Register for your free account! | Forgot your password?

You last visited: Today at 17:04

  • Please register to post and access all features, it's quick, easy and FREE!

 

Pointer etc.

Closed Thread
 
Old   #1
 
elite*gold: 0
Join Date: May 2011
Posts: 3,143
Received Thanks: 611
Pointer etc.

Hey,
ich habe mir überlegt dass wir einen neuen Thread machen für Pointer usw (keine Fragen, ist ja klar) da der alte nicht mehr genutzt wird.

Hey,
I was thinking about a new Thread for Pointers etc (no questions) because the old thread is not used anymore.

Speed (FLOAT):
Code:
"Gw2.exe"+0120FB54
OFFSETS:
114
0
5c
1c
44
Zoom (FLOAT):
Code:
"Gw2.exe"+0120F464
OFFSETS:
c0
4
b0
0
190
have fun with them (and add yours :P).

greez
NiGHT



Mental Wreck is offline  
Old   #2
 
elite*gold: 0
Join Date: Jan 2011
Posts: 383
Received Thanks: 52
whats a pointer? (a question i know but not a request )


Xuron123 is offline  
Old   #3
 
elite*gold: 24
Join Date: Jan 2008
Posts: 2,362
Received Thanks: 2,072
Quote:
have fun with them (and add yours :P).
You don't need to add anything else if you knew what you posted and how base+offset works.
Ploxasarus is offline  
Old   #4
 
elite*gold: 0
Join Date: May 2011
Posts: 3,143
Received Thanks: 611
I meant that if someone wanna share other things that he can post it here^^


Mental Wreck is offline  
Old   #5
 
elite*gold: 0
Join Date: Nov 2012
Posts: 50
Received Thanks: 21
What is a pointer?
A pointer is an address to a location in memory where a variable is stored.

This variable can either contain the actual value, or yet another pointer, pointing to another location in memory.

You usually have an pointer to an object, but the next pointer is not at the location your pointer is pointing at, but several bytes later. Thats because an object in memory consists of multiple variables which are aligned in a fixed pattern.

Some memory locations are always the same, because the variables have been made "static" in the original code. Other memory locations can only be derived by following a trail of pointers.

So what does this mean?:
Code:
"Gw2.exe"+0120F464
OFFSETS:
c0
4
b0
0
190
"Gw2.exe"+0120F464 <- This is the initial memory location which points to an variable which has been declared "static".
c0 <- The first memory location contained a pointer which pointed to an object. Add this value to the pointer to get the location of the next pointer inside that object.

Repeat until all offsets have been resolved. You now know the current address of the variable and you can read/write it.

While the program is running, the address of the variable might change (because objects in the path get destroyed and regenerated), but the static variable and the path always stays the same.


How to find a pointer?
There are several ways. The easiest is to use to find the current address of the address. This can be done by changing attributes ingame (like your current position by moving) and scanning for values of a certain data type which changed in a certain way (increased / decreased / became zero). Once you have found the actual address, use Cheatengine to find "static paths" to this address. Cheatengine will scan the memory for pointers which point at or right before the address you have found. If the pointer points to a location right in front of your address, it means that it points to the object your variable is part of. Every time Cheatengine found a pointer, it will also try to find a pointer pointing to that pointer until it finds a special type of pointer, a "static" one.

More advanced methods include the use of an disassembler where you actually analyze the code of the program. Once you know where the variable is accessed, you can simply read the offsets right from the code. You don't even need the actual sourcecode for this, all you need is the assembler which you can get from the binary. This however is sometimes a bit complicated because you need to analyze much of the code before you can make any sense of it. You might also run into runtime packers, which means that the code does not exist in the binary until executed so you won't be able to find the paths without executing the code. gw2.exe is not packed however, so this is possible with little effort.
Many advanced users use the tool "Ida Professional" in combination with a debugger of their choice in order to examine the program. It is also possible to strip the packer by extracting the actual code of the program from the memory once the packer has been executed.

Is it really that easy?
No. Remember that '"Gw2.exe"+0120F464'? The "Gw2.exe" is there for a special reason, thats because the location "0120F464" is not as static as one might hope. There is a security feature named "address space layout randomization", short ASLR which gives every process a random offset every time a process is started. This offset needs to be added to the "static" addresses in order to get the real address in memory (again, thats still simplified!). So how to get that offset?

There are two options, the first one is pattern scanning. You scan the memory for a pattern which static address you know. If you find the pattern, you can subtract the actual memory address from the static address you know, the difference it the offset for the current instance. This however is likely to break, because static patterns are rare and might change when only minor details on the binary have been changed.

Second option is to get the offset straight from the actual thread. For this purpose, you inject code into the thread which will write the address of an static variable of your choice to an address which is not affected by ASLR where it can be read by your own program.

You may even combine these two methods to develop pattern scanners which scan for certain methods in memory (in case you don't know the location of the suitable section after an update) and the inject your code into the function found with pattern matching.
Ext3h is offline  
Thanks
3 Users
Old   #6


 
elite*gold: 2826
Join Date: Mar 2009
Posts: 4,258
Received Thanks: 6,099
Quote:
Originally Posted by NιGHT View Post
I meant that if someone wanna share other things that he can post it here^^
He knows what you meant. You don't know what he meant.
buFFy! is offline  
Old   #7
 
elite*gold: 0
Join Date: Nov 2012
Posts: 50
Received Thanks: 21
Quote:
Originally Posted by buFFy! View Post
He knows what you meant. You don't know what he meant.
And what about you, why didn't you resolve the misunderstanding instead of mocking him?

Ploxasaurus was talking about the fact, that there are only 2, at most 3 pointers you actually need to know in the GW2.exe. Every other information relevant for the game is reachable from those pointers if you know the right offsets.

Much of the old documentation is still valid. Some offsets have slightly changed, but the fundamental structure is the same. Therefor, all that needs to be updated at every update of the GW2.exe are those two pointers.

Only two things are not possible using those pointers, and that is like everything which is based on package manipulation and manipulating the ESP. The first requires you to either write to the send buffer manually or to run code in the context of the gw2 main thread, while the second one requires you to rewrite code sections.
Ext3h is offline  
Thanks
1 User
Old   #8
 
elite*gold: 0
Join Date: May 2011
Posts: 3,143
Received Thanks: 611
Quote:
that there are only 2, at most 3 pointers you actually need to know in the GW2.exe
Yeah maybe, but why dont wirte it down :P isnt so many work...
Mental Wreck is offline  
Old   #9
 
elite*gold: 0
Join Date: Nov 2012
Posts: 50
Received Thanks: 21
What i mean is, you only need to know to which objects the 2 pointers and the offsets each point. It makes it a lot easier to understand and find new variables. Writing it down is a good idea, but writing it down structured is even more helpful.
Ext3h is offline  
Old   #10
 
elite*gold: 24
Join Date: Jan 2008
Posts: 2,362
Received Thanks: 2,072
If you want something to learn off I have uploaded a decent tutorial of understanding assembly that would probally help .

And sorry for being vague but I was only saying all you really needed was 4 base addresses in the game that does practically everything you want.

And there is also address's, which climb originated from a float ( when i first discovered it ), that do not require offsets. Strafe also I originally found from a float address, changing negative would make <- faster, postive would make -> faster. Break/trace and hit where I needed then thus you have Strafe.

When I said 'think outside the box' before on another thread, I was trying to tell people that you shouldn't be dependent on what is posted and try thing's yourself to find thing's you may not of realized where possible & read material that is available & posted here.
Ploxasarus is offline  
Thanks
1 User
Old   #11


 
elite*gold: 2826
Join Date: Mar 2009
Posts: 4,258
Received Thanks: 6,099
You need one pointer, thats it.

Quote:
Originally Posted by Ext3h View Post
And what about you, why didn't you resolve the misunderstanding instead of mocking him?
Because it's pretty ******* obvious.
buFFy! is offline  
Old   #12
 
elite*gold: 0
Join Date: May 2011
Posts: 3,143
Received Thanks: 611
Quote:
Originally Posted by buFFy! View Post
You need one pointer, thats it.



Because it's pretty ******* obvious.
buFFy!, if you are so pro then help this thread and dont flame / spam some useless ****.
Mental Wreck is offline  
Old   #13


 
elite*gold: 2826
Join Date: Mar 2009
Posts: 4,258
Received Thanks: 6,099
Quote:
Originally Posted by NιGHT View Post
buFFy!, if you are so pro then help this thread and dont flame / spam some useless ****.
If you wanna mess around with pointers and can't figure out that the CliCtx which obviously means CLIENT CONTEXT holds information about the entire client you seriously should think about the first thing again.


buFFy! is offline  
Thanks
1 User
Closed Thread



« Previous Thread | Next Thread »

Similar Threads
Frage: Wie findet man zB UG Pointer?Speed pointer?
kann mir einer sagen wie man UG/Speed pointer finden kann usw^^´ß#
2 Replies - Kal Online



All times are GMT +2. The time now is 17:04.


Powered by vBulletin®
Copyright ©2000 - 2017, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy
Copyright ©2017 elitepvpers All Rights Reserved.