| View previous topic :: View next topic |
| Author |
Message |
jgoemat
Master Cheater
![]() Reputation: 23
Joined: 25 Sep 2011
Posts: 265
|
 Posted: Sat Jul 12, 2014 7:03 pm Post subject: Is there a way to find relative addresses in x64? |
 |
|
For instance I see this code:
| Code: | WolfNewOrder_x64.exe+92F2E1 - 4C 8D 05 78976F00 - lea r8,[WolfNewOrder_x64.exe+1028A60]
WolfNewOrder_x64.exe is 7FF63A530000
Address is 7FF63B558A60 (-1028A60 is start of exe)
006F9778 -- offset
0092F2E8 -- next instruction
01028A60 -- What is shown |
I have the address that affects player speed and I want to see if it is used anywhere in the code. I would use "What accesses this address", but the game crashes when I try to debug it.
Is there any way to search for code that would operate on a specific address?
|
|
| Back to top |
|
 |
STN
I post too much
 Reputation: 43
Joined: 09 Nov 2005
Posts: 2676
|
| Posted: Sat Jul 12, 2014 7:23 pm Post subject: |
|
|
Not really getting what you mean.
If you mean is there any other way to get the code besides debugging then i am afraid there is not. You can try to find it being referenced (hard-coded) in ollydbg (not sure how in CE) but that is assuming the address is hard-coded/static and accessed directly instead of through registers/allocated.
Your code in the code tags is confusing...this
Address is 7FF63B558A60 (-1028A60 is start of exe)
1028A60 looks like to be an offset not the start of exe.
No idea what the rest of information is.
_________________
|
|
| Back to top |
|
|
661089799107
Expert Cheater
![]() Reputation: 3
Joined: 25 Jan 2009
Posts: 186
|
| Posted: Sun Jul 13, 2014 11:21 am Post subject: |
 |
|
If you are crashing then try the other debugger methods and breakpoint types in settings.
If the address of player speed is static then you may be able to find it with: Search->Find assembly code in the memory viewer.
Search for something like: *static_address*
Make sure you change the address range.
|
|
| Back to top |
|
|
jgoemat
Master Cheater
![]() Reputation: 23
Joined: 25 Sep 2011
Posts: 265
|
| Posted: Sun Jul 13, 2014 6:03 pm Post subject: |
|
|
Thanks for the replies. Assembly scan worked! I just have to search for the entire address (i.e. 7FF63B558A60) and not the module-relative one shows in the disassembly window. Can't believe I didn't see that.
What I mean is that the value I want is at 7FF63B558A60 in global address space. The exe starts at 7FF63A530000. The offset is what it shows in the instruction, i.e. "WolfNewOrder_x64.exe+1028A60". That instruction though uses IP relative addressing, so the actual bytes are "78976F00" or the 32-bit value 006F9778 which is relative to the instruction pointer after the instruction which is offset 0092F2E8. Add those two together and you get the 1028A60 offset from the exe start. If the next instruction was the exact same instruction, that 32 bit offset would be different because it is relative to the instruction pointer.
The problem is that I couldn't find the code that accesses the instruction because the bytes are different each time. With 32-bit games that access statics as global 32-bit addresses it is simple to find instructions that access them, just scan the EXE space for that 32-bit address. With 64-b it relative addressing the bytes are different for each address. "Find assembly code" seems to be just the thing I was looking for.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
