Memory Hacking Software

Can anyone explain my questions...? Its up there.

EDIT : Ooops it isn't its in the previous page.

JB Gzn wrote:nah the tut is perfect, it's slow but working PPP.
but this was the exact vsame way as aid in the the helpfile?

Lol, actually i dont understand the help file (just a little), so i read other threads and i figured this is 1 way for find pointers.

GlowSplint wrote:Its mainly another Tower Defense game that uses Flash (I hope your PC has Flash).

Erm, can anyone explain....
Code:
"To: 401081C0" and in the left side "Target From: 400081C0"

Mmm... u dont read men ? lol, look 401081C0 is ur address for INF AMMO ok?, Then we need to find the pointer 4 this addy, 4 what the pointer?, cuz if u start i new game this addy never will work again for INF AMMO, then in pointer search we paste our ORIGINAL addy in "To: 401081C0" (pls see the picture) and in the left side "Target From: 400081C0" <== this is our range, between 400081C0 and 401081C0 we have our pointer ok?

Oh, and what is a module?
Code:
Module : [rsaenh.dll+19B8]

I cant explain it very well, so u must read the help file >.<, but we need the [module+offset] 4 calculate our addy, 4 example if u read the help file u will see some like this "winmine.exe+0x5334" = winmine.exe is ur module and 0x5334 is ur offset. so its better if u read again the help file

Josese, dude!
I prefer using my 64bit system since the searches are 1000x faster with L. Spiro's god-like app. I have been lookikng for a manual system to help me find static pointers for Rappelz... since the debuggers crash Rappelz on my 64bit system. Dude your tutorial works perfectly... I actually combined something that L. Spiro said in a post to someone else recently and what you said in this thread.

first of all... what L. Spiro recommended to someone else, I ran 2 seperate instances of MHS from different dirrectories.

I started Rappelz and opened Sframe.exe with both MHSs

I searched for all pointers for a large section of memory where my moving values were... with MHS#1 - gave me like 20,000 results... maybe 2-5k of them green.

I searched for one of these moving values that has a static offset to other information I needed poiters for in MHS#2

I restarted Rappelz and did a subsearch for the same moving value with static offsets to other wanted info in MHS#2 again and calculated the change from previous location and used this value in MHS#1... Thanks Josese! This reduced the results to arround 5-10K...

I repeated this step until I was down to about 500 green results. I did not find a static pointer to the exact value I was looking for, but I did find a static pointer that pointed to a location that was a static offset of the values I wanted static pointers for... hey, it was a little more work, but this is just as good!

I just wanted to say thanks for a great post, and YES... it was neccissary to post an alternative to using a debugger since the raw concept is nice to have when you have gameguard tools like hackshield and compatibility with different h/w architectures to throw in the mix to crash or block your debuggers.

Josese wrote:

GlowSplint wrote:Its mainly another Tower Defense game that uses Flash (I hope your PC has Flash).

Erm, can anyone explain....
Code:
"To: 401081C0" and in the left side "Target From: 400081C0"

Mmm... u dont read men ? lol, look 401081C0 is ur address for INF AMMO ok?, Then we need to find the pointer 4 this addy, 4 what the pointer?, cuz if u start i new game this addy never will work again for INF AMMO, then in pointer search we paste our ORIGINAL addy in "To: 401081C0" (pls see the picture) and in the left side "Target From: 400081C0" <== this is our range, between 400081C0 and 401081C0 we have our pointer ok?

Oh, and what is a module?
Code:
Module : [rsaenh.dll+19B8]

I cant explain it very well, so u must read the help file >.<, but we need the [module+offset] 4 calculate our addy, 4 example if u read the help file u will see some like this "winmine.exe+0x5334" = winmine.exe is ur module and 0x5334 is ur offset. so its better if u read again the help file

I mean like do we search the range of 400081C0 - 401081C0 (0x00100000)? Or is it you zero the number, 6 from the right?

GlowSplint wrote:Or is it you zero the number, 6 from the right?

Means like say if your address is 36281A2B, you search the range 36081A2B - 36281A2B?

you just do minus 1000000 or something

subtracting 1000 (in hex) works best. Just remember your alphabet and that before "A" comes "9" and hex is easy.

is there a way to hack the bullets in mutliplayer online games if your the host?

Anyone answer my question with confidence Gah.

@speedwing:
It would depend on the game. Try scanning for the value and editing it.

@GlowSplint:
what was your question? was it why something like 0x10000 is dif than 0x1000000?

They are completey different... thats like asking why 10 is different than 100 =P

I mean like be a little more general so I can get the idea. Do I subtract 0x10000 or 0x100000 or zero the number in the sixth digit from the right (turn the 6th number into a 0)?

GlowSplint wrote:

Josese wrote:

GlowSplint wrote:Its mainly another Tower Defense game that uses Flash (I hope your PC has Flash).

Erm, can anyone explain....
Code:
"To: 401081C0" and in the left side "Target From: 400081C0"

Mmm... u dont read men ? lol, look 401081C0 is ur address for INF AMMO ok?, Then we need to find the pointer 4 this addy, 4 what the pointer?, cuz if u start i new game this addy never will work again for INF AMMO, then in pointer search we paste our ORIGINAL addy in "To: 401081C0" (pls see the picture) and in the left side "Target From: 400081C0" <== this is our range, between 400081C0 and 401081C0 we have our pointer ok?

Oh, and what is a module?
Code:
Module : [rsaenh.dll+19B8]

I cant explain it very well, so u must read the help file >.<, but we need the [module+offset] 4 calculate our addy, 4 example if u read the help file u will see some like this "winmine.exe+0x5334" = winmine.exe is ur module and 0x5334 is ur offset. so its better if u read again the help file

I mean like do we search the range of 400081C0 - 401081C0 (0x00100000)? Or is it you zero the number, 6 from the right?

GlowSplint wrote:Or is it you zero the number, 6 from the right?

Means like say if your address is 36281A2B, you search the range 36081A2B - 36281A2B?

You may not find a poiter that points directly to your address, like my situation with Rappelz... an online MMORPG. Some of these games have complex protections and refuse to let you use the debugger. my solution was to search a broad range, then test my results to see if they were consistant. I followed a suggestion from L. Spiro in another post and mixed it with Josese's tutorial...
1)
use two seperate instances of MHS. This can be done by creating a copy of the MHS folder somewhere else. I made the copy in the same containing folder... one folder named MHS... and the other Copy of MHS.
2)
Then you search for the value you want in MHS#1... Do not modify the search yet... you are keeping this value for refence only. For example: I searched for the character name since most of the information I wanted was a static offset from the name... it usually resided in the 0x05700000 to 0x06F00000 range. This was not important here because we are searching for the name to acquire the exact memory value.
3)
Once you have the exact location in MHS#1 of the value you want to find a pointer for... move to MHS#2. In MHS#2 you search for static pointers that point to a wide range within the part of the memory where the value you want a poiter for resides... I have searched the memory about 100+ times now trying to familiarize myself with the location of certain varriables... I have been able to determine the appropriate range for my search by knowing about what memory ranges were static offsets to what I wanted. If you are not sure (which i think was your question) then you should use a broad range... the search will take longer, but the end result will be the same. For example: I looked for static pointers between 0x05500000 and 0x6FF0000. Yes, this was a broad range, but my closest static pointer was pointing pretty far from what I wanted a static pointer for. When you get all of your results... you might get 20-50k results... go on to the next step.
4)
Now, you close and restart your game. Once your game is fully loaded re-open the game executable in both MHSs without dumping either of our searches.
5)
go back to MHS#1... our first search... the info you wanted a pointer for should still be there. I double clicked the first search result value to save it on the right while I performed a new search... because we will need the first address. Search to find where the new location of the info you want is. When you find it use the EXPRESSION panel to calculate the difference is between the two addresses. You want to highlight the decimal answer and use it in the next step.
6)
in MHS#2 do a sub-search. In the sub search use the CHANGED BY and paste the decimal answer from the last step in the box... hopefully you will get some results back from this. If you do then repeat steps 4-6 until you are comfortable that you have found a static pointer that will point to a static offset of the item you are trying to find a static ponter for.

I hope this helps... this is exactly what I did and it worked for me.

@ handsome Josese - at least you bothered enough to write a tut. I just started to learn how to find pointers and your tut is good stuff. Efficient or not, at least it is a good stepping stone.

i was the first to write to use 2 mhses

dunno if it is in the helpfile because i'm not going to bother to read for these things lol
then L.spiro said it, so i guess its in teh helpfile anyway

@Glowsplint:

I don't think its possible to find complex adresses to a value in Flash!
Why?
Maybe you know what an emulator is.
Firefox (or your internet browser) is some sort of "emulator" for flash.

Think of flash like a game for an emulator.
Firefox load flash, and flash plays the game ( the td ).

But it could also be that you are playing a different game.
Or it could be that you are watching a video on YouTube. ( ALSO FLASH ).

I think finding a complex adresses in flash is like making a complex adress
for different games.

Or to be more scientific - Its like making a complex adress where you dont even know the process.


Someone correct me if iam wrong. Its just a thought!


edit:

@jtremblay:
Thats genious man!
A really good alternative way of finding static offsets!

you can't find them for an internet game, u can find NOPS back though.
u need to use visual basic to code flash trainers or only use NOPs