| View previous topic :: View next topic |
| Author |
Message |
Fantasy
I post too much
![]() Reputation: 13
Joined: 29 Jul 2007
Posts: 3113
|
 Posted: Wed Apr 15, 2009 11:56 am Post subject: [Quick Question] - Weird pointer-offset? -- Please look :< |
 |
|
So .. I'm trying to find this pointer, but the redlighted area says
| Code: | | >>0198b7e4 - mov [edx+ecx*4-04], ebp |
What's the offset? I can't figure it out :<
it also suggest me that the pointer is "00DFB600" , if that's for any help..
|
|
| Back to top |
|
 |
powerfear
Expert Cheater
![]() Reputation: 0
Joined: 09 Apr 2008
Posts: 102
|
| Posted: Wed Apr 15, 2009 4:41 pm Post subject: Re: [Quick Question] - Weird pointer-offset? -- Please look |
|
|
| Fantasy wrote: | So .. I'm trying to find this pointer, but the redlighted area says
| Code: | | >>0198b7e4 - mov [edx+ecx*4-04], ebp |
What's the offset? I can't figure it out :<
it also suggest me that the pointer is "00DFB600" , if that's for any help.. |
Sometime when you have difficulty figuring out the offset there is a little trick just do the normal pointer procedure
search the suggested adress in 4bytes with hex ticked then you should have a green adress (if its not a multi-level pointer)
this is your base adress keep it for later
Now just use the current adress the hack have example i searched for hp and i got 1020E53 as adress and substract it with the suggested adress
example: my adress: 13100E33
suggested adress: 12167E67
so the offset is: F98FCC
then you can click add adress manually, tick pointer write the base adress and the offset you got
Good luck 
|
|
| Back to top |
|
|
Monkeys
I post too much
![]() Reputation: 29
Joined: 20 Jul 2006
Posts: 2411
|
| Posted: Wed Apr 15, 2009 4:54 pm Post subject: |
|
|
Another way would be: doing the calculations.
edx+ecx*4-04
basicly is
edx+#offset#
so your offset = ecx*4-04
so when ecx = 00000001
your offset will be 0
_________________
Get a lid on that zombie,
he's never gonna be alri-i-ight.
Oooh get a lid on that zombie,
or he's gonna feed all night. |
|
| Back to top |
|
|
Fantasy
I post too much
![]() Reputation: 13
Joined: 29 Jul 2007
Posts: 3113
|
| Posted: Wed Apr 15, 2009 11:21 pm Post subject: |
|
|
| Thanks .. I could't really calculate it, since I have NO idea what ecx is ?
|
|
| Back to top |
|
|
Monkeys
I post too much
![]() Reputation: 29
Joined: 20 Jul 2006
Posts: 2411
|
| Posted: Thu Apr 16, 2009 7:48 am Post subject: |
|
|
| Fantasy wrote: | | Thanks .. I could't really calculate it, since I have NO idea what ecx is ? |
The when you look at the More Information window, the whole list of registers is shown below.
_________________
Get a lid on that zombie,
he's never gonna be alri-i-ight.
Oooh get a lid on that zombie,
or he's gonna feed all night. |
|
| Back to top |
|
|
Fantasy
I post too much
![]() Reputation: 13
Joined: 29 Jul 2007
Posts: 3113
|
| Posted: Thu Apr 16, 2009 9:18 am Post subject: |
|
|
| Neat, thanks a lot.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
