tracking root pointer

Need Help With an Existing Feature in Memory Hacking Software? Ask Here

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

tracking root pointer

Postby robrave » Mon Sep 24, 2007 4:02 pm

After many weeks, using MHS, I was still unable to locate the root pointer for the datas I need.

But using the MHS tools, I was able to find the code, inject some code, so that the values will be written to a static location.

My main objective is to log the information of the monster I currently selected, this includes:
name O
level O
element/property O
tamable? X
coordinates X
max hp O

O means I successfully be able to locate those data using disassembly and code injection.. but still having real trouble with the coordinates which uses float since it is 3D.

Now you have mention in the help file that

Auto-Hack shows you every read, write, or access to an address, and extremely advanced features will be coming soon (automatic back-tracking down to the root pointer).


can you at least give me a clue on how to do this? since what I understand with backtracking the pointer is that.. I use pointer search, then out the result I do subsearch on each one that I think it is.

I really believe static pointer is just out there in the games RAM.

Hope you could enlighten me.
Thanks!!
User avatar
robrave
Hacker Smacker
 
Posts: 41
Joined: Sat Sep 15, 2007 3:27 pm
Location: Philippines

Postby L. Spiro » Mon Sep 24, 2007 4:28 pm

Coordinates are easy to find if you can move up and down.
Otherwise, you just have to assume one direction is North and walk North and South searching for increased and decreased. If you find nothing, Assume North is another direction and repeat.


can you at least give me a clue on how to do this?

It is typically done by studying the ASM code.
No methods are easy, which is why people prefer to use your method of storing the address to a static location.

For now, you should probably just stick to this idea.


L. Spiro
Last edited by L. Spiro on Mon Sep 24, 2007 5:06 pm, edited 1 time in total.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby robrave » Mon Sep 24, 2007 4:48 pm

oh i see..

but Is there a way to track or go back in the code? for example:

0056A1AD | 8990 2C010000 | MOV DWORD PTR [EAX+12C], EDX |

EDX has the value, I then look at the codes backwards and see how EDX got its data, and from there, follow the other source to the other source.. but the problem is when it was called from the another jmp.. it was not easy and I always lose my track :)
User avatar
robrave
Hacker Smacker
 
Posts: 41
Joined: Sat Sep 15, 2007 3:27 pm
Location: Philippines

Postby L. Spiro » Mon Sep 24, 2007 5:08 pm

EDX is the value being written to the target address.
You don’t need that; you need the path to the target address, which in your snippet involves EAX.

You need to follow the code backwards to find out how EAX got its value.


L. Spiro
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan


Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron