Anyway, basically we know that the correct pointer-trail is the one which is work. And from my (beginner) experience, the smallest offsets are not always lead me to the right pointer trail..
There is also these examples:
Steiner wrote:I use the german version of Warcraft III - TFT ( v. 1.22 ) and here are all Gold addresses for player 1 till 12:
- Code: Select all
[[[[[[0x6FAA4178]+0x0C]+0x0002*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 1st Player
[[[[[[0x6FAA4178]+0x0C]+0x002A*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 2nd Player
[[[[[[0x6FAA4178]+0x0C]+0x0052*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 3rd Player
[[[[[[0x6FAA4178]+0x0C]+0x007A*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 4th Player
[[[[[[0x6FAA4178]+0x0C]+0x00A2*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 5th Player
[[[[[[0x6FAA4178]+0x0C]+0x00CA*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 6th Player
[[[[[[0x6FAA4178]+0x0C]+0x00F2*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 7th Player
[[[[[[0x6FAA4178]+0x0C]+0x011A*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 8th Player
[[[[[[0x6FAA4178]+0x0C]+0x0142*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 9th Player
[[[[[[0x6FAA4178]+0x0C]+0x016A*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 10th Player
[[[[[[0x6FAA4178]+0x0C]+0x0192*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 11th Player
[[[[[[0x6FAA4178]+0x0C]+0x01BA*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 12th Player
Whitehat wrote:I’ve just patched my WarCraft 3 to version 1.22.0.6328...
- Code: Select all
Complex Addreses for GOLD:
============================================================================
Player #01 (Red) : [[["Game.dll"+0xAA4178]+0xC]+(0x002*0x8)+0x4]+0x78
Player #02 (Blue) : [[["Game.dll"+0xAA4178]+0xC]+(0x02A*0x8)+0x4]+0x78
Player #03 (Aquamarine) : [[["Game.dll"+0xAA4178]+0xC]+(0x052*0x8)+0x4]+0x78
Player #04 (Purple) : [[["Game.dll"+0xAA4178]+0xC]+(0x07A*0x8)+0x4]+0x78
Player #05 (Yellow) : [[["Game.dll"+0xAA4178]+0xC]+(0x0A2*0x8)+0x4]+0x78
Player #06 (Orange) : [[["Game.dll"+0xAA4178]+0xC]+(0x0CA*0x8)+0x4]+0x78
Player #07 (Green) : [[["Game.dll"+0xAA4178]+0xC]+(0x0F2*0x8)+0x4]+0x78
Player #08 (Pink) : [[["Game.dll"+0xAA4178]+0xC]+(0x11A*0x8)+0x4]+0x78
Player #09 (Grey) : [[["Game.dll"+0xAA4178]+0xC]+(0x142*0x8)+0x4]+0x78
Player #10 (Cyan) : [[["Game.dll"+0xAA4178]+0xC]+(0x16A*0x8)+0x4]+0x78
Player #11 (Dark Green) : [[["Game.dll"+0xAA4178]+0xC]+(0x192*0x8)+0x4]+0x78
Player #12 (Brown) : [[["Game.dll"+0xAA4178]+0xC]+(0x1BA*0x8)+0x4]+0x78
============================================================================
We can notice that Steiner’s are 3 layers deeper than mine. BUT, both are pointing to same legit addresses...
It’s like he was taking a long path while mine a short one. But, we can’t say which one is better since both of them land on same addresses...