Bump
Come on peeps anyvbody got the pointer yet ?
From another forum this userposted
Platinum Dragon
caliber1942 is Offline
Join Date: 1st Feb 2004
Posts: 1,202 DMA (dynamic memory allocation) is like this:
The game doesn't know certain things when it is first run (like number of players, which map, what gun they will have, which features are turned on, etc.) so the game dynamically reserves the memory it needs at the time you select these things. This is done to conserve memory since the game would have to reserve quite a chunk of memory to have enough put away for every circumstance and option. So the memory is reserved dynamically when it is needed. Therefore, when the game calls to the system to reserve a space of memory for a certain feature (like fog or zoom) then the system sets aside a small chunk of memory for holding that value. The system generally gives the game memory at the end of the program code, which means that each time the game runs, if the game has different numbers of players with different weapons on a different map, etc. then the location of that variable in memory (for the fog or zoom or whatever) will be different.
Therefore, what you need is to find the STATIC POINTER in memory that points to the DYNAMIC MEMORY ADDRESS. There is generally (nearly always found in the game code itself) an address that is called the static pointer which is always in the same location in memory and this pointer points to many of the DMA addresses. So you have to work backwards and if the DMA address is at location XXXXXX then you have to find the code that writes to that address by doing a breakpoint (for instance the code may be something like mov eax, (ebp+YY) ) where YY is a hex number and is called the modifyer. Then the actual address you are trying to find is going to be XXXXXX-YY, which we will call the base address (lets call it ZZZZZZ). Somewhere in the game code, there will be a pointer that points to ZZZZZZ. so you do a 4 byte LONG search in memory for the value ZZZZZZ (may have to convert ZZZZZZ from hex to decimal to do your search in TSEARCH) and you will likely get 1 or a few places in memory that point to the base address (ZZZZZZ). This pointer is the magical static pointer we were talking about (let's call it CCCCCC).
So here is the process:
Static Pointer points to Base Address. Base Address + Modifyer is the DMA address for the particular feature you are hacking. The Base Address is pointed to by the Static Pointer address. The modifyer is determined by doing your breakpoint. The DMA address is determined by adding the modifyer to the Base Address. Confused yet?
Here it is in formula: CCCCCC points to ZZZZZZ, and ZZZZZZ+YY is the address for XXXXXX which holds the value you are trying to manipulate in the game.
So once you know CCCCCC (which never changes), you can do a read to it of type LONG (four bytes) and that will give you the address to the base pointer (ZZZZZZ). Add the known modifyer to it (ZZZZZZ+YY) and you will get the address of the DMA which you can then modify. This is DMA defeat-
Now feel free to pick apart my explanation-
--------------------------------------------------------------------------------
Last edited by caliber1942 : 29th April 2004 at 19:02.
Offline
|