Memory Hacking Software

by **TheManiacHe** » Wed Apr 23, 2008 9:28 pm

I am not sure if I understood the helpfile and the other thread.

Well thats what I tried:
Open process: SFrame.exe (Rappelz)

Need the pointer for adress 07F8893C. (x -koordinate from char in game)

Search -> Pointer Search

Evaluation Type: Range
Target from: 7F70000 To:07F8893C

Find only static Pointers enabled

Search Range
From:7F70000 To: 07F8893C

5Results

I check on "Found Addresses" the Distance to 07F7223C

The nearest is 1204

So my first question:
The addresses with a distance from 1204, one of them is my pointer right?

How to find out the right pointer?
I read in other thread its possible with "find what writes this address"

How that works?

Pics fromFind what Access this Address:
07F6FF58
http://img238.imageshack.us/img238/3098/07f6ff58np2.jpg

07F67D90
http://img168.imageshack.us/img168/5728/07f67d90oo6.jpg

07F607A8
http://img168.imageshack.us/img168/3200/07f607a8xw7.jpg

07F658C8
http://img373.imageshack.us/img373/8219/07f658c8nj0.jpg

07F8893C
http://img373.imageshack.us/img373/7954/07f8893csf8.jpg

by **JB Gzn** » Wed Apr 23, 2008 11:33 pm

if you want to use the find out what writes to this address,
do it on the ORIGINAL addy, not on a pointer,
then make the value change( walk)
and u will get some stuff in the list

by **L. Spiro** » Wed Apr 23, 2008 11:39 pm

If you want to see what wrote to those addresses you need to select them in the top list.
View the Help file.

Most likely 07F607A8 is the base address for your pointer trail.
It appears in your list twice due to a bug I can not fix because it never happens in debug mode, but doesn’t matter anyway.

And why did you post the same picture 4 times?

L. Spiro

by **liqmysaq** » Wed Apr 23, 2008 11:46 pm

i would say leave ur search range as normal (00400000 - 7FFF0000), but ive never really changed it when searching.
according to your pointer search pic, ur pointer would be [0x07F607A8]+0x4B4 type that into your expression evaluator and press the + button. now since the address isnt green, u will need to search again using the new address. so do another pointer search for 07F607A8. now in the expression eval u edit your complex address so it would look like this:
[[0xNewAddyFound]+0xNewOffset]+0x4B4 and press the + button to add it to the lower window. keep doing that until u come to an address that is green in the found addresses list and there is your complete complex pointer. it can take a while in some cases and go pretty deep.

spiro says its easier and better to use the what acces this address and stuff but i have never done that with MHS yet, so i cant help u there. hopefully somebody else put a tut for doing that.

by **TheManiacHe** » Thu Apr 24, 2008 3:42 am

Wow that lucky 5 search results were lucky, i needed to restart computer... now i got about 800 search results looking for a range from 1200-2500 I got 15 possible pointers or even more..

finding pointer "what acces this address" , how does it work?

After doing some "what acces this address" I got an Error like:

Unable to add breakpoint: Only 4 hardware breakpoints may be set at time, remove some from the list and try again.

How to fix that?

liqmysaq thnx for the tipp but its going to be somehow endless

L.Spiro my mistake with pictures,dunno how that happened lol

Bah never thought its so hard to read x-y coordinates of a game, this pointer searching seems to be very hard

by **L. Spiro** » Thu Apr 24, 2008 9:17 am

http://www.memoryhacking.com/Misc/Tut/D ... o-Hack.htm

L. Spiro

by **TheManiacHe** » Thu Apr 24, 2008 9:15 pm

JB Gzn wrote:if you want to use the find out what writes to this address,
do it on the ORIGINAL addy, not on a pointer,
then make the value change( walk)
and u will get some stuff in the list

I tried it but no stuff in the list, very strange, maybe cause of HackShield? :>

by **L. Spiro** » Thu Apr 24, 2008 11:24 pm

Then it is because of HackShield.

L. Spiro

by **TheManiacHe** » Thu Apr 24, 2008 11:26 pm

So I have no chance to obtain the pointers of x-y coordinates of my char?

by **L. Spiro** » Fri Apr 25, 2008 12:28 am

Auto-Hack is not the only way.

L. Spiro

by **TheManiacHe** » Fri Apr 25, 2008 12:55 am

Well I see atm only 2 ways to detected the pointer with Auto-Hack or liqmysaq method, but liqmysaq method is kind of endless, since I get for every adress about 15 results and Auto Hack is kind of blocked.

Is there anotehr effective way to find pointers?

by **L. Spiro** » Fri Apr 25, 2008 2:26 am

Would it kill you to look through 15 results?

You can filter them out just as you can with any other search set…
Especially with 2 MHS’s at the same time.

L. Spiro

by **TheManiacHe** » Fri Apr 25, 2008 3:39 am

L. Spiro wrote:Would it kill you to look through 15 results?

You can filter them out just as you can with any other search set…
Especially with 2 MHS’s at the same time.

L. Spiro

For every possible search I get another 15 results (Distance 0-2000)

liqmysaq wrote:u will need to search again using the new address. so do another pointer search for 07F607A8. now in the expression eval u edit your complex address so it would look like this:
[[0xNewAddyFound]+0xNewOffset]+0x4B4 and press the + button to add it to the lower window. keep doing that until u come to an address that is green in the found addresses list and there is your complete complex pointer. it can take a while in some cases and go pretty deep.

"do another pointer search for 07F607A8" another search is another 15 results..and the serach from the search result is another 15 results.. well tell me if I am wrong, but that seems not only to look after 15 results, and i am not sure if I have in the end something like:

[[......[.....[0xNewAddyFound1]+0xNewOffset1]...+NewAddyFoundN]+0xNewOffsetN...]+0x4B4 N->infinite

by **liqmysaq** » Fri Apr 25, 2008 4:25 am

u have 15 results.. your lucky. with wolfteam i can have thousands. just take the one with the shortest distance, just like u do with the first search.
if u have to do 5 searches to reach a static (green) address then ur complex addy would look like this:
[[[[[0x5thaddress]+0x5thoffset]+0x4thoffset]+3rdoffset]+0x2ndoffest]+0x1stoffset
if u need to do 15 searches then it will go on just like above but will have 15 offsets.

by **TheManiacHe** » Fri Apr 25, 2008 4:41 am

going to take the one with the shortest distance and try TYVM

reporting soon

Just to be sure:
I do a pointer search for my address, look for the one with the shortest range, do for this one another pointer search and so on..? And after doing that a while it will appear green address at "found Addresses" and thats my pointer?

Status:
I didnt found my pointer yet, but I need to know if I going the right way:
Pointer Search
--Evalution Type: Range
Target from: 08060000 to: actual Address (for example: 08074198)
-Find Only Static Pointers enabled
-Search range
From: 08060000 To: actual Address (for example: 08074198)

[[[[[[[[[[[[[[[[[[[[0x080740F8]+0x078]+0x0E4]+0x050]+0x078]+0x078]+0x0E0]+0x004]+0x04C]+0x0C8]+0x004]+0x140]+0x02C]+0x128]+0x048]+0x014]+0x0F0]+0x2B0]+0x128]+0x030]+0x4EC

Should I keep this way to search my pointer or I am in a completly wrong way?

Memory Hacking Software

Pointer again

Pointer again

Who is online