| View previous topic :: View next topic |
| Author |
Message |
sercuritybo
How do I cheat?
![]() Reputation: 0
Joined: 31 Oct 2023
Posts: 4
|
 Posted: Tue Oct 31, 2023 12:59 pm Post subject: Help with find offset or adress |
 |
|
Hello
So.. i try to write some script using memory, every thing works with 32-bit game, but when i try find exacly this same addres and offset on 64-bit its all looks different. I try everything but i hit on the wall.
In 32 i use 0x466428 adress and 0x200 offset, but on 64 i dont know where find it. According to the game sources, the offset should be in the first call, but in the 64-bit version, there are as many as 4 calls before the "mov" instruction begins.
change "*" to "com/"
i.imgur.*dNjApIN.png
i.imgur.*D5fuVDg.png
|
|
| Back to top |
|
 |
ParkourPenguin
I post too much
 Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Tue Oct 31, 2023 1:53 pm Post subject: |
|
|
Use game.exe+1234 instead of the direct address 0x00401234; the OS might put the exe at a different spot next time
`mov rcx,address` is the same as `lea rcx,[address]` - base address is probably game.exe+C55AF0
The function call might have been inlined. I'd have to see what game.exe+F8CD0 is in the 32-bit code.
`mov rdx,[rcx+100]` - I'd guess the offset is 100
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
sercuritybo
How do I cheat?
![]() Reputation: 0
Joined: 31 Oct 2023
Posts: 4
|
| Posted: Tue Oct 31, 2023 3:19 pm Post subject: |
|
|
Now i got something
| Quote: | Number of creatures: 9
Error:[string "local baseAddress = getAddress("SomeGame...."]:80: attempt to perform arithmetic on a nil value (local 'nodePointer') |
but still can't read
I really don't understand what you were getting at here. "Use game.exe+1234 instead of the direct address 0x00401234"
here game.exe+F8CD0:
change "*" to "com/"
i.imgur.*Z8QGeUt.png
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Tue Oct 31, 2023 3:57 pm Post subject: |
|
|
I'd need to see the Lua script to tell you what's wrong.
| sercuritybo wrote: | | I really don't understand what you were getting at here. "Use game.exe+1234 instead of the direct address 0x00401234" |
For example, in the "Add Address Manually" window, "game.exe+1234" is better than "00401234" (if the address is in the module of course).
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
sercuritybo
How do I cheat?
![]() Reputation: 0
Joined: 31 Oct 2023
Posts: 4
|
| Posted: Tue Oct 31, 2023 4:35 pm Post subject: |
|
|
| Code: | local baseAddress = getAddress("SomeGame.exe")
local listAddress = 0xC55AF0
local knownCreaturesOffset = 0x0100
local listAndOffsetAddress = listAddress + knownCreaturesOffset
local UnorderedMapOffsets = {
Unknown = 0x0,
BufferPointer = 0x4,
Count = 0x8
}
local UnorderedMapBufferOffsets = {
NodePointer = 0x0
}
local UnorderedMapNodeOffsets = {
NextPointer = 0x0,
PreviousPointer = 0x4,
Key = 0x8,
Value = 0xC
}
local CreatureOffsets = {
PosX = 0xC,
PosY = 0x10,
PosZ = 0x14,
Id = 0x1C,
}
local address = baseAddress + listAndOffsetAddress
local count = readInteger(address + UnorderedMapOffsets.Count)
print("Number of creatures: " .. count)
if (count > 0) then
local bufferPointer = readInteger(address + UnorderedMapOffsets.BufferPointer)
local currentNodeAddress = bufferPointer + UnorderedMapBufferOffsets.NodePointer
local i = 1
local stop = false
while (not stop) do
local nodePointer = readInteger(currentNodeAddress)
local creaturePointer = readInteger(nodePointer + UnorderedMapNodeOffsets.Value)
-- show list
local posX = readInteger(creaturePointer + CreatureOffsets.PosX)
local posY = readInteger(creaturePointer + CreatureOffsets.PosY)
local posZ = readInteger(creaturePointer + CreatureOffsets.PosZ)
local id = readInteger(creaturePointer + CreatureOffsets.Id)
local message = ("posX: %i, posY: %i, posZ: %i, id: %i"):format(
posX,
posY,
posZ,
id
)
print(message)
-- end
i = i + 1
if (i <= count) then
currentNodeAddress = nodePointer + UnorderedMapNodeOffsets.NextPointer
else
stop = true
end
end
end
|
|
|
| Back to top |
|
|
ParkourPenguin
I post too much
Reputation: 152
Joined: 06 Jul 2014
Posts: 4702
|
| Posted: Tue Oct 31, 2023 6:47 pm Post subject: |
|
|
You'd have to change most of that script. The control flow could probably be kept the same, but most of the offsets would need to be changed.
You can try opening the structure dissector and doing it yourself, but this isn't going to be an easy fix.
_________________
I don't know where I'm going, but I'll figure it out when I get there. |
|
| Back to top |
|
|
sercuritybo
How do I cheat?
![]() Reputation: 0
Joined: 31 Oct 2023
Posts: 4
|
| Posted: Wed Nov 01, 2023 4:37 am Post subject: |
|
|
| I tried changing the offsets using a data structure, comparing them to the 32-bit version, but I couldn't figure it out. Every time I changed Count = 0x8, it didn't return the correct quantity, or it returned an astronomical amount. On the other hand, attempting to change NodePointer = 0x0 always resulted in the same error.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
