Joined: 13 Oct 2013
|Posted: Tue Feb 25, 2014 9:58 am Post subject: Manual Pointer Scanning Problem
|I am trying to find the pointer for the Research Value of StarDrive, Pointerscanning never really found anything and takes ages so i wanted to do that manually like suggested in some tutorials.
After the first Pointer things get confusing for me as i do not know what to do with the values shown.
So here's how i do it:
1. I find the Value and make sure it can be edited, it is on address 1C44B038.
2. I find out whats writing to it, which is address 0E9B1FEC - D9 58 08 - fstp dword ptr [eax+08]. Which means i have to check registers EAX.
3. I search this address as Int4 in HEX which leads me to the closest resembled address 1C44BA38.
4. I copy this address into the address i have, set it to pointer and add offset 8. Pointer is correct, so i move on.
5. Now i scan this address again with check what accesses it and it leads to the following code:
1 call 6C87FAC5 - 8B 54 39 0C - mov edx,[rcx+rdi+0C]
531 calls 6C888CEA - 8B 40 04 - mov eax,[rax+04]
Registers are like that now:
How do i manage to get further from here ? No tutorial showed what to do when instructions with multiple registers happen...
I tried adding ECX and EDI with Windows Calc and setting the result 1C44BA2C +0C as an offset but no luck...