Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


how to find address in windows server?

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
t2kien
How do I cheat?
Reputation: 0

Joined: 09 Feb 2012
Posts: 2
PostPosted: Thu Feb 09, 2012 2:47 am    Post subject: how to find address in windows server? Reply with quote
First of all, i use CE to search memory my application on windows xp sp2.everything is fine when i found the constant address 0x02533838 in the code
Code:
mov esi,[02533838]

I run my application again, again and again and that address i found above show the same value as i expected.

When i run my application in windows server 2008. the constant address i found in windows xp sp2 does not work anymore. I open CE in windows sever 2008 and start finding memory as the same way as i did in windows xp sp2.
After few steps, i found new constant address (0x03203838) in the code
Code:
mov esi,[03203838]

I think that works but when i re run the application, that address does not work anymore and my expected value has been located in another address (for example: 03653838 in
Code:
mov esi, [03653838]


The question i want to ask is what is happened in windows server 2008?why the address contain my value is changed everytime i run while in windows xp, it does not

Thanks in advance

One thing to note is that my application is .net
Back to top
View user's profile Send private message
Dark Byte
Site Admin
Reputation: 471

Joined: 09 May 2003
Posts: 25832
Location: The netherlands
PostPosted: Thu Feb 09, 2012 3:37 am    Post subject: Reply with quote
windows xp doesn't do module relocation often while vista and later do it more (relocating a module also causes some instructions to be rewritten with help of the relocation table inside the pe header)

anyhow, check the address that instruction is at and see if it's inside a module. If so, you can do a modulename+offset notation to find that code instead of an aob.

alternatively, as you might have noticed, the last 5 digits are always the same, so you can do an aob scan for 8b 35 38 38 ** **
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.

Like my help? Join me on Patreon so i can keep helping
Back to top
View user's profile Send private message MSN Messenger
t2kien
How do I cheat?
Reputation: 0

Joined: 09 Feb 2012
Posts: 2
PostPosted: Thu Feb 09, 2012 9:21 pm    Post subject: Reply with quote
Thanks for your tips. As you mentioned, I will do the following steps:
- Inject code into target process;
- Do some aobscan (8b 35 38 38 ?? ??)
- Looking for pointer in the opcodes i got from aobscan result

And with your first suggestion: do modulename+offset notation. I currently dont know how to do it in c++. I need to search more for this method

please fix me if i am wrong!
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites