can someone help me with this?i have pointer out the offset in that adress and make it work but when i restart it scrambled again the real adress change again can somebody make a tuts about this tnx
how can i make a multi pointer in a adress?
03/15/2012 11:38
geosnuk#1
03/15/2012 12:15
zeke____#2
Same way you found the first pointer, Why not just click "what access/write" this address on the pointer you added after you know its correct, but I don't think I've had any addresses that were pointers pointing to another pointer, Lol. Most that I've had were either static or base+offset, The opcode around the original pointer should give some clues, or you can check what value the pointer of that address is most likely holding via more info after opening assembly scan with write/access.
I don't think its too much more complicated to find a 2nd pointer if that even exists, I mean its possible to make a invalid pointer but have it still come out pointing to the correct address for that launch but its probably unlikely. Can't really test it because the addresses your talking about aren't commonly scanned for example dung entry hack.
Don't really have any characters to throw away using dung dc scans for those addresses.
I don't think its too much more complicated to find a 2nd pointer if that even exists, I mean its possible to make a invalid pointer but have it still come out pointing to the correct address for that launch but its probably unlikely. Can't really test it because the addresses your talking about aren't commonly scanned for example dung entry hack.
Don't really have any characters to throw away using dung dc scans for those addresses.
03/15/2012 17:19
geosnuk#3
sir thats my problem ive got it once and when i chane to a normal 64bit to load the ct it scramble again
sir like the no delay adress in ph this is what given to me
0054A475 - 09 BE B05C0000 - or [esi+00005CB0],edi
0054A47B - EB 06 - jmp 0054A483
0054A47D - 89 BE AC5C0000 - mov [esi+00005CAC],edi <<
0054A483 - 5F - pop edi
0054A484 - 5E - pop esi
EAX=063FEBD0
EBX=00000000
ECX=063F25A8
EDX=0018DBE8
ESI=063F25A8
EDI=00000000
ESP=0018DD88
EBP=0018DE30
EIP=0054A483
i use the jmp adress to be the pointer and look for the offset but when i relog it is scrambled again what do i done wrong in this procedure?
sir like the no delay adress in ph this is what given to me
0054A475 - 09 BE B05C0000 - or [esi+00005CB0],edi
0054A47B - EB 06 - jmp 0054A483
0054A47D - 89 BE AC5C0000 - mov [esi+00005CAC],edi <<
0054A483 - 5F - pop edi
0054A484 - 5E - pop esi
EAX=063FEBD0
EBX=00000000
ECX=063F25A8
EDX=0018DBE8
ESI=063F25A8
EDI=00000000
ESP=0018DD88
EBP=0018DE30
EIP=0054A483
i use the jmp adress to be the pointer and look for the offset but when i relog it is scrambled again what do i done wrong in this procedure?
03/16/2012 06:57
『 』#4
try to search this in CE: 063F25A8
if u find a few (not more than 10) addresses u have to search the right base pointer.
so just click add address manually and check the pointer.
1 address is 1 of your new found address and offset would be: 05cac.
than in the box upside from the pointer checkbox u would see the new address.
Look at your cheat table and check if the new address the right no delay address (scan for the right no delay address so u can check it easylier.
LG
if u find a few (not more than 10) addresses u have to search the right base pointer.
so just click add address manually and check the pointer.
1 address is 1 of your new found address and offset would be: 05cac.
than in the box upside from the pointer checkbox u would see the new address.
Look at your cheat table and check if the new address the right no delay address (scan for the right no delay address so u can check it easylier.
LG
03/16/2012 21:49
geosnuk#5
sir k4zuj4b can you add me up at ym?its [Only registered and activated users can see links. Click Here To Register...] iwant to have a conversation with you in this or in facebook [Only registered and activated users can see links. Click Here To Register...] hope you respond.
03/22/2012 03:29
『 』#6
Sorry i dont use yt or add somebody who i dont know on facebook.Quote:
sir k4zuj4b can you add me up at ym?its [Only registered and activated users can see links. Click Here To Register...] iwant to have a conversation with you in this or in facebook [Only registered and activated users can see links. Click Here To Register...] hope you respond.
If u have any questions - PM ;)