Tut Pointers/Complex Address!!

Submit Tutorials Related to Memory Hacking Software

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

It Works For U??

Yes
30
67%
No
15
33%
 
Total votes : 45

Postby WhiteHat » Wed Apr 08, 2009 9:21 pm

Huh ?... I can’t barely understand your first sentence (the one before the first period)... :shock:

Anyway, basically we know that the correct pointer-trail is the one which is work. And from my (beginner) experience, the smallest offsets are not always lead me to the right pointer trail..

There is also these examples:

Steiner wrote:I use the german version of Warcraft III - TFT ( v. 1.22 ) and here are all Gold addresses for player 1 till 12:

Code: Select all
[[[[[[0x6FAA4178]+0x0C]+0x0002*0x08+0x04]+0x64]+0x08]+0x40]+0x78 //  1st Player
[[[[[[0x6FAA4178]+0x0C]+0x002A*0x08+0x04]+0x64]+0x08]+0x40]+0x78 //  2nd Player
[[[[[[0x6FAA4178]+0x0C]+0x0052*0x08+0x04]+0x64]+0x08]+0x40]+0x78 //  3rd Player
[[[[[[0x6FAA4178]+0x0C]+0x007A*0x08+0x04]+0x64]+0x08]+0x40]+0x78 //  4th Player
[[[[[[0x6FAA4178]+0x0C]+0x00A2*0x08+0x04]+0x64]+0x08]+0x40]+0x78 //  5th Player
[[[[[[0x6FAA4178]+0x0C]+0x00CA*0x08+0x04]+0x64]+0x08]+0x40]+0x78 //  6th Player
[[[[[[0x6FAA4178]+0x0C]+0x00F2*0x08+0x04]+0x64]+0x08]+0x40]+0x78 //  7th Player
[[[[[[0x6FAA4178]+0x0C]+0x011A*0x08+0x04]+0x64]+0x08]+0x40]+0x78 //  8th Player
[[[[[[0x6FAA4178]+0x0C]+0x0142*0x08+0x04]+0x64]+0x08]+0x40]+0x78 //  9th Player
[[[[[[0x6FAA4178]+0x0C]+0x016A*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 10th Player
[[[[[[0x6FAA4178]+0x0C]+0x0192*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 11th Player
[[[[[[0x6FAA4178]+0x0C]+0x01BA*0x08+0x04]+0x64]+0x08]+0x40]+0x78 // 12th Player



Whitehat wrote:I’ve just patched my WarCraft 3 to version 1.22.0.6328...

Code: Select all
Complex Addreses for GOLD:
============================================================================
Player #01 (Red)        : [[["Game.dll"+0xAA4178]+0xC]+(0x002*0x8)+0x4]+0x78
Player #02 (Blue)       : [[["Game.dll"+0xAA4178]+0xC]+(0x02A*0x8)+0x4]+0x78
Player #03 (Aquamarine) : [[["Game.dll"+0xAA4178]+0xC]+(0x052*0x8)+0x4]+0x78
Player #04 (Purple)     : [[["Game.dll"+0xAA4178]+0xC]+(0x07A*0x8)+0x4]+0x78
Player #05 (Yellow)     : [[["Game.dll"+0xAA4178]+0xC]+(0x0A2*0x8)+0x4]+0x78
Player #06 (Orange)     : [[["Game.dll"+0xAA4178]+0xC]+(0x0CA*0x8)+0x4]+0x78
Player #07 (Green)      : [[["Game.dll"+0xAA4178]+0xC]+(0x0F2*0x8)+0x4]+0x78
Player #08 (Pink)       : [[["Game.dll"+0xAA4178]+0xC]+(0x11A*0x8)+0x4]+0x78
Player #09 (Grey)       : [[["Game.dll"+0xAA4178]+0xC]+(0x142*0x8)+0x4]+0x78
Player #10 (Cyan)       : [[["Game.dll"+0xAA4178]+0xC]+(0x16A*0x8)+0x4]+0x78
Player #11 (Dark Green) : [[["Game.dll"+0xAA4178]+0xC]+(0x192*0x8)+0x4]+0x78
Player #12 (Brown)      : [[["Game.dll"+0xAA4178]+0xC]+(0x1BA*0x8)+0x4]+0x78
============================================================================



We can notice that Steiner’s are 3 layers deeper than mine. BUT, both are pointing to same legit addresses...
It’s like he was taking a long path while mine a short one. But, we can’t say which one is better since both of them land on same addresses...
.. to boldly go where no eagle has gone before...
User avatar
WhiteHat
Elang Djawa
 
Posts: 1059
Joined: Fri Jul 21, 2006 12:49 pm
Location: Away for a while...

Postby Aspras » Wed Apr 08, 2009 11:09 pm

You used auto-hack to find some of those offsets in your pointers if i remember correctly, I am talking about finding the pointer without using the disassembler at all. So according to josese's tutorial you search for pointers pointing at a range of addresses. Then (always according to the tutorial) you choose the pointer with the smallest distance from your address. In josese's case there was no pointers pointing exactly at the address he wanted to find a pointer for, there was always a distance (offset). Now what if there happened to be a pointer pointing exactly at the ammo address (offset 0), would that have to be the correct one?
User avatar
Aspras
NULL
 
Posts: 100
Joined: Mon Jan 05, 2009 12:42 am

Postby L. Spiro » Thu Apr 09, 2009 7:01 am

There is a high chance it is the correct one. It is rare for random data to be pointing exactly at the value(s) you found. Though it can happen.

If you find multiple pointers pointing to your data, all may be valid. The game will often pass pointers to objects over to other classes so the classes can use the objects without knowing about the bigger object containing them.
In other words, if CGameScene contains a list of CPlayer classes, my CCollision class does not care what a CGameScene is; it only wants to know about the CPlayer objects. CGameScene will pass its pointer(s) off to the CCollision object and suddenly you have 2 copies of the player pointers.

CGameScene may be part of another object and that object may be part of another. Which means you would have 3 layers of indirection to get to any player.
However the CCollision class may be global and have no owner. Using its copy of the player pointers, you could access them with only one layer of indirection.


The point is that multiple paths may be valid, and some may be shorter than others. If you have multiple pointers the same distance away from your target (be it 0 or otherwise), you should check each of them until you find the shortest one. Indirection is the slowest part of expression evaluation, since it requires reading the RAM of the target process.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby Aspras » Thu Apr 09, 2009 11:48 am

I asked this because I had been trying to find a pointer for some casual game, auto-hack wont help at the first level since none of the lines popping up contain any pointer with an offset added in brackets. So by doing this raw search for pointers I had found around 5 pointers with 0 offset, I checked each one of the addresses with auto-hack and nothing popped up when my main address was being modified, so I assumed none of them is the correct one. Then I moved on to the next closer group of pointers, around 3 of them had an offset of 4 but nothing would pop up in the auto-hack when I modified my address (same as before). Again I went to the next closer group, there was 3 pointers with n offset of 8 but none of them was the correct one either.
User avatar
Aspras
NULL
 
Posts: 100
Joined: Mon Jan 05, 2009 12:42 am

Postby L. Spiro » Thu Apr 09, 2009 9:00 pm

Post what you found in Auto-Hack in another thread.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Postby Aspras » Sat Apr 11, 2009 6:02 am

L. Spiro wrote:Post what you found in Auto-Hack in another thread.


L. Spiro


New thread http://memoryhacking.com/forums/viewtopic.php?p=41386#41386
User avatar
Aspras
NULL
 
Posts: 100
Joined: Mon Jan 05, 2009 12:42 am

Re: Tut Pointers/Complex Address!!

Postby bruur » Tue Jan 26, 2010 10:35 am

halo guys i'm newbie in here...
i'm playing a game FPS (Point Blank), i'm searching a pointer of weapon ammo...
i'm following the tut that already given on the first page
but i'm rather confius about giving a module.... (rather difficult than cheat engine but i wanna to know)
ah .. difficult to write my english is bad ... :cry:
could any master tell a detail step....!!

thanks
bruur
I Have A Question
 
Posts: 1
Joined: Tue Jan 26, 2010 8:03 am

Previous

Return to Tutorials

Who is online

Users browsing this forum: No registered users and 0 guests