The actual address of your ammo is 0x0F13D06C.
In the very first screenshot you are quite lucky to have a 100% confirmation as to the offset within your player structure that your ammo is.
Further more, all of the instructions that manipulate your ammo are intuitive. You have one ADD for adding ammo to your player (when you pick up ammo or reload your clip) and one SUB for removing ammo (when you fire). CMP your ammo against 0 means there is (logically) a branch that is taken when you have no ammo. That is, if you fire and you have ammo, there will be a result. If you do not, nothing will happen.
All of the returns have the same structure offset, which is 0x4C.
The final address is BASE+OFFSET=FINAL.
FINAL = 0F13D06C.
OFFSET = 4C.
BASE = EAX.
Looking at the bottom window we see that EAX is 0x0F13D020.
0F13D020+4C=0F13D06C. It is entirely consistent.
Your start-point
Complex Address would become
[0F13D020h+4Ch].
This means there is a structure at 0F13D020, and 4C bytes from the start of that structure is the structure member that contains your ammo count.
But since 0F13D020 is not a static address, you must repeat the process from there.
Do so by performing a
Pointer Search for exactly 0F13D020. Because every one of your offsets was 4C, the starting point of your structure is well defined and you typically (but not always) will not need to use a
Range Search.
Once you have performed a
Pointer Search for 0F13D020, you can take any of the returns and repeat the “Find What Accesses This Value” using that address.
Continue the process (disassemble, pointer search, disassemble, pointer search, etc.) until you find a static base.
For each step, keep a temporary copy of your
Complex Address and replace each part as you go one level deeper into your search.
That is, my level-0
Complex Address would be:
- Code: Select all
[0F13D06C]
Then I found that 0F13D020h+4Ch == 0F13D06C, so I replace 0F13D06C with 0F13D020h+4Ch and my level-1
Complex Address becomes:
- Code: Select all
[0F13D020h+4Ch]
Then I might find that [XXX+65Ch] == 0F13D020h, so my new result would be:
- Code: Select all
[[XXX+65Ch]+4Ch]
Of course when you enter the Complex Address into the
Main Address List you would omit the outside [].
L. Spiro
Our songs remind you of songs you’ve never heard.