I'm in need of some assistance and Google isn't being a very good friend right now. I'm working on an aimbot for a game, but that's not what I need help with. The problem I'm having is that the offsets have changed and one in particular is now being located to a dynamic part of the memory (ie: it changes each time the game is restart). I followed some tutorials and decided to reverse the address location on my own.
- Code: Select all
004C4E0A |. 68 00201000 PUSH 102000 ;array size
004C4E0F |. 81C1 20006C0B ADD ECX, 0B6C0020 ;array location
The address I need from this is 0B6C0020 but remember that it won't be the same next time around. With this location handy, 4C4E0A, and the byte pattern \x68\x00\x20\x10\x00\x81\xC1, I figured obtaining the right value would be easy; and it is to an extent. I found a method to locate byte patterns, and it works great. This will return the location directly after the given byte pattern, or -1 if it's not found, which is exactly where I need it to be in this situation.
- Code: Select all
int FindPattern(int start_offset, int size, const char * pattern, const char * mask)
{
int pos = 0;
for (int retAddress = start_offset; retAddress < start_offset + size; retAddress++)
{
if (*(const char*)retAddress == pattern[pos] || mask[pos] == '?')
{
if (mask[pos+1] == '\0')
return retAddress+1;
pos++;
}
else
pos = 0;
}
return -1;
}
The problem now is that this method returns the address, 4C4E11, not the value I need. It seems like an easy fix, I tried to convert it to an int * which now returns the correct value, or so it seems.
- Code: Select all
int *centity_addy = (int*)FindPattern(0x004C4000, 0x1000, "\x68\x00\x20\x10\x00\x81\xC1", "xxxxxxx");
Now that I have the correct address I need in *centity_addy, I then test to see if it is in fact the correct value.
- Code: Select all
char entityaddy[32];
sprintf(entityaddy, "Entity Address: %x", *centity_addy);
//Print entityaddy to screen
When I load the game, the screen displays-to my suprise-the correct value. Excellent, now-from what I can tell-all I need to do is implement it replacing the old static address with *centity_addy.
- Code: Select all
centity_t * cg_entities = (centity_t*) 0x8F7A78; //old declaration
-TO-
centity_t * cg_entities = (centity_t*) *centity_addy; //what i tried
With the way things have turned out so far this should work perfectly, but it doesn't and I don't understand why. This is where I need help, how can I take the value from *centity_addy and use it the same way the previous static address was used? Is it possible this way or is there another, possibly better, way? Any help is, as always, greatly appreciated.