Difference between revisions of "Template:Asm:LoadPtrsFromDissectToRegisters"
m |
|||
| Line 4: | Line 4: | ||
''sometimes you find valid compare points under pointers'', ''but how to use pointers from dissect data / structures?''. | ''sometimes you find valid compare points under pointers'', ''but how to use pointers from dissect data / structures?''. | ||
| − | ''say: mov [ebx+04],eax is writing to your health address as well as your enemy, in dissect d/s CE shows at offset '54' there is a pointer.'' and when expanding that pointer, shows at offset '10' there is a value we can build our compare | + | ''say: mov [ebx+04],eax is writing to your health address as well as your enemy, in dissect d/s CE shows at offset '54' there is a pointer.'' and when expanding that pointer, shows at offset '10' there is a value we can build our compare on. |
<code style="background:#FFFFFF"> | <code style="background:#FFFFFF"> | ||
Latest revision as of 11:15, 4 February 2018
Load Pointers From Dissect Data / Structures[edit]
sometimes you find valid compare points under pointers, but how to use pointers from dissect data / structures?.
say: mov [ebx+04],eax is writing to your health address as well as your enemy, in dissect d/s CE shows at offset '54' there is a pointer. and when expanding that pointer, shows at offset '10' there is a value we can build our compare on.
[enable]
aobscan(symbol,01 23 45 67 89 AB CD EF)
alloc(newmem,$1000)
registersymbol(symbol)
label(originalcode)
label(exit)
newmem:
push eax
mov eax,[ebx+54] // moving the pointer into eax
cmp byte ptr [eax+10],01 // comparing pointer address + 10 with value of '1' which stands for player team
pop eax
jz exit
originalcode:
mov [ebx+04],eax
jmp exit
symbol:
jmp newmem
nop
exit:
[disable]
dealloc(newmem)
symbol:
mov [ebx+04],eax
unregistersymbol(symbol)
