Memory Hacking Software

[shekofte]

thanks for developing this charming tool ...
i am a rookie , and i tried to have an exercise ! but i can't finish it myself !
and i need your guide about it ...
briefly my purpose is that to find what is the address of a simple mspaint graphic on RAM ?
and these are my steps :

1: i opened "C:\WINDOWS\system32\mspaint.exe" for debug in MHS .

2: i assigned the value of 230 to R and G and B channels. and filled the canvas (32x32) with this color .

3: i searched for this value in the range 0x0..0x20000000 (my RAM is 512mb) .

4: i changed the color of canvas (32x32) to RGB=194 , by sub searching the founded address for value of 194 i found the location of graphic data at address 0x00EE0000 (attached image) . that contains 3072= 32x32x3 byes.

5: and then i searched for a pointer that points at address 0x00EE0000 , in range 0x0..0x20000000 , only one result found : 0x00CE63AC ---> 0x00EE0000

conclusion , this address is out of 0x01000000 + 0x00057000 (the area belongs to mspaint.exe) and even by searching for another pointer (nested) that point to this pointer (0x00CE63AC) i had no result ...

please disabuse me and show me the right way for doing of similar works like this ...
many regards ...

[L. Spiro]

You can not search for a pointer directly to the second pointer.

As the help file and several tutorials explain, you should search for a pointer to a location ending at the second pointer's address and beginning a decent range below that address (Range Search).

If this is not working, use Auto-Hack to determine what reads from the second pointer and look at the disassembly to get the next pointer and its offset down.


L. Spiro

[shekofte]

thanks master L. Spiro
i should try your order , and more study the documents , tutorials ...