#Tools
- Olly or an other Debugger to find the pattern.
I will use OllyDBG + SigMaker by P47R!CK - AutoIt + Scite
Includes NomadMemory.au3 + Luzifers Func - Skills:
*Basic Debugging ( try to understand what i do )
*AutoIt
#The start
My example: POSX = 0xd3b38c
Start OllyDBG and load GW.exe or attach it.
Next step: right click in the hex dump
Now you found the POSX memory address in the hex dump.
Next step: we will breakpoint it.
That will show us where POSX will be used.
Right click on address
The game will pause ( could make a dc ) and olly will show us a line with our PSX address in mov
Btw i use a nice plug-in called SigMaker by P47R!CK.
That makes it much easier to find the pattern otherwise you had to copy bytes and compare etc.
Now we have the pattern for the POSX address.
The method without SigMaker.
Right click
89 15 8C B3 D3 00 A3 88 B3 D3 00 8B 41 04 8B D7 This is what i got.You have to compare it if there is a mov with a dynamic address.
89 15 .. .. .. .. A3 .. .. .. .. 8B 41 04 8B D7 This is my result.#The AutoIt solution by Luzifer42
Copy & Paste the code below to Scite and read the comments . ;D
Code Example in Au3
#Conclusions
A lot of address could found with this way!
But by far not all, a few addresses need to looked carefully like the camcourse! ;)
P.S.:
Yeah, i think that´s all.
Thank you for reading.
I hope you enjoyed it
and
excuse me my terrible English! ( school English )
Greez _Merowinger_
EDIT:
Here comes my old C++ Solution:
C++ Example Code
Keine Kommentare:
Kommentar veröffentlichen