Tut Pointers/Complex Address!!

Submit Tutorials Related to Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

It Works For U??

Yes
30
67%
No
15
33%
 
Total votes : 45

Postby GlowSplint » Sat Jun 21, 2008 4:59 pm

Can anyone explain my questions...? Its up there.

EDIT : Ooops it isn't its in the previous page.
Image

I tend to capitalise my words towards the end. LoL.
GlowSplint
NULL
 
Posts: 158
Joined: Sat Mar 29, 2008 6:33 pm
Location: Singapore

Postby Josese » Sat Jun 21, 2008 10:48 pm

JB Gzn wrote:nah the tut is perfect, it's slow but working :PPPP.
but this was the exact vsame way as aid in the the helpfile?


Lol, actually i dont understand the help file (just a little), so i read other threads and i figured this is 1 way for find pointers.

GlowSplint wrote:Its mainly another Tower Defense game that uses Flash (I hope your PC has Flash).

Erm, can anyone explain....
Code:
"To: 401081C0" and in the left side "Target From: 400081C0"


Mmm... u dont read men :roll: ? lol, look 401081C0 is ur address for INF AMMO ok?, Then we need to find the pointer 4 this addy, 4 what the pointer?, cuz if u start i new game this addy never will work again for INF AMMO, then in pointer search we paste our ORIGINAL addy in "To: 401081C0" (pls see the picture) and in the left side "Target From: 400081C0" <== this is our range, between 400081C0 and 401081C0 we have our pointer ok?

Image

Oh, and what is a module?
Code:
Module : [rsaenh.dll+19B8]


I cant explain it very well, so u must read the help file >.<, but we need the [module+offset] 4 calculate our addy, 4 example if u read the help file u will see some like this "winmine.exe+0x5334" = winmine.exe is ur module and 0x5334 is ur offset. so its better if u read again the help file :twisted:
Yes, I know,I Know, Im Handsome Lol!!
Image
Ya its me playing WT!!
ImageImage
User avatar
Josese
Been Around
 
Posts: 220
Joined: Tue Feb 05, 2008 12:59 am

Postby jtremblay » Sun Jun 22, 2008 7:02 pm

Josese, dude!
I prefer using my 64bit system since the searches are 1000x faster with L. Spiro's god-like app. I have been lookikng for a manual system to help me find static pointers for Rappelz... since the debuggers crash Rappelz on my 64bit system. Dude your tutorial works perfectly... I actually combined something that L. Spiro said in a post to someone else recently and what you said in this thread.

first of all... what L. Spiro recommended to someone else, I ran 2 seperate instances of MHS from different dirrectories.

I started Rappelz and opened Sframe.exe with both MHSs

I searched for all pointers for a large section of memory where my moving values were... with MHS#1 - gave me like 20,000 results... maybe 2-5k of them green.

I searched for one of these moving values that has a static offset to other information I needed poiters for in MHS#2

I restarted Rappelz and did a subsearch for the same moving value with static offsets to other wanted info in MHS#2 again and calculated the change from previous location and used this value in MHS#1... Thanks Josese! This reduced the results to arround 5-10K...

I repeated this step until I was down to about 500 green results. I did not find a static pointer to the exact value I was looking for, but I did find a static pointer that pointed to a location that was a static offset of the values I wanted static pointers for... hey, it was a little more work, but this is just as good!

I just wanted to say thanks for a great post, and YES... it was neccissary to post an alternative to using a debugger since the raw concept is nice to have when you have gameguard tools like hackshield and compatibility with different h/w architectures to throw in the mix to crash or block your debuggers.
jtremblay
I Have A Few Questions
 
Posts: 8
Joined: Wed Jun 18, 2008 3:19 am

Postby GlowSplint » Sun Jun 22, 2008 8:07 pm

Josese wrote:
GlowSplint wrote:Its mainly another Tower Defense game that uses Flash (I hope your PC has Flash).

Erm, can anyone explain....
Code:
"To: 401081C0" and in the left side "Target From: 400081C0"


Mmm... u dont read men :roll: ? lol, look 401081C0 is ur address for INF AMMO ok?, Then we need to find the pointer 4 this addy, 4 what the pointer?, cuz if u start i new game this addy never will work again for INF AMMO, then in pointer search we paste our ORIGINAL addy in "To: 401081C0" (pls see the picture) and in the left side "Target From: 400081C0" <== this is our range, between 400081C0 and 401081C0 we have our pointer ok?

Image

Oh, and what is a module?
Code:
Module : [rsaenh.dll+19B8]


I cant explain it very well, so u must read the help file >.<, but we need the [module+offset] 4 calculate our addy, 4 example if u read the help file u will see some like this "winmine.exe+0x5334" = winmine.exe is ur module and 0x5334 is ur offset. so its better if u read again the help file :twisted:


I mean like do we search the range of 400081C0 - 401081C0 (0x00100000)? Or is it you zero the number, 6 from the right?

GlowSplint wrote:Or is it you zero the number, 6 from the right?

Means like say if your address is 36281A2B, you search the range 36081A2B - 36281A2B?
Image

I tend to capitalise my words towards the end. LoL.
GlowSplint
NULL
 
Posts: 158
Joined: Sat Mar 29, 2008 6:33 pm
Location: Singapore

Postby JB Gzn » Sun Jun 22, 2008 8:39 pm

you just do minus 1000000 or something
Image
ImageImage

famous wrote:What's worth the price is always worth the fight


famous wrote:Every second counts cause there's no second try
User avatar
JB Gzn
Pro++
 
Posts: 1985
Joined: Sun Jan 27, 2008 7:56 pm
Location: Unknown, please use a pointer.

Postby Sychotix » Mon Jun 23, 2008 4:29 am

subtracting 1000 (in hex) works best. Just remember your alphabet and that before "A" comes "9" and hex is easy.
Sychotix
Been Around
 
Posts: 239
Joined: Wed Mar 05, 2008 4:28 am

Postby SpeedWing » Mon Jun 23, 2008 7:32 pm

is there a way to hack the bullets in mutliplayer online games if your the host?
User avatar
SpeedWing
Defragler
 
Posts: 2031
Joined: Tue Jan 01, 2008 1:00 am
Location: If there is a Will there is a Solution.

Postby GlowSplint » Mon Jun 23, 2008 10:53 pm

Anyone answer my question with confidence :twisted: Gah.
Image

I tend to capitalise my words towards the end. LoL.
GlowSplint
NULL
 
Posts: 158
Joined: Sat Mar 29, 2008 6:33 pm
Location: Singapore

Postby Sychotix » Tue Jun 24, 2008 10:20 am

@speedwing:
It would depend on the game. Try scanning for the value and editing it.

@GlowSplint:
what was your question? was it why something like 0x10000 is dif than 0x1000000?

They are completey different... thats like asking why 10 is different than 100 =P
Sychotix
Been Around
 
Posts: 239
Joined: Wed Mar 05, 2008 4:28 am

Postby GlowSplint » Tue Jun 24, 2008 4:10 pm

I mean like be a little more general so I can get the idea. Do I subtract 0x10000 or 0x100000 or zero the number in the sixth digit from the right (turn the 6th number into a 0)?
Image

I tend to capitalise my words towards the end. LoL.
GlowSplint
NULL
 
Posts: 158
Joined: Sat Mar 29, 2008 6:33 pm
Location: Singapore

Postby jtremblay » Tue Jun 24, 2008 7:43 pm

GlowSplint wrote:
Josese wrote:
GlowSplint wrote:Its mainly another Tower Defense game that uses Flash (I hope your PC has Flash).

Erm, can anyone explain....
Code:
"To: 401081C0" and in the left side "Target From: 400081C0"


Mmm... u dont read men :roll: ? lol, look 401081C0 is ur address for INF AMMO ok?, Then we need to find the pointer 4 this addy, 4 what the pointer?, cuz if u start i new game this addy never will work again for INF AMMO, then in pointer search we paste our ORIGINAL addy in "To: 401081C0" (pls see the picture) and in the left side "Target From: 400081C0" <== this is our range, between 400081C0 and 401081C0 we have our pointer ok?

Image

Oh, and what is a module?
Code:
Module : [rsaenh.dll+19B8]


I cant explain it very well, so u must read the help file >.<, but we need the [module+offset] 4 calculate our addy, 4 example if u read the help file u will see some like this "winmine.exe+0x5334" = winmine.exe is ur module and 0x5334 is ur offset. so its better if u read again the help file :twisted:


I mean like do we search the range of 400081C0 - 401081C0 (0x00100000)? Or is it you zero the number, 6 from the right?

GlowSplint wrote:Or is it you zero the number, 6 from the right?

Means like say if your address is 36281A2B, you search the range 36081A2B - 36281A2B?


You may not find a poiter that points directly to your address, like my situation with Rappelz... an online MMORPG. Some of these games have complex protections and refuse to let you use the debugger. my solution was to search a broad range, then test my results to see if they were consistant. I followed a suggestion from L. Spiro in another post and mixed it with Josese's tutorial...
1)
use two seperate instances of MHS. This can be done by creating a copy of the MHS folder somewhere else. I made the copy in the same containing folder... one folder named MHS... and the other Copy of MHS.
2)
Then you search for the value you want in MHS#1... Do not modify the search yet... you are keeping this value for refence only. For example: I searched for the character name since most of the information I wanted was a static offset from the name... it usually resided in the 0x05700000 to 0x06F00000 range. This was not important here because we are searching for the name to acquire the exact memory value.
3)
Once you have the exact location in MHS#1 of the value you want to find a pointer for... move to MHS#2. In MHS#2 you search for static pointers that point to a wide range within the part of the memory where the value you want a poiter for resides... I have searched the memory about 100+ times now trying to familiarize myself with the location of certain varriables... I have been able to determine the appropriate range for my search by knowing about what memory ranges were static offsets to what I wanted. If you are not sure (which i think was your question) then you should use a broad range... the search will take longer, but the end result will be the same. For example: I looked for static pointers between 0x05500000 and 0x6FF0000. Yes, this was a broad range, but my closest static pointer was pointing pretty far from what I wanted a static pointer for. When you get all of your results... you might get 20-50k results... go on to the next step.
4)
Now, you close and restart your game. Once your game is fully loaded re-open the game executable in both MHSs without dumping either of our searches.
5)
go back to MHS#1... our first search... the info you wanted a pointer for should still be there. I double clicked the first search result value to save it on the right while I performed a new search... because we will need the first address. Search to find where the new location of the info you want is. When you find it use the EXPRESSION panel to calculate the difference is between the two addresses. You want to highlight the decimal answer and use it in the next step.
6)
in MHS#2 do a sub-search. In the sub search use the CHANGED BY and paste the decimal answer from the last step in the box... hopefully you will get some results back from this. If you do then repeat steps 4-6 until you are comfortable that you have found a static pointer that will point to a static offset of the item you are trying to find a static ponter for.

I hope this helps... this is exactly what I did and it worked for me.
jtremblay
I Have A Few Questions
 
Posts: 8
Joined: Wed Jun 18, 2008 3:19 am

Postby Lobbie » Wed Jun 25, 2008 1:20 pm

@ handsome Josese - at least you bothered enough to write a tut. I just started to learn how to find pointers and your tut is good stuff. Efficient or not, at least it is a good stepping stone.
Lobster in Szechuan sauce, Baked Lobster in Cheese, Lobster in Ginger and Shallot....YUM!

ImageImage
By JB Gzn & emocore

Muahahaha...I am the LobsterMaster...Muahahaha
Image
User avatar
Lobbie
Been Around
 
Posts: 286
Joined: Fri Mar 07, 2008 7:56 pm
Location: Australia

Postby JB Gzn » Wed Jun 25, 2008 1:38 pm

i was the first to write to use 2 mhses :P

dunno if it is in the helpfile because i'm not going to bother to read for these things lol
then L.spiro said it, so i guess its in teh helpfile anyway
Image
ImageImage

famous wrote:What's worth the price is always worth the fight


famous wrote:Every second counts cause there's no second try
User avatar
JB Gzn
Pro++
 
Posts: 1985
Joined: Sun Jan 27, 2008 7:56 pm
Location: Unknown, please use a pointer.

Postby Felheart » Wed Jun 25, 2008 5:46 pm

@Glowsplint:

I don't think its possible to find complex adresses to a value in Flash!
Why?
Maybe you know what an emulator is.
Firefox (or your internet browser) is some sort of "emulator" for flash.

Think of flash like a game for an emulator.
Firefox load flash, and flash plays the game ( the td ).

But it could also be that you are playing a different game.
Or it could be that you are watching a video on YouTube. ( ALSO FLASH ).

I think finding a complex adresses in flash is like making a complex adress
for different games.

Or to be more scientific - Its like making a complex adress where you dont even know the process.


Someone correct me if iam wrong. Its just a thought!


edit:

@jtremblay:
Thats genious man!
A really good alternative way of finding static offsets!
Last edited by Felheart on Wed Jun 25, 2008 6:38 pm, edited 1 time in total.
Felheart
Acker
 
Posts: 89
Joined: Sun Apr 27, 2008 3:05 am
Location: Germany

Postby JB Gzn » Wed Jun 25, 2008 5:47 pm

you can't find them for an internet game, u can find NOPS back though.
u need to use visual basic to code flash trainers or only use NOPs
Image
ImageImage

famous wrote:What's worth the price is always worth the fight


famous wrote:Every second counts cause there's no second try
User avatar
JB Gzn
Pro++
 
Posts: 1985
Joined: Sun Jan 27, 2008 7:56 pm
Location: Unknown, please use a pointer.

PreviousNext

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests

cron