Difference between revisions of "Template:Asm:LoadPtrsFromDissectToRegisters"

Revision as of 08:00, 3 February 2018

Load Pointers From Dissect Data / Structures

sometimes you find valid compare points under pointers, but how to use pointers from dissect data / structures?.

say: mov [ebx+04],eax is writing to your health address as well as your enemy, in dissect d/s CE shows at offset '54' there is a pointer. and when expanding that pointer, shows at offset '10' there is a value we can build our compare at.

[enable]

aobscan(symbol,01 23 45 67 89 AB CD EF)

alloc(newmem,$1000)

registersymbol(symbol)

label(originalcode)

label(exit)

newmem:

push eax

mov eax,[ebx+54] // moving the pointer into eax

cmp byte ptr [eax+10],01 // comparing pointer address + 10 with value of '1' which stands for player team

pop eax

jz exit

originalcode:

mov [ebx+04],eax

jmp exit

symbol:

jmp newmem

nop

exit:

[disable]

dealloc(newmem)

symbol:

mov [ebx+04],eax

unregistersymbol(symbol)

@@ Line 3: / Line 3: @@
 ===Load Pointers From Dissect Data / Structures===
 ''sometimes you find valid compare points under pointers'', ''but how to use pointers from dissect data / structures?''.
+''say: mov [ebx+04],eax is writing to your health address as well as your enemy, in dissect d/s CE shows at offset '54' there is a pointer.'' and when expanding that pointer, shows at offset '10' there is a value we can build our compare at.
 <code style="background:#FFFFFF">
@@ Line 26: / Line 28: @@
 push eax
-mov eax,[ebx+54]
+mov eax,[ebx+54] // moving the pointer into eax
-cmp byte ptr [eax+10],01
+cmp byte ptr [eax+10],01 // comparing pointer address + 10  with value of '1' which stands for player team
 pop eax

Difference between revisions of "Template:Asm:LoadPtrsFromDissectToRegisters"

Revision as of 08:00, 3 February 2018

Load Pointers From Dissect Data / Structures

Navigation menu

Personal tools

Namespaces

Variants

Views

More

Search

Navigation

Tools