Speed Address

02/12/2017 16:35 Hate123#1

Hi guys,
So I have a question. I managed to build my own memory scanning function, and with that I am able to find the speed address by doing the good old "use speedup, find value 45, remove speedup and filter by values that have 0" method.

After that I'm able to set the speed on that address and speedhack. However, this address changes at every restart and is dynamic. I would like to find it without having to do the search as described above.

What are you guys suggestions? Maybe using a pattern? And if so, does someone have the pattern?

Thanks!
Kristoffer B

02/12/2017 18:26 pamz12#2

it would be a pointer, you can find more info botu that on google be carefull with value tho

02/12/2017 19:07 Hate123#3

Quote:

Originally Posted by pamz12

it would be a pointer, you can find more info botu that on google be carefull with value tho

Well, correct me if I'm wrong but I already found the address, and I am able to change my speed value and run as fast as I want.

The problem I'm having is that the address I find changes every time I restart.
I'm also unable to use a UCE (because of XTrap) to try to help me find the base address and an offset, I assume that's what you're refering to?

02/12/2017 19:50 TheRealPower#4

Quote:

Originally Posted by Hate123

Well, correct me if I'm wrong but I already found the address, and I am able to change my speed value and run as fast as I want.

The problem I'm having is that the address I find changes every time I restart.
I'm also unable to use a UCE (because of XTrap) to try to help me find the base address and an offset, I assume that's what you're refering to?

is u got address, why don't u look to the pattern before the address? so u can use searchpattern to find the pattern?

02/12/2017 22:20 Hate123#5

Quote:

Originally Posted by TheRealPower

is u got address, why don't u look to the pattern before the address? so u can use searchpattern to find the pattern?

I've been trying that. In order to do so I printed the values of the memory locations around the address like this:

Code:

DWORD* speedpointer = (DWORD*)Addresses[0];
			BYTE bytev;

			printf_s("[SCAN] Starting pattern scan\n");
			for (int i = -30; i < 60; i++)
			{
				MemcpyEx2((DWORD)&bytev, (DWORD)speedpointer + i, 1);
				printf_s("%x ", bytev);
			}

Unfortunately, all I get is:
0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2d 0 0 0 0 0 0 0 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff

As you can see, there is a "2d" which is the value of "45" which is my current speed using g3, however even when trying to use this pattern it doesn't work (i replace 2d with x). I might be using it wrong tho?

02/12/2017 22:38 meak1#6

dont know if its changed...

Code:

BasePointer = SearchPattern("8B 4D 08 0F B6 51 04 A1 x x x x 89 90 x x x x",0x00400000,0x007FFFFF);
SpeedOffset = SearchPattern("8B 85 x x x x 8B 88 x x x x 83 C1 64 89 8D x x x x",0x00400000,0x007FFFFF);

BaseP=*(DWORD*)(BasePointer+0x08);
SpeedO=*(DWORD*)(SpeedOffset+0x08);

	DWORD dwPlayerPtr = *(DWORD*)BaseP;
				//Speedy=*(DWORD*)(dwPlayerPtr+SpeedO);
				DWORD NewSpeed=45;
				MemcpyEx(DWORD(((DWORD)dwPlayerPtr)+SpeedO),(DWORD)&NewSpeed,4);

02/13/2017 08:09 Hate123#7

Quote:

Originally Posted by meak1

dont know if its changed...

Code:

BasePointer = SearchPattern("8B 4D 08 0F B6 51 04 A1 x x x x 89 90 x x x x",0x00400000,0x007FFFFF);
SpeedOffset = SearchPattern("8B 85 x x x x 8B 88 x x x x 83 C1 64 89 8D x x x x",0x00400000,0x007FFFFF);

BaseP=*(DWORD*)(BasePointer+0x08);
SpeedO=*(DWORD*)(SpeedOffset+0x08);

	DWORD dwPlayerPtr = *(DWORD*)BaseP;
				//Speedy=*(DWORD*)(dwPlayerPtr+SpeedO);
				DWORD NewSpeed=45;
				MemcpyEx(DWORD(((DWORD)dwPlayerPtr)+SpeedO),(DWORD)&NewSpeed,4);

Thanks, unfortunately they seem to have changed!
I did learn a bit from the snippet you posted and am trying to find the speed offset by myself.

Edit: So I figured it out!
So I'm not a total douchebag and don't add to the community here is how:

By looking at the source meak posted I saw that he was getting the baseplayer pointer and adding an offset onto that, with that I figured that the speed offset had to be close to it. I then used my "search" function that I always use to find the speed (similar to a UCE) and then took that address - the baseplayer address and I got the offset.

I then used the baseplayer pattern + my offset, and voila it works!

Thank you everyone!