View previous topic :: View next topic |
Author |
Message |
redcyclone How do I cheat? Reputation: 0
Joined: 20 Oct 2016 Posts: 4
|
Posted: Thu Oct 20, 2016 1:00 pm Post subject: Can't find the pointer value. |
|
|
I got the address of the recovery frame of a fighting game. I found out what writes to this address but when I search for RDI, it returns 0 results.
I've watched couple of pointer tutorials, they all find the value of pointer with similar method, which part did I mess up?
Description: |
step1: found out what writes this address |
|
Filesize: |
74.7 KB |
Viewed: |
5370 Time(s) |
|
Description: |
step2: copied rdi address and search it but only got 0 result. |
|
Filesize: |
30.36 KB |
Viewed: |
5370 Time(s) |
|
|
|
Back to top |
|
|
M-Z Advanced Cheater Reputation: 1
Joined: 08 Nov 2014 Posts: 77 Location: Poland
|
Posted: Thu Oct 20, 2016 2:05 pm Post subject: |
|
|
If RDI is calculated somewhere, there may be no such value in memory...
|
|
Back to top |
|
|
redcyclone How do I cheat? Reputation: 0
Joined: 20 Oct 2016 Posts: 4
|
Posted: Thu Oct 20, 2016 2:30 pm Post subject: |
|
|
M-Z wrote: | If RDI is calculated somewhere, there may be no such value in memory... |
Ha, is there a way to trace how is RDI being calculated?
|
|
Back to top |
|
|
M-Z Advanced Cheater Reputation: 1
Joined: 08 Nov 2014 Posts: 77 Location: Poland
|
Posted: Thu Oct 20, 2016 2:35 pm Post subject: |
|
|
Well, code executed before contains answer whether it is calculated and how...
|
|
Back to top |
|
|
redcyclone How do I cheat? Reputation: 0
Joined: 20 Oct 2016 Posts: 4
|
Posted: Thu Oct 20, 2016 3:48 pm Post subject: |
|
|
M-Z wrote: | Well, code executed before contains answer whether it is calculated and how... |
Do you mean this? I assume this is the code executed before RDI+34.
Description: |
|
Filesize: |
39.42 KB |
Viewed: |
5326 Time(s) |
|
|
|
Back to top |
|
|
M-Z Advanced Cheater Reputation: 1
Joined: 08 Nov 2014 Posts: 77 Location: Poland
|
Posted: Thu Oct 20, 2016 4:03 pm Post subject: |
|
|
I don't have much experience with 64-bit code.
You should look for instructions which set or add/subtract something to rdi.
Also bear in mind, it is not always linear flow - do Dissect Code to know where code is branching.
You can also go to the calling fuction (stacktrace) to see whether this value is not passed as an argument...
|
|
Back to top |
|
|
Zanzer I post too much Reputation: 126
Joined: 09 Jun 2013 Posts: 3278
|
Posted: Thu Oct 20, 2016 4:59 pm Post subject: |
|
|
You're looking for an instruction that looks like
|
|
Back to top |
|
|
|