| View previous topic :: View next topic |
| Author |
Message |
fanjianqiang
How do I cheat?
![]() Reputation: 0
Joined: 09 Mar 2008
Posts: 8
|
 Posted: Wed Mar 11, 2009 7:00 am Post subject: can anyone help me with this pointer,so difficult for me thx |
 |
|
i found a address 8911ea4,then find pointer,found address 1eed0a0,then found pointer again , found 88f36a4, found next , get address 1eed0a0
like a dead end , can any one help me with this
like the photo
i don't know how to use this post
thanks everyone
| Description: |
|
| Filesize: |
22.63 KB |
| Viewed: |
3369 Time(s) |
|
| Description: |
|
| Filesize: |
26.59 KB |
| Viewed: |
3369 Time(s) |
|
| Description: |
|
| Filesize: |
21.98 KB |
| Viewed: |
3369 Time(s) |
|
|
|
| Back to top |
|
 |
Recifense
I post too much
 Reputation: 166
Joined: 17 Mar 2008
Posts: 3688
Location: Pernambuco - Brazil
|
| Posted: Wed Mar 11, 2009 9:03 am Post subject: |
|
|
Hi,
You have find out the ESI value before the instruction is executed. For that you can change the code finder option from "Use Debug Register" to "Memory Access Exceptions". This tip can be seen on the second figure of your post.
Cheers.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 472
Joined: 09 May 2003
Posts: 25869
Location: The netherlands
|
| Posted: Wed Mar 11, 2009 10:05 am Post subject: |
|
|
actually, there is an easier way
on 3.jpg:
the instruction is mov esi,[esi+50]
thing is that you don't HAVE to use the memory access exception (it's more for the cases when the offset is stored in a register and THAT gets overwritten)
to get to that instruction you did a "Find out what accesses this address"
That means you KNOW the address being accessed.
so:
| Code: |
esi+50=addressbeingaccessed
esi=addressbeingaccessed-50
|
So there you have it, esi=address-50
The code finder part in finding a pointer is mainly for finding the offset, the value of the base pointer is usually a secondary easily found thing
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Recifense
I post too much
Reputation: 166
Joined: 17 Mar 2008
Posts: 3688
Location: Pernambuco - Brazil
|
| Posted: Wed Mar 11, 2009 11:06 am Post subject: |
|
|
You´re right. It is indeed the easiest way.
Cheers!
|
|
| Back to top |
|
|
fanjianqiang
How do I cheat?
![]() Reputation: 0
Joined: 09 Mar 2008
Posts: 8
|
| Posted: Thu Mar 12, 2009 1:49 am Post subject: |
|
|
sorry for my bad english, i can't understand you
i want to find the base address(green),than i can't use offset to make a regular ct table, i really tired for searching again and again.
and accross the 3.jpg(last one), i should search 01eed0a0, then search the result , it back to 01eed0a0,so hard for me to understand it
another question, some time i search the address, it turns to blank,why?
|
|
| Back to top |
|
|
Recifense
I post too much
Reputation: 166
Joined: 17 Mar 2008
Posts: 3688
Location: Pernambuco - Brazil
|
| Posted: Thu Mar 12, 2009 6:39 am Post subject: |
|
|
Hi,
1) Considering the 1.jpg:
you worked the value 08911EB0 and concluded that the base address as 08911bf4.
Note that ECX (08911bf4) is the base and that "edx*4+00000168" is the offset.
2) Considering the 2.jpg:
You worked the value 08911bf4 and concluded that the base address was 01eed0a0.
Note that ESI (01eed0a0) is the base and there is no offset (or the offset is 0).
3) Considering the 3.jpg:
You worked the value 01eed0a0.
Note that ESI of the instruction parameter [ESI + 50] is the base address and that 50 is the offset.
So ESI + 50 = 01eed0a0 => ESI = 01eed050. That´s the next value you have to work.
Cheers.
|
|
| Back to top |
|
|
fanjianqiang
How do I cheat?
![]() Reputation: 0
Joined: 09 Mar 2008
Posts: 8
|
| Posted: Thu Mar 12, 2009 10:06 pm Post subject: |
|
|
thx for recifense's help, i try it tonight
now i use another address turns to it , though it's a hard way ,but success.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
