Help Pointer and Offset

09/04/2012 23:35 vodik123#1
Hello everyone, I'm struggling to get the pointer and offset of an address, already have several address here however are not fixed, so I need to get pointer and offset to make a trainer.
Come on, every time I click on Find out what writes to this address for the proper functioning, someone would have a solution to get the pointer and offset without problems?
thank you
ps: I've tried to get pointer that way, but the Cabal closes, I'm doing this in Brazil Cabal Online
09/04/2012 23:50 кev#2
Quote:
Originally Posted by vodik123 View Post
Hello everyone, I'm struggling to get the pointer and offset of an address, already have several address here however are not fixed, so I need to get pointer and offset to make a trainer.
Come on, every time I click on Find out what writes to this address for the proper functioning, someone would have a solution to get the pointer and offset without problems?
thank you
ps: I've tried to get pointer that way, but the Cabal closes, I'm doing this in Brazil Cabal Online
IDK if I'm helping at all with this but there's no "easy" way to get the base and offsets. Either you track through them manually (as in backwards, offset by offset), use CEs pointer scan function or just follow it through disasm. The difficulty of traversing backwards naturally increases as the amount of offsets increase.

I'm guessing you've already read about CEs multilevel pointer tutorials? Care to shed some light on what pointers you're after?
09/05/2012 12:43 strontklit#3
Check the link in my signature
09/05/2012 15:57 vodik123#4
Quote:
Originally Posted by strontklit View Post
Check the link in my signature
No point doing this method strontklit, the Cabal closes when I click on the address and make the process e.e
[Only registered and activated users can see links. Click Here To Register...]
Photo of what happens when I try to get the pointer
09/05/2012 17:57 кev#5
Quote:
Originally Posted by vodik123 View Post
No point doing this method strontklit, the Cabal closes when I click on the address and make the process e.e
[Only registered and activated users can see links. Click Here To Register...]
Photo of what happens when I try to get the pointer
Not sure but IIRC CE uses soft bps by default to track memory reads/writes. Does it crash in just that one instance or in all bps you set?

Try using HW bps instead; "settings > debugger > use hardware breakpoints".

Try different debugger methods (DBVM uses an unsigned kernel mode driver).

Also make sure you've got "settings > debugger > override existing breakpoints" disabled just in case.
09/05/2012 19:46 vodik123#6
Quote:
Originally Posted by кev View Post
Not sure but IIRC CE uses soft bps by default to track memory reads/writes. Does it crash in just that one instance or in all bps you set?

Try using HW bps instead; "settings > debugger > use hardware breakpoints".

Try different debugger methods (DBVM uses an unsigned kernel mode driver).

Also make sure you've got "settings > debugger > override existing breakpoints" disabled just in case.
Thanks Kev, I'm getting now.
But there's one problem, the information does not appear that are similar to this video, could you help me? thank you
09/05/2012 22:54 кev#7
Quote:
Originally Posted by vodik123 View Post
Thanks Kev, I'm getting now.
But there's one problem, the information does not appear that are similar to this video, could you help me? thank you
[Only registered and activated users can see links. Click Here To Register...]
What video? :confused:

Anyway, the info window will tell you exactly what you're looking for; the value of pointer you need to find is (most likely) 0x08c34448, offset from that pointer is 0x204. If search gives you a static address (CE marks them green in address list), you've got all you need. If not, rinse and repeat until you get to one.

I'm no expert with CE though, so I'm quite sure there's individuals in here who can guide you more when it comes to CE.
09/05/2012 23:21 vodik123#8
Quote:
Originally Posted by кev View Post
What video? :confused:

Anyway, the info window will tell you exactly what you're looking for; the value of pointer you need to find is (most likely) 0x08c34448, offset from that pointer is 0x204. If search gives you a static address (CE marks them green in address list), you've got all you need. If not, rinse and repeat until you get to one.

I'm no expert with CE though, so I'm quite sure there's individuals in here who can guide you more when it comes to CE.
Thanks, I managed to grab the pointer and offset
Now I have a question, I'm programming in Delphi and currently use this code to change an address.
PDWORD ($ ADDRESS) ^: = VALUE;
But this way does not have to use the pointer and offset to change the value, you know how I can do?
09/05/2012 23:42 кev#9
Quote:
Originally Posted by vodik123 View Post
Thanks, I managed to grab the pointer and offset
Now I have a question, I'm programming in Delphi and currently use this code to change an address.
PDWORD ($ ADDRESS) ^: = VALUE;
But this way does not have to use the pointer and offset to change the value, you know how I can do?
Uh, I know about as much about delphi as an average cow does about combustion engines and prefer to keep it that way, objective pascal makes my eyes bleed. I honestly don't have a clue about how pointer arithmetics work in delphi, sry.