| View previous topic :: View next topic |
| Author |
Message |
boy toy
Expert Cheater
 Reputation: 0
Joined: 28 May 2007
Posts: 173
Location: Behind You
|
 Posted: Fri Feb 05, 2016 12:29 pm Post subject: Address keeps changing |
 |
|
Hello,
I've found the address that I want to change which is 0530B300.
I ran the game again and the address changed to 0486B300.
It seems like the pattern is the same: 0XXXB300.
I thought it's ASLR, but it seems like the base address is always 400000.
What am I missing? |
|
| Back to top |
|
 |
mgostIH
Expert Cheater
 Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Fri Feb 05, 2016 12:40 pm Post subject: Re: Address keeps changing |
|
|
| boy toy wrote: | Hello,
I've found the address that I want to change which is 0530B300.
I ran the game again and the address changed to 0486B300.
It seems like the pattern is the same: 0XXXB300.
I thought it's ASLR, but it seems like the base address is always 400000.
What am I missing? |
Have you tried using a pointer?
_________________
|
|
| Back to top |
|
|
boy toy
Expert Cheater
Reputation: 0
Joined: 28 May 2007
Posts: 173
Location: Behind You
|
| Posted: Fri Feb 05, 2016 12:49 pm Post subject: Re: Address keeps changing |
|
|
| mgostIH wrote: | | boy toy wrote: | Hello,
I've found the address that I want to change which is 0530B300.
I ran the game again and the address changed to 0486B300.
It seems like the pattern is the same: 0XXXB300.
I thought it's ASLR, but it seems like the base address is always 400000.
What am I missing? |
Have you tried using a pointer? |
I was unable to find a persistent pointer.
But anyway, pointer won't help because there's more than one address that I want to edit, it's a line of code that modifies several addresses.
Maybe I could find in runtime what addresses this line of code modifies? |
|
| Back to top |
|
|
mgostIH
Expert Cheater
Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Fri Feb 05, 2016 12:53 pm Post subject: Re: Address keeps changing |
|
|
| boy toy wrote: | | mgostIH wrote: | | boy toy wrote: | Hello,
I've found the address that I want to change which is 0530B300.
I ran the game again and the address changed to 0486B300.
It seems like the pattern is the same: 0XXXB300.
I thought it's ASLR, but it seems like the base address is always 400000.
What am I missing? |
Have you tried using a pointer? |
I was unable to find a persistent pointer.
But anyway, pointer won't help because there's more than one address that I want to edit, it's a line of code that modifies several addresses.
Maybe I could find in runtime what addresses this line of code modifies? |
One option there would be hooking then.
You write a little asm codecave that gets the address for you, saves it in some memory allocation and then use it to build other addresses using their offsets, or just keep on hooking to get them all.
_________________
|
|
| Back to top |
|
|
boy toy
Expert Cheater
Reputation: 0
Joined: 28 May 2007
Posts: 173
Location: Behind You
|
| Posted: Fri Feb 05, 2016 12:56 pm Post subject: Re: Address keeps changing |
|
|
| mgostIH wrote: | | boy toy wrote: | | mgostIH wrote: | | boy toy wrote: | Hello,
I've found the address that I want to change which is 0530B300.
I ran the game again and the address changed to 0486B300.
It seems like the pattern is the same: 0XXXB300.
I thought it's ASLR, but it seems like the base address is always 400000.
What am I missing? |
Have you tried using a pointer? |
I was unable to find a persistent pointer.
But anyway, pointer won't help because there's more than one address that I want to edit, it's a line of code that modifies several addresses.
Maybe I could find in runtime what addresses this line of code modifies? |
One option there would be hooking then.
You write a little asm codecave that gets the address for you, saves it in some memory allocation and then use it to build other addresses using their offsets, or just keep on hooking to get them all. |
So basically what I have to do is to override that line of asm to a jmp to my codecave, do what I want, then jump back? Is there an easier method? |
|
| Back to top |
|
|
++METHOS
I post too much
![]() Reputation: 92
Joined: 29 Oct 2010
Posts: 4197
|
| Posted: Fri Feb 05, 2016 12:58 pm Post subject: |
|
|
CE does this for you if you let it. It's super duper simple.
By the way, Morselli looks a lot like Yanni. |
|
| Back to top |
|
|
mgostIH
Expert Cheater
Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Fri Feb 05, 2016 1:00 pm Post subject: Re: Address keeps changing |
|
|
| boy toy wrote: | | mgostIH wrote: | | boy toy wrote: | | mgostIH wrote: | | boy toy wrote: | Hello,
I've found the address that I want to change which is 0530B300.
I ran the game again and the address changed to 0486B300.
It seems like the pattern is the same: 0XXXB300.
I thought it's ASLR, but it seems like the base address is always 400000.
What am I missing? |
Have you tried using a pointer? |
I was unable to find a persistent pointer.
But anyway, pointer won't help because there's more than one address that I want to edit, it's a line of code that modifies several addresses.
Maybe I could find in runtime what addresses this line of code modifies? |
One option there would be hooking then.
You write a little asm codecave that gets the address for you, saves it in some memory allocation and then use it to build other addresses using their offsets, or just keep on hooking to get them all. |
So basically what I have to do is to override that line of asm to a jmp to my codecave, do what I want, then jump back? Is there an easier method? |
Unless you have a structure pointer (which I doubt, but still possible), this is by far the easiest.
If you want to check for a structure pointer, try using the "Find ut what address this instruction access" tool of cheat engine on the instruction you are talking about and try to find a pointer to the lowest address.
_________________
|
|
| Back to top |
|
|
boy toy
Expert Cheater
Reputation: 0
Joined: 28 May 2007
Posts: 173
Location: Behind You
|
| Posted: Sat Feb 06, 2016 10:21 am Post subject: |
|
|
I've tried to use a pointer scan.
I have found an address, with all of the offsets I need.
the problem is that it says "ProgramName.exe"+0x123
How can I get the "ProgramName.exe" value (I assume it's the base address?) Programatically?
I'm not a DLL that's injected to the process, but a standalone EXE. |
|
| Back to top |
|
|
mgostIH
Expert Cheater
Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Sat Feb 06, 2016 12:43 pm Post subject: |
|
|
| boy toy wrote: | I've tried to use a pointer scan.
I have found an address, with all of the offsets I need.
the problem is that it says "ProgramName.exe"+0x123
How can I get the "ProgramName.exe" value (I assume it's the base address?) Programatically?
I'm not a DLL that's injected to the process, but a standalone EXE. |
Usually, executables are stored in 0x00400000, so you can consider ProgramName.exe as being 0x00400000.
At least if you are operating on a 32 bit program, I can't tell you about x64.
_________________
|
|
| Back to top |
|
|
boy toy
Expert Cheater
Reputation: 0
Joined: 28 May 2007
Posts: 173
Location: Behind You
|
| Posted: Sat Feb 06, 2016 1:35 pm Post subject: |
|
|
| mgostIH wrote: | | boy toy wrote: | I've tried to use a pointer scan.
I have found an address, with all of the offsets I need.
the problem is that it says "ProgramName.exe"+0x123
How can I get the "ProgramName.exe" value (I assume it's the base address?) Programatically?
I'm not a DLL that's injected to the process, but a standalone EXE. |
Usually, executables are stored in 0x00400000, so you can consider ProgramName.exe as being 0x00400000.
At least if you are operating on a 32 bit program, I can't tell you about x64. |
It says
"ProgramName.exe"+00713F40 = 03D02710
If I calculate it this way:
03D02710 - 00713F40 = 0x35ee7d0
why it's not 0x400000? |
|
| Back to top |
|
|
mgostIH
Expert Cheater
Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Sat Feb 06, 2016 2:29 pm Post subject: |
|
|
| boy toy wrote: | | mgostIH wrote: | | boy toy wrote: | I've tried to use a pointer scan.
I have found an address, with all of the offsets I need.
the problem is that it says "ProgramName.exe"+0x123
How can I get the "ProgramName.exe" value (I assume it's the base address?) Programatically?
I'm not a DLL that's injected to the process, but a standalone EXE. |
Usually, executables are stored in 0x00400000, so you can consider ProgramName.exe as being 0x00400000.
At least if you are operating on a 32 bit program, I can't tell you about x64. |
It says
"ProgramName.exe"+00713F40 = 03D02710
If I calculate it this way:
03D02710 - 00713F40 = 0x35ee7d0
why it's not 0x400000? |
Because you are considering a pointer.
0x35ee7d0 is not the value of the 2 added together, but rather it's the value of the address of 0x00400000+00713F40.
_________________
|
|
| Back to top |
|
|
boy toy
Expert Cheater
Reputation: 0
Joined: 28 May 2007
Posts: 173
Location: Behind You
|
| Posted: Sat Feb 06, 2016 3:00 pm Post subject: |
|
|
| mgostIH wrote: | | boy toy wrote: | | mgostIH wrote: | | boy toy wrote: | I've tried to use a pointer scan.
I have found an address, with all of the offsets I need.
the problem is that it says "ProgramName.exe"+0x123
How can I get the "ProgramName.exe" value (I assume it's the base address?) Programatically?
I'm not a DLL that's injected to the process, but a standalone EXE. |
Usually, executables are stored in 0x00400000, so you can consider ProgramName.exe as being 0x00400000.
At least if you are operating on a 32 bit program, I can't tell you about x64. |
It says
"ProgramName.exe"+00713F40 = 03D02710
If I calculate it this way:
03D02710 - 00713F40 = 0x35ee7d0
why it's not 0x400000? |
Because you are considering a pointer.
0x35ee7d0 is not the value of the 2 added together, but rather it's the value of the address of 0x00400000+00713F40. |
What does it mean? How does the calculation work? |
|
| Back to top |
|
|
mgostIH
Expert Cheater
Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Sun Feb 07, 2016 6:15 am Post subject: |
|
|
| boy toy wrote: | | mgostIH wrote: | | boy toy wrote: | | mgostIH wrote: | | boy toy wrote: | I've tried to use a pointer scan.
I have found an address, with all of the offsets I need.
the problem is that it says "ProgramName.exe"+0x123
How can I get the "ProgramName.exe" value (I assume it's the base address?) Programatically?
I'm not a DLL that's injected to the process, but a standalone EXE. |
Usually, executables are stored in 0x00400000, so you can consider ProgramName.exe as being 0x00400000.
At least if you are operating on a 32 bit program, I can't tell you about x64. |
It says
"ProgramName.exe"+00713F40 = 03D02710
If I calculate it this way:
03D02710 - 00713F40 = 0x35ee7d0
why it's not 0x400000? |
Because you are considering a pointer.
0x35ee7d0 is not the value of the 2 added together, but rather it's the value of the address of 0x00400000+00713F40. |
What does it mean? How does the calculation work? |
If you use Cheat Engine pointers feature, the calculation will be ommited, and you'll get the final value instead.
Basically, what Cheat Engine is doing is this:
-Take the Executable address (0x00400000)
-Add to that the offset (0x00713F40)
-Consider this sum as being an address to read from.
-Outputs the value red from that sum (0x03D02710)
So, 0x03D02710 is not the sum of these two, but rather the value of the address 0x00B13F40.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
