Memory Hacking Software

Discussions Regarding Memory Hacking Software

Skip to content

Question about displaying actual data

Need Help With an Existing Feature in Memory Hacking Software? Ask Here

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Post a reply

Question about displaying actual data

Postby Sanek » Mon Sep 24, 2007 1:49 pm

Hi,

I'm really impressed with this software, its easy to use and yet its so powerful at the same time.

I'm still trying to figure some parts out.

I know the memory address that contains the address of a pointer that points to a variable that contains an unsigned long value.

So its basically something like this:
0xAAAAAAAA(static pointer) -> 0xBBBBBBBB(dynamic pointer) -> variable

I would like to monitor this structure with MHS, but I'm not sure what the best way to do this is?

I would really like if I could add something like

New Value
Code: Select all
Desc.:   ppData
Address: AAAAAAAA
Type:    pointer


to the address list, then do something like

New Value
Code: Select all
Desc.:   pData
Address: ppData
Type:    pointer


and then do something like

New Value
Code: Select all
Desc.:   Data
Address: pData
Type:    unsigned long


To use the address stored in the pointer itself, but I'm not sure if you can do this atm?

TIA!
Sanek
I Have A Few Questions
 
Posts: 2
Joined: Mon Sep 24, 2007 1:18 pm
Top

Postby L. Spiro » Mon Sep 24, 2007 2:17 pm

If you only want to see the unsigned long as it moves around in memory you only need one Stored Value.

View the Address Modifications page in the help file along with the Expression Evaluator page.


All you need to do is create a Complex Address that goes to the unsigned long.

The format is:
Code: Select all
[[0xAAAAAAAA]+0]+0

The +0’s are there for completeness but you can remove them if there are no offsets from the pointer targets. If there are offsets, you can replace the 0’s with the offsets.

Looking at the Modify Address dialog on the Normal Address page, paste the above code into the Complex field and check the Use Complex Address check.



Read about Expressions to understand how to make any more addresses you need.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan
Top

Postby Sanek » Mon Sep 24, 2007 3:27 pm

L. Spiro wrote:If you only want to see the unsigned long as it moves around in memory you only need one Stored Value.

View the Address Modifications page in the help file along with the Expression Evaluator page.


All you need to do is create a Complex Address that goes to the unsigned long.

The format is:
Code: Select all
[[0xAAAAAAAA]+0]+0

The +0’s are there for completeness but you can remove them if there are no offsets from the pointer targets. If there are offsets, you can replace the 0’s with the offsets.

Looking at the Modify Address dialog on the Normal Address page, paste the above code into the Complex field and check the Use Complex Address check.



Read about Expressions to understand how to make any more addresses you need.


L. Spiro


Ahh, worked perfectly. :)

Thank you!
Sanek
I Have A Few Questions
 
Posts: 2
Joined: Mon Sep 24, 2007 1:18 pm
Top
Post a reply

Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group
cron