Memory Hacking Software

[mezzo]

I started to write a loooooooong reply. But L.Spiro is right.
You need to read up on a LOT of things before we can explain it to you.
Learn what a complex address is from the helpfile and read this.

When you have read my second post in that thread, go and read all the pages of the helpfile that I refer to.

After that, read the page in the helpfile that explains pointers and pointer searches.

Don't bother with breakpoint scripts for now. First learn what complex addresses are, why they are WAY nicer then regular address and how to find them (using pointer search).

When you have that down, we'll talk you through breakpoint scripts.

(it's in your own benefit.. trust me, you'll thank us in the long run)

[Torero]

I am on it.

[Torero]

Quote:
By default the value obtained from the target process is in DWORD format, however prefixes on the brackets can be used to change this.
b[ ] gets a byte value.
w[ ] gets a word value.
[ ] (no prefix) gets a dword value.
q[ ] gets qword value.
f[ ] gets a float value.
d[ ] gets a double value.

As you can see form the helpfile, the DEFAULT is to treat whatever is between brackets as a DWORD. This was probably done to make it easier
to work with pointers, as a pointer is ALWAYS a DWORD.







Why would you want to represent the value returned by different formats?
Isn't the value existing in the target process always the same sort?
Or is it a way of interpreting it?

[Torero]

extern WORD bHitPoints = { "NetHackw.exe", 0x1696D4 };
is exactly the same as w[nethackw.exe+0x1696D4]



Oh, it's because there are different ways to interpret it and that we must tell it how we want the value to be interpreted, in this case w[nethackw.exe+0x1696D4] renders it into a form that can be used in the script?

[Torero]

struct something {
BYTE bBuffer[0xD];
struct {
BYTE bBuffer[0xC];
struct {
BYTE bBuffer[0xB];
struct {
bBuffer[0xA];
FLOAT fValue;
} * poObj;
} * poObj;
} * poObj;
} * poBase = (something *)0x12345678;

void On_HK_1(DWORD dw1, DWORD dw2)
{
poBase->poObj->poObj->poObj->fValue = 24.12345;
}













How do I learn to read this? This is exactly like the language of c right?

[Torero]

how does a regular address look like?

I have never used a complex address or a regular address, so I am only sure that I can tell them apart by their format - if it's not complex-address-looking, it must be a regular

I have read all about pointers in the help file, but without having practiced yet, I can't tell you I truly understand them.

[mezzo]

00400000 = regular address
[game.exe+045206] = complex address


the regular address says, look at the value found at address 00400000.

the complex address says, at address "game.exe+045206" there is a POINTER, follow this pointer (to somewhere else in memory) and give me that value.

[Torero]

ok,so what's the next thing?

[Torero]

when I lock down a value with search, how do I find out which module it is in?

if it's not game.exe, how do I find the pointer tree?

[mezzo]

when I lock down a value with search, how do I find out which module it is in?
if it's not game.exe, how do I find the pointer tree?

open the properties of the saved value and if in the second tab MHS already tell you that the address is relative to a module, you can use that.

If it's not relative to a module, you will have to use the pointersearch functionality. Start a pointer search with as range:
from: 'enter the address of the money variable -1000h here'
to: 'enter the address of the money variable here'

work from there.

This is also explained in the helpfile.
("About searching - pointer search" and "misc - About pointers")

[Torero]

where is the property button?

[Torero]

what do i do if there are too many returns?

[shinnsohai]

Wow Triple Posts

[L. Spiro]

what do i do if there are too many returns?

Search again.

Go to the closest.

Bang your head.

There are tons of possibilities.


L. Spiro

[mezzo]

How do I learn to read this? This is exactly like the language of c right?

It's a more complex structure.. Just google any C or C++ site and learn what a structure is.
Then just take our word for it that you can nest structures. (and that structures can contain any type; byte, word, pointers, other structs, ...)

extern WORD bHitPoints = { "NetHackw.exe", 0x1696D4 };
is exactly the same as w[nethackw.exe+0x1696D4]

Oh, it's because there are different ways to interpret it and that we must tell it how we want the value to be interpreted, in this case w[nethackw.exe+0x1696D4] renders it into a form that can be used in the script?

That is partly correct.
The format "w[nethackw.exe+0x1696D4]" is used in the expression evaluator

"extern WORD bHitPoints = { "NetHackw.exe", 0x1696D4 };"
is used in script... the WORD in this line corresponds to the w in the expression evaluator format.

So in scripts you want to use the extern expression.

where is the property button?

You misunderstood. When you save a value in the save table, you can right click it and modify it, there on the second tab you will see the other
possibilities you have of defining an address. simple, relative or complex.

what do i do if there are too many returns?

That, my good man, is the million dollar question.
As L.Spiro already said, there are multiple ways.
But all of them are too complex for you at this point, I think.

1) When you have the saved variable, use the "find what writes" function and when the autohack tells you what instruction it is, work from there..
(you will need some assembler knowledge.)

2) What you can also do (lots more work), is save all the found pointers+offset, then reload the game and see which of the saved pointers+offset is still the right value.
(this won't work if there are multiple levels of pointers.)