| View previous topic :: View next topic |
| Author |
Message |
Akikyo
Newbie cheater
![]() Reputation: 0
Joined: 19 Feb 2015
Posts: 14
|
 Posted: Thu Feb 19, 2015 8:28 am Post subject: How to find pointer if there is no offset? |
 |
|
Can't figure out how to find him. Basically, I dont have problem with pointers, was doing this several times. Now I struggling with pointer that dont have offest.
Found correct address "12B55ADC" for X coordinate. When im looking what writes to this address I can see "[esi],ecs", that show exact the same "12B55ADC".
Looking for that address make no sense. Its not way that would give me pointer.
So I checked what access that address and found eax,[edx]....
Writes:
00497B07 - 89 0E - mov [esi],ecx <<
00497B09 - 89 56 04 - mov [esi+04],edx
00497B0C - 89 46 08 - mov [esi+08],eax
1. X
2. Y - propably, adding 4 bytes
3. Z - same here
Access:
0049D9BD - 8B 02 - mov eax,[edx] <<
0049D9BF - 8B 4A 04 - mov ecx,[edx+04]
0049D9C2 - 8B 52 08 - mov edx,[edx+08]
Any advice? I tried method "pointer scan" doing 3 times. From 30kk reduced to 15k but couldnt find address + offest.
I looked for inject method, but dont understand how should I use this in that case yet.
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25778
Location: The netherlands
|
| Posted: Thu Feb 19, 2015 9:01 am Post subject: |
|
|
mov [esi],ecx = mov [esi+00],ecx
mov eax,[edx] = mov eax, [edx+00]
| Quote: | Found correct address "12B55ADC" for X coordinate. When im looking what writes to this address I can see "[esi],ecs", that show exact the same "12B55ADC".
Looking for that address make no sense. Its not way that would give me pointer. |
it does make sense
you did a find what accesses the ADDRESS 12B55ADC to find the offset (0)
and now you need to find the addresses that contain the VALUE 12B55ADC-0
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Akikyo
Newbie cheater
![]() Reputation: 0
Joined: 19 Feb 2015
Posts: 14
|
| Posted: Thu Feb 19, 2015 10:27 am Post subject: |
|
|
| Quote: | it does make sense
you did a find what accesses the ADDRESS 12B55ADC to find the offset (0)
and now you need to find the addresses that contain the VALUE 12B55ADC-0
|
Said "make no sense", because that didnt give me right pointer, after restart pointer was useless.
Well once again did what you say, all the time they are changing... (I didnt restart game, every screenshot made in period 10 minutes. Sorry for no description in table, but i did not change any position of them)
Do I something wrong? Ehm.
| Description: |
| After few minutes, Im not able to get any Value... |
|
| Filesize: |
30 KB |
| Viewed: |
17016 Time(s) |
|
| Description: |
|
| Filesize: |
41.94 KB |
| Viewed: |
17016 Time(s) |
|
| Description: |
| Added 3 pointers, but after few minutes 2 of them changed itself |
|
| Filesize: |
35.53 KB |
| Viewed: |
17016 Time(s) |
|
| Description: |
|
| Filesize: |
30.2 KB |
| Viewed: |
17016 Time(s) |
|
| Description: |
|
| Filesize: |
33.53 KB |
| Viewed: |
17016 Time(s) |
|
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25778
Location: The netherlands
|
| Posted: Thu Feb 19, 2015 10:55 am Post subject: |
|
|
Never use green addresses belonging to system dll's (7*******)
You need to go deeper
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Akikyo
Newbie cheater
![]() Reputation: 0
Joined: 19 Feb 2015
Posts: 14
|
| Posted: Thu Feb 19, 2015 11:09 am Post subject: |
|
|
| Quote: | | Never use green addresses belonging to system dll's (7*******) |
I knew that smells  Good to know.
| Quote: | You need to go deeper
|
By deeper you mean check what access that 3 addresses and so on?? 0008E4C0 etc? Now im not able to do this, will later.
UPDATE:
Well when im going deeper my game client crashes, thats annoying. After that I need to find once again adress...
That 3 addresses that's always appear while looking for 12B55ADC doesnt contain any information about access or write - it's blank.
0008E4C0
0008E528
0008E588
So I tried to find value of that 3 addresses and one of them 0008E4C0 had another 3 - check inside, but also blank. After one minute they value changed to 0.
When I scanned again 12B55ADC, list of values raised from 3 to 15 (like in screenshoot 4) but unfortunately after accesing one of them game crashed...
Im confused 
UPDATE 2:
I found pointer to my X coordinate. Just taking green one address while looking for float coordinate value from game. Every time I had to take one of 15-30 values that had exact coordinate. I knew that but didnt look for this because that wouldnt solve my problem. I always was looking for address which change my postion in game - so that would avoid me from programming direction (calculus angle etc). Adress which depend on motion in game. So I could easly read and write to memory where bot should move.
Any advice how to find pointer for motion address without offset? Doing my best, but crashing and blank info annoy.
|
|
| Back to top |
|
|
Akikyo
Newbie cheater
![]() Reputation: 0
Joined: 19 Feb 2015
Posts: 14
|
| Posted: Thu Feb 19, 2015 7:15 pm Post subject: |
|
|
I give up, completly stuck.
| Description: |
| While running in game the values are changing. If stop they are back to previous. |
|
| Filesize: |
50.85 KB |
| Viewed: |
16942 Time(s) |
|
| Description: |
|
| Filesize: |
54.48 KB |
| Viewed: |
16942 Time(s) |
|
| Description: |
|
| Filesize: |
62.61 KB |
| Viewed: |
16942 Time(s) |
|
| Description: |
|
| Filesize: |
76.49 KB |
| Viewed: |
16942 Time(s) |
|
| Description: |
|
| Filesize: |
67.44 KB |
| Viewed: |
16942 Time(s) |
|
|
|
| Back to top |
|
|
SteveAndrew
Master Cheater
 Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Thu Feb 19, 2015 11:45 pm Post subject: |
|
|
Well if you're not having any luck finding a pointer, why not just script it?
| Code: |
{$lua}
function AddPointer(pointerName, pointerOffset)
local mr=getAddressList().createMemoryRecord()
mr.Address="XYZPointer"
mr.OffsetCount=1
mr.Offset[0]=pointerOffset
mr.Description=pointerName
mr.Type=vtSingle
end
xPtr=getAddressList().getMemoryRecordByDescription("X Pointer")
if xPtr==nil then
AddPointer("X Pointer",0)
AddPointer("Y Pointer",4)
AddPointer("Z Pointer",8)
end
{$asm}
[enable]
alloc(PointerGrabber,1024)
label(return)
label(XYZPointer)
registersymbol(XYZPointer)
PointerGrabber:
mov [XYZPointer],esi
mov [esi],ecx
mov [esi+4],edx
jmp return
XYZPointer:
dd 0
497b07:
jmp PointerGrabber
return:
[disable]
497b07:
mov [esi],ecx
mov [esi+4],edx
dealloc(PointerGrabber)
unregistersymbol(XYZPointer)
|
_________________
|
|
| Back to top |
|
|
Akikyo
Newbie cheater
![]() Reputation: 0
Joined: 19 Feb 2015
Posts: 14
|
| Posted: Fri Feb 20, 2015 12:21 pm Post subject: |
|
|
Thank you for your script. Sooner or later I should start learn this. That motivated me to learn Lua, and some aspects of assembler. That scripting is really efficent method of injection.
But unfortunately that what I see it's not static pointer. All the time changing addresses. For example PointerGrabber = 05850000. After restart everything is useless.
I feel im close but also far away.
Is that normal or wrong? That might be really advanced?
| Description: |
|
| Filesize: |
13.52 KB |
| Viewed: |
16864 Time(s) |
|
|
|
| Back to top |
|
|
SteveAndrew
Master Cheater
Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Sat Feb 21, 2015 5:18 pm Post subject: |
|
|
Yeah that's normal... Why do you want it to be static and not change? Isn't the whole point being able to get to the address each game load without having to manually find the address again?
What are you trying to do specifically? Addresses become different all the time, it's a part of this whole cheating game  What is important is that regardless of where something is located in memory that you know where it is, or how to get back to it with minimal effort.
It's the values that you want to modify that matter, not where they happen to exist at! Remember that!
_________________
|
|
| Back to top |
|
|
Akikyo
Newbie cheater
![]() Reputation: 0
Joined: 19 Feb 2015
Posts: 14
|
| Posted: Sat Feb 21, 2015 5:39 pm Post subject: |
|
|
| Quote: | Yeah that's normal... Why do you want it to be static and not change? Isn't the whole point being able to get to the address each game load without having to manually find the address again?
What are you trying to do specifically? Addresses become different all the time, it's a part of this whole cheating game Wink What is important is that regardless of where something is located in memory that you know where it is, or how to get back to it with minimal effort.
It's the values that you want to modify that matter, not where they happen to exist at! Remember that!
|
Oh you didnt understand me. My bad 
I mean that 3 combined screenshoots dont show Pointers each restarted game. They are changing all the time in on process game.
Launching again game, pointers are no longer pointing to addresses "????????". They works only if I execute script.
Each execution script changes PointerGrabber.
At least, if there is not solution. How about assembler code injection in C#? (Address is always 12***ADC - im able to find him in less then 30 sec) - that what comes to my mind
|
|
| Back to top |
|
|
SteveAndrew
Master Cheater
Reputation: 30
Joined: 02 Sep 2012
Posts: 323
|
| Posted: Sat Feb 21, 2015 6:16 pm Post subject: |
|
|
Ah okay... That's because more than just your player coordinates are being manipulated at that code location. I was only hoping that wasn't the case although I knew it was likely.
When you have your coordinate address you want, try a find what accesses again. Then see if any code that comes up accesses only your coordinates and not anything else (enemies, entities, game objects, etc). Right now you've got a mixed bag, lots of stuff is flowing through there.
You can use the relatively new CE feature to find this out, after selecting this option and clicking yes.
Then under the "Count" header there will be a number in parenthesis, in my example it shows (1) in a simple game I just loaded up quickly. If it's higher there isn't any listings with (1) and they're all increasing then it's going to get tricky. You can also double click each listing and it'll show you the addresses it's accessing.
To manually figure that out, if you aren't using that option you would go to each instruction listed in memory viewer and right click the instruction and choose "Find what addresses this instruction accesses" 
If you can find a piece of code in the game that ONLY accesses or writes to your coordinates of interest then you can also script that, use that to get the coordinate pointer and then use this hook that writes to modify it.
Where it gets tricky is you have to find a way to be able to differentiate between your coordinate address and everything else. If you end up having to do that, this might help you: http://forum.cheatengine.org/viewtopic.php?t=530548&postdays=0&postorder=asc&start=0
_________________
|
|
| Back to top |
|
|
Akikyo
Newbie cheater
![]() Reputation: 0
Joined: 19 Feb 2015
Posts: 14
|
| Posted: Fri Feb 27, 2015 5:15 pm Post subject: |
|
|
Hey!
Would thank you for your help, finally I found offest by structure method.
Hope it will help people in trouble. Just cerfully study link above.
Regards
| Description: |
|
| Filesize: |
95.76 KB |
| Viewed: |
16607 Time(s) |
|
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
