| View previous topic :: View next topic |
| Author |
Message |
Pot.Smoking.Terrorist
Expert Cheater
 Reputation: 0
Joined: 15 Jun 2008
Posts: 175
Location: Germany
|
 Posted: Sat Sep 20, 2008 2:49 am Post subject: Multilevel Pointers |
 |
|
Hi,
I tried to "solve" some Multilevel Pointers in Games like SpaceSiege or BioShock (  ) but when I try to "find out what writes to this adress" (or "read/access" to this adress) and lose some health nothing happens. I only have 1 adress in my list (left-side of CE) and so: I can't try another adress for my Pointer... what I'm doing wrong?
Thanks in advice |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25833
Location: The netherlands
|
| Posted: Sat Sep 20, 2008 6:02 am Post subject: |
|
|
If you mean a pointer address, only use find out what accesses.
If it doesn't find something, try another address (you usually get a list of addresses after that hex scan, just try most of them)
If you mean just finding the code that accesses the health address, try using the kernel debug option in settings->extra and then find what writes/access
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Pot.Smoking.Terrorist
Expert Cheater
Reputation: 0
Joined: 15 Jun 2008
Posts: 175
Location: Germany
|
| Posted: Sat Sep 20, 2008 11:07 am Post subject: |
|
|
| Ok... now does the pointer works... but when I do a "access scan" of this pointer I get the same adress as before (before there was the NORMAL adress, no pointer).... I think this should be another adress or I am wrong? |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25833
Location: The netherlands
|
| Posted: Sat Sep 20, 2008 4:39 pm Post subject: |
|
|
it can be confusing sometimes but you just have to try to not get confiused by equal values.
example:
| Code: |
let's say that 00401234 is your health
mov [eax+34],ebx access your health
ebx contains the value 00401200
so for the first level offset is 34
then do a hexscan for the value 00401200
You'll get a list of results and lets say one of the results is 00508888
find out what accesses 00508888
it returns that mov eax,[edi] accesses 00508888
edi contains the value 00508888
so the 2nd offset is 0
then do a hexscan for 00508888
you'll get a list again etc...
|
as you notice the address you just added has the value 00508888 and now you're again doing a hexscan for 00508888 . Just be sure not to get conflicted here. First time it was just an address, 2nd time you needed to find the value
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Pot.Smoking.Terrorist
Expert Cheater
Reputation: 0
Joined: 15 Jun 2008
Posts: 175
Location: Germany
|
| Posted: Sun Sep 21, 2008 9:25 am Post subject: |
|
|
Very confusing... I looked again at the Tutorial by "Chase Pain" and I saw this:
When I do a access scan of the lvl1 Pointer the Adress from the Tutorial is different than the first hex scan. mine is the SAME...:
I do a access scan of the lvl1 Pointer and get the same adress I searched before (hex scan)... ?! I'm very sad right now  |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
