| View previous topic :: View next topic |
| Author |
Message |
LastDance
Cheater
 Reputation: 1
Joined: 09 Jun 2015
Posts: 37
|
 Posted: Fri Jun 17, 2016 10:57 pm Post subject: Finding the base player address |
 |
|
So, i have 2 addresses.
they are for 2 different aspects of the players stats, but tracing what accesses them or writes them gives me the same address with the same offset value. is there a way to discern the base address of the two by cross referencing them?
|
|
| Back to top |
|
 |
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Fri Jun 17, 2016 11:29 pm Post subject: |
|
|
| For the instruction that accesses them, if the offset isnt at the instruction [eax+1c], it will be in a register or a previous instruction. Just trace the function call or walk up the code.
|
|
| Back to top |
|
|
LastDance
Cheater
Reputation: 1
Joined: 09 Jun 2015
Posts: 37
|
| Posted: Sat Jun 18, 2016 9:48 am Post subject: |
|
|
i cant quite figure out how to get the address to break and trace. i put the break and trace function on the address but the address changes type instead of anything else, and refuses to set off the break point.
| Description: |
|
| Filesize: |
33.81 KB |
| Viewed: |
5529 Time(s) |
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Sat Jun 18, 2016 10:07 am Post subject: |
|
|
That isn't even executable code. Just looking at the disassembly should be enough to figure that out. Find an instruction that accesses the address; don't just pick anything you want.
With regards to your original post, the same instruction cannot access two different addresses if the register(s) in the r/m32 field are the same. Post what instruction you're talking about.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Sat Jun 18, 2016 10:24 am Post subject: |
|
|
| Right click your address in the address list and select "Find out what accesses this address", paste what pops up after 20 seconds of playing the game and modifying that value.
|
|
| Back to top |
|
|
LastDance
Cheater
Reputation: 1
Joined: 09 Jun 2015
Posts: 37
|
| Posted: Sat Jun 18, 2016 10:43 am Post subject: |
|
|
| ParkourPenguin wrote: | That isn't even executable code. Just looking at the disassembly should be enough to figure that out. Find an instruction that accesses the address; don't just pick anything you want.
With regards to your original post, the same instruction cannot access two different addresses if the register(s) in the r/m32 field are the same. Post what instruction you're talking about. |
im not going to lie to you, i dont understand a lot of what i see in the disassembler, but thank for the advice, as i have managed to trace something now. (not that i know what to do with that.
back to my original post, i have 2 different addresses: see proof.
i find it likely that based on their close proximity, they both belong in the same structure, so i want to find the offset of both of them respectively in order to make an AOB scan that will allow quick access to their values in the future. When i try to find out what accesses each i get this: see Screenshot (1).
| Description: |
|
| Filesize: |
124.86 KB |
| Viewed: |
5507 Time(s) |
|
| Description: |
|
| Filesize: |
911 Bytes |
| Viewed: |
5507 Time(s) |
|
|
|
| Back to top |
|
|
cooleko
Grandmaster Cheater
![]() Reputation: 11
Joined: 04 May 2016
Posts: 717
|
| Posted: Sat Jun 18, 2016 10:49 am Post subject: |
|
|
| Right click any of the F8 instructions, show in disassembler, right click again (in disassembler), show what addresses this accesses, right click the result that comes up, show in structure disassembler, now you can see the structure containing both values. The problem with our original instructions is that we assumed you knew more that you did, so we thought you were describing a much more difficult situation.
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Sat Jun 18, 2016 10:59 am Post subject: |
|
|
They're 864 bytes away from each other. Structures can easily be less than that. Looking at the instructions which access those addresses, it should be clear that they aren't in the same structure, especially since 3 of those instructions access both addresses. However, that does mean that the structures those two addresses are in are very likely of the same type.
Take the instruction at 7FF734FEB33D (mov eax,[rcx+20]) for example: that instruction accesses both of those addresses. Therefore, it is impossible for rcx to remain the same between them. rcx = 38318B48 when that instruction is accessing 38318B68, and rcx = 38318EA8 when it's accessing 38318EC8.
You might get lucky and those two structures will always be the same distance apart from each other when you restart the game. Otherwise, if you want to find a structure that contains references to both of those structures, look for pointers to the base of those structures and see if you can find two pointers that are close to each other (i.e. within ~60 bytes of each other).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
LastDance
Cheater
Reputation: 1
Joined: 09 Jun 2015
Posts: 37
|
| Posted: Sat Jun 18, 2016 11:00 am Post subject: |
|
|
| cooleko wrote: | | Right click any of the F8 instructions, show in disassembler, right click again (in disassembler), show what addresses this accesses, right click the result that comes up, show in structure disassembler, now you can see the structure containing both values. The problem with our original instructions is that we assumed you knew more that you did, so we thought you were describing a much more difficult situation. |
ah yes, sorry, im afraid my hacking experience can be summarily described as a few days of fuddling and looking at tutorials.
as to your instruction, i cant find the one you described, do you mean "find out what addresses this instruction accesses?", if so, it isnt giving me any results.
| Quote: | You might get lucky and those two structures will always be the same distance apart from each other when you restart the game. Otherwise, if you want to find a structure that contains references to both of those structures, look for pointers to the base of those structures and see if you can find two pointers that are close to each other (i.e. within ~60 bytes of each other).
|
alright, i think i get what you are saying.
so to do that, what i need to do is subtract 20 (which i think is the offset?) from both addresses and then dissect the data structures right?
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
