taurus999s
How do I cheat?
![]() Reputation: 0
Joined: 14 Mar 2007
Posts: 1
|
 Posted: Thu Mar 15, 2007 11:30 pm Post subject: Lost on how to proceed with Pointer |
 |
|
Hi,
I am trying to find the base address of a multi-level pointer. I have already found the address of the value I am looking for. I did a 'Find what writes to this address', it gave me a line of code. When I open up the disassembler, I see this:
Note: the line found is the 2nd last line "mov [esi+1c], eax"
| Code: |
...
move ecx, [ebp-0C]
pop esi
mov fs:[00000000], ecx
leave
ret SGOUIGameVarDataStatus::getStatus
mov eax, [ecs+18]
mov edx, [esp+04]
move [edx], eax
mov al, 01
ret 0008 SGOUIGameVarDataStatus::setStatus
fild dword ptr [esp+08]
mov eax, [esp+04]
push esi
fmul qword ptr [sgouigamevardataintem ..] // value got cut in the jpg i took.
fild dword ptr [esp+08]
mov [esi+18], eax
mov eax, [esp+0c]
mov [esi+1c], eax
fdivp st(1)
...
|
When I do show More Info, I see this:
| Code: |
ECX = 066131E0
ESI = 066131E0
|
Looking at the disassembler code, I see the location is at [esi+1c] (2nd last line). Tracing backward, I see ECX is moved into ESI. Tracing backward further, I started to see how ECX was populated. Then I see the line: Ret 0008 which leads me to believe the code that I found is a subroutine. Is that correct?
Does this mean I have to find what jumps to line after the ret? How do I do that?
Any recommendation on how should I proceed from here?
Assuming I traced it all the way back, will there *ALWAY* be a static starting location (either in plain hex or a build up code)? The reason why I am asking this is that I suspect the variable I am looking at is a global variable and hence its location is fixed once the game starts. If I were to run the game on a different machine (or a different instance) of the game, the address changed (because it is a multilevel pointer). If I traced it back to a static starting pointer, that static starting pointer should always be a fix location right (regardless of the run or instance)?
I notice once the game starts, it is always the same location so it shouldn't be dynamic structure (or so I hope).
Back to my problem, I see that ECX and ESI holds the same value, 066131E0. I did a scan for that hex value and I get 1 hit. It is black i.e. not static. Then what should I do? I try adding that new address to my list to see what writes to it but it gets no hits. How do I continue to trace backward? Is looking at the disassembler code the only way to proceed at this point.
Help a noobie here and have some mercy if this is too simple  .
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
