
|
|
Instead of 'find what accesses', just go straight to pointer scanner...no need to search for hex or any of that nonsense. Let the pointer scanner do all of the work for you.
Regarding 'what accesses' vs. 'what writes', it is just what it sounds like. An instruction that writes to an address, literally writes to that address, giving it a value. The instructions that access an address may be writing to that address (or) just reading from that address (it will yield both types, write and read).
So, you have a choice...you can choose to have the debugger show you only the instructions that write to the address ("find what writes")...or, you can have the debugger show you all of the instructions ("find what accesses"). To simplify it even further, you could have the debugger give you results A and B (by 'find what writes'), or, you could have the debugger give you results A, B, C, D, E & F (by 'find what accesses').
Last edited by ++METHOS on Tue Jun 18, 2013 9:09 pm; edited 1 time in total |
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Jun 18, 2013 9:09 pm Post subject: Re: [Help] Search Address base + Offset (Statisc) |
|
|
| knightblizs wrote: | | 1. What's the difference : Find Out What Accesses This Address and Find Out What Writes This Address ? |
...What Accesses... shows the instructions that write your address PLUS those who read it.
| knightblizs wrote: | | 2. After step 4 how the next step to search the address and the offset static |
There is no next step: by default the pointer scanner only shows pointers with a static base.
However you're hacking a flash game, you won't find stable pointers in such games, use code injection/hooking instead.
|
|
| Back to top |
|
|
knightblizs
Advanced Cheater
![]() Reputation: 0
Joined: 18 Jun 2013
Posts: 56
|
| Posted: Tue Jun 18, 2013 10:01 pm Post subject: |
|
|
| GNIREENIGNE wrote: | Instead of 'find what accesses', just go straight to pointer scanner...no need to search for hex or any of that nonsense. Let the pointer scanner do all of the work for you.
Regarding 'what accesses' vs. 'what writes', it is just what it sounds like. An instruction that writes to an address, literally writes to that address, giving it a value. The instructions that access an address may be writing to that address (or) just reading from that address (it will yield both types, write and read).
So, you have a choice...you can choose to have the debugger show you only the instructions that write to the address ("find what writes")...or, you can have the debugger show you all of the instructions ("find what accesses"). To simplify it even further, you could have the debugger give you results A and B (by 'find what writes'), or, you could have the debugger give you results A, B, C, D, E & F (by 'find what accesses'). |
Wow thanks for description 
| Gniarf wrote: | | knightblizs wrote: | | 1. What's the difference : Find Out What Accesses This Address and Find Out What Writes This Address ? |
...What Accesses... shows the instructions that write your address PLUS those who read it.
| knightblizs wrote: | | 2. After step 4 how the next step to search the address and the offset static |
There is no next step: by default the pointer scanner only shows pointers with a static base.
However you're hacking a flash game, you won't find stable pointers in such games, use code injection/hooking instead. |
use code injection/hooking instead ? Can you please tell me about it or give me the thread, before I had learned about code injection on tutorial
thanks 
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Tue Jun 18, 2013 11:35 pm Post subject: |
|
|
| knightblizs wrote: | | use code injection/hooking instead ? Can you please tell me about it or give me the thread, before I had learned about code injection on tutorial |
Help->Cheat engine tutorial steps 5 and 7, and if needed forum search feature.
AFTER you've done that, you'll also need aobscans for flash applications. Basically the big idea behind code injection/hooking and nopping is that you modify the game's code to prevent is from modifying your gold/health/ammo...
aobscan tutorial: http://forum.cheatengine.org/viewtopic.php?t=561407
|
|
| Back to top |
|
|
knightblizs
Advanced Cheater
![]() Reputation: 0
Joined: 18 Jun 2013
Posts: 56
|
| Posted: Wed Jun 19, 2013 1:47 am Post subject: |
|
|
| Gniarf wrote: | | knightblizs wrote: | | use code injection/hooking instead ? Can you please tell me about it or give me the thread, before I had learned about code injection on tutorial |
Help->Cheat engine tutorial steps 5 and 7, and if needed forum search feature.
AFTER you've done that, you'll also need aobscans for flash applications. Basically the big idea behind code injection/hooking and nopping is that you modify the game's code to prevent is from modifying your gold/health/ammo...
aobscan tutorial: |
I could not continue to the next step, I'm tired of been looking for a green address (statisc)
| Description: |
|
| Filesize: |
158.93 KB |
| Viewed: |
13336 Time(s) |
|
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed Jun 19, 2013 2:58 am Post subject: |
|
|
| knightblizs wrote: | | I could not continue to the next step, I'm tired of been looking for a green address (statisc) |
| GNIREENIGNE wrote: | | Let the pointer scanner do all of the work for you. |
Use the pointer scanner. Use injection. Stay away from online games.
|
|
| Back to top |
|
|
knightblizs
Advanced Cheater
![]() Reputation: 0
Joined: 18 Jun 2013
Posts: 56
|
| Posted: Wed Jun 19, 2013 3:39 am Post subject: |
|
|
| GNIREENIGNE wrote: | | knightblizs wrote: | | I could not continue to the next step, I'm tired of been looking for a green address (statisc) |
| GNIREENIGNE wrote: | | Let the pointer scanner do all of the work for you. |
Use the pointer scanner. Use injection. Stay away from online games. |
and how i found green address on Pointer Scanner ? i have already got base addres + offset but not work when restart game address changed
|
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Wed Jun 19, 2013 3:26 pm Post subject: |
|
|
| Don't look for a green address with pointer scanner. Attempting to learn the pointer scanner feature on an online game is not recommended.
|
|
| Back to top |
|
|
knightblizs
Advanced Cheater
![]() Reputation: 0
Joined: 18 Jun 2013
Posts: 56
|
| Posted: Thu Jun 20, 2013 6:11 am Post subject: |
|
|
| GNIREENIGNE wrote: | | Don't look for a green address with pointer scanner. Attempting to learn the pointer scanner feature on an online game is not recommended. |
okay I'm just a little understand about Pointer Scanner Can you tell more about that ?
next quest
What is the function code injection could to change or increase / decrease the value ?
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Jun 20, 2013 8:21 am Post subject: |
|
|
| knightblizs wrote: | | What is the function code injection could to change or increase / decrease the value ? |
1-Find your value in CE.
2-Right click-> find out what accesses...
3-Right click in the window titled "The following opcodes accesses"->"check if found opcodes also access...".
4-Play a bit.
5-For each result that has a (1) click show disassembler then post a screenshot or just post a few lines around the highlighted one. Results with a (2) or bigger are not interesting.
Tip: alt+print screen=screenshot of the only currently focused window.
|
|
| Back to top |
|
|
knightblizs
Advanced Cheater
![]() Reputation: 0
Joined: 18 Jun 2013
Posts: 56
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Jun 20, 2013 9:32 am Post subject: |
|
|
If you've followed my instructions above, the script below should keep increasing your variable.
| Code: | [ENABLE]
alloc(NewMem,1024)
label(returnhere)
aobscan(HookedFunction,8b 81 00 03 00 00 8d 8e ac 12 00 00 3b c2 7d 1e) //look for a byte signature
registersymbol(HookedFunction)
HookedFunction:
jmp NewMem //hook the function that was where we found 8b 81 00 03 00 00 8d 8e ac 12 00 00 3b c2 7d
nop
returnhere:
NewMem:
add dword [ecx+300],#10 //increases your variable by 10 each time
//sub dword [ecx+300],#10 //would decrease your variable by 10 each time
//mov dword [ecx+300],#10000 //would set your variable to 10000 each time
mov eax, dword [ecx+300] //original code
jmp returnhere
[DISABLE]
dealloc(NewMem)
unregistersymbol(HookedFunction)
HookedFunction:
mov eax, dword [ecx+300] //restore original code |
Of course feel free to adapt it.
(Now am I the only one to think write operations are missing on the screenshot above?)
|
|
| Back to top |
|
|
knightblizs
Advanced Cheater
![]() Reputation: 0
Joined: 18 Jun 2013
Posts: 56
|
| Posted: Thu Jun 20, 2013 9:42 am Post subject: |
|
|
| Gniarf wrote: | If you've followed my instructions above, the script below should keep increasing your variable.
| Code: | [ENABLE]
alloc(NewMem,1024)
label(returnhere)
aobscan(HookedFunction,8b 81 00 03 00 00 8d 8e ac 12 00 00 3b c2 7d 1e) //look for a byte signature
registersymbol(HookedFunction)
HookedFunction:
jmp NewMem //hook the function that was where we found 8b 81 00 03 00 00 8d 8e ac 12 00 00 3b c2 7d
nop
returnhere:
NewMem:
add dword [ecx+300],#10 //increases your variable by 10 each time
//sub dword [ecx+300],#10 //would decrease your variable by 10 each time
//mov dword [ecx+300],#10000 //would set your variable to 10000 each time
mov eax, dword [ecx+300] //original code
jmp returnhere
[DISABLE]
dealloc(NewMem)
unregistersymbol(HookedFunction)
HookedFunction:
mov eax, dword [ecx+300] //restore original code |
Of course feel free to adapt it. |
My steps :
Ctrl + a > Template > Code Injection
then replace
right?
how about value was changed to 15 ?
| Description: |
|
| Filesize: |
36.28 KB |
| Viewed: |
13172 Time(s) |
|
|
|
| Back to top |
|
|
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Thu Jun 20, 2013 9:57 am Post subject: |
|
|
| knightblizs wrote: | My steps :
Ctrl + a > Template > Code Injection
then replace
right? |
Not wrong, but you don't need to use a template. Just ctrl+a, ctr+v, file->assign to cheat table is enough.
| knightblizs wrote: | | how about value was changed to 15 ? |
I said "feel free to adapt it", so if you want 15, put 15, if you want SomethingElse, put SomethingElse. Just try.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
