From there you can retreive the player base address. What you could do in this case is using CE and find the Hp, finding what code accesses this address and hopefully there will be along the lines, the GUI code that intercepts this value. Ī method I like to use (to find the local player, most of the time) is using "code hooking".įor example, if you want to find the address to the local player in AssaultCube (or an other game) you could find the GUI code that draws the player ammo/health on screen, because if your game displays to you that you have 100Hp, well it got to extract the value somewhere. are harder to debug in assembly and could be unpredictable in terms of pointer finding. This is an intuition and not based on facts, but I beleive that games made in virtual machines such as Java, C#, or OS features such as address randomization. You can for example find pointers to the local player, or modify the game code / making your team invincible, infinite ammo and so on. This game is quite enjoyable to practise on because there are no debugging protections nor anti-cheat system. Try Assault cube (or Assault cube reloaded). When it comes to more complex games, try to practise on indie games (singleplayer of course) or open source (because they are accessible). You could also learn about compiler optimizations by comparing the code and the generated assembly. Very instructive for me, definitely a +1. Example : with this approach I once discovered an opcode I didn't know about / cmov (or cmovcc in manuals) while dissassembling a game of mine and therefore I knew exactly how things were laid down in the memory and in the code. Speaking more generally (I deviate from your pointer question), I think that this is a very good approach. But as pointed out already, player objects are usually not allocated on the stack. So I thought learning how to use them with small self-written programs would be the smartest way of getting into it.I'm usually not lucky enough to pick the right one straight away Īlthough it is not perfect, CE has this tool called the "pointer scan" (you might already know this tool, I'm thinking about new CE users) where it kind of brute forces the offsets and goes down more than one level of depth.Reading from the comments you posted below Try to go through it (or skip the steps - bottom right corner), and at some point (step 6 and 8) your problem will be addressed (no pun intended). Read more about it HERE (it is for 64 bits, but it should give you an idea on how to run the 32 bit tutorial). This software has a really nice integrated tutorial which is another. I assume you downloaded it and extracted it at this point. If yes, download the installer-less release, because the installer includes crap: (I can't seem to be able to post a comment). Note: This does not answers the question using x32dbg/ollydbg, but another tool. I'm quite sure that I missunderstood some things and I would be really happy if someone could help me out, since I've really spent some time on trying to figure this out on my own but none of the things I've tried worked so far. Now my problem is that the address is changing every time I restart the program(which is normal), so I've written another program in C++, which reads out the Imagebase of the other process so I thought that when I subtract the address of my variable from my Imagebase, I could get the static offset that is always going to lead me to the correct variable when I add it to the imagebase. That was fairly easy and it led me to the following instructions, which represent the while loop of the executable:Īfter that I've set a breakpoint at 010C24EC(as you can see in the picture) and I've followed ESP(which is 31FE18) in dumb which led me to the value of 200 which I assume is the value of the variable so I think the address 31FE18 is the address of my variable player.m_health. My first step was to look for string references and then check if I can find the "player health" string. Std::cout << "player health: " << player.get_health() << "\n" Īfter that I've opened up the executable in x32dbg. So I've written the following program in C++, just to get some practice: #include Įntity(int health, int max_health, int armor) : m_health I'm fairly new to reverse engineering at all and I'm currently struggling to get the static offset/address of a variable of a program I've written myself.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |