(MOV ECX, EDX) ===> How to get ECX and EDX please?

++METHOS

Expert Cheater
Mar 2, 2017
203
1
18
#21
Sodruza post_id=448 time=1488617508 user_id=430 said:
Trust me, I really tried this before and I guarantee the ID is not close from the XYZ pos in this game.
-Anything can be used for an ID as long as it is reliable. See my previous post regarding alternative methods for finding a unique ID for code segregation. Typically, with coordinate values, an instruction can be used that accesses one of those XYZ values, exclusively (e.g. for hero character). Even if that is not the case, you can probably find a value inside of the same data structure that will serve your needs; it does not have to be a value that is even related to the coordinate values.

For example, coordinate X may be at [base+70], but you might find that some random value at [base+44] is being accessed by an instruction that is exclusive to that structure (or blue team structures) etc..

For that matter, a value that is several levels deep inside of a pointer tree may be viable and you are just not seeing it because you have not manually changed the element at those particular offsets.
 
Mar 3, 2017
12
0
1
#22
So if you want to do this in C# You will need to:
hook to process.
Find a code cave for hooks and storing values. (reading)
Then find your injection point, AOB scan is best. (reading)
write the new code (in the code cave) that dose the mov then stores the value and jumps back to injection point. (writing)(reading)
Then inject the new jmp to the new code in the code cave. (writing)
This is the exact answer I expected. Damn I didnt think it would be SO COMPLICATED and recquired write process memory (which would mean it can be detected in some games, can it?)
For that matter, a value that is several levels deep inside of a pointer tree may be viable and you are just not seeing it because you have not manually changed the element at those particular offsets.
You must be right.... I think I will dig more then. Trying to get the ECX value right after a certain instruction is called is way to difficult (as long as I dont have a proper example). I already did API hooking thanks to an example, I think guidelines are just not enough in this case because I dont have your pro level.


Im very grateful for your helps guys.
 
Mar 2, 2017
48
0
6
#24
Sodruza post_id=459 time=1488621743 user_id=430 said:
So if you want to do this in C# You will need to:
hook to process.
Find a code cave for hooks and storing values. (reading)
Then find your injection point, AOB scan is best. (reading)
write the new code (in the code cave) that dose the mov then stores the value and jumps back to injection point. (writing)(reading)
Then inject the new jmp to the new code in the code cave. (writing)
This is the exact answer I expected. Damn I didnt think it would be SO COMPLICATED and recquired write process memory (which would mean it can be detected in some games, can it?)
For that matter, a value that is several levels deep inside of a pointer tree may be viable and you are just not seeing it because you have not manually changed the element at those particular offsets.
You must be right.... I think I will dig more then. Trying to get the ECX value right after a certain instruction is called is way to difficult (as long as I dont have a proper example). I already did API hooking thanks to an example, I think guidelines are just not enough in this case because I dont have your pro level.


Im very grateful for your helps guys.
Well...if you want to hook into the executable you would have to modify its executable code somehow, even for API hooking, so yea I guess its detectable. Alternatively, if you do not want to do that you would have to backtrace the pointers, I do not know how dynamic they are but there has to be a static address where it starts from? You can just use ReadProcessMemory to trace from the start to some array I imagine that the game uses to store all the ECX values then read from there.

For scanning you can use ReadProcessMemory to scan, or if you know that the executable code is always loaded at the same position in memory then just write directly to it straight. As for finding code caves in game hacking, it was necessary back when I was ASM hacking consoles as that was executable modification while memory hacking offers no way to allocate memory. But for Windows I think you can just use VirtualAlloc to allocate you some memory to write your new code.
 

++METHOS

Expert Cheater
Mar 2, 2017
203
1
18
#25
If you are worried about detection, one possible alternative would be to make use of the SE plugin and just hook the function in memory to read the value after execution. You will still need a way to segregate the code. Worst-case scenario, as previously described as one of the methods for finding unique ID's for code segregation, would be to incorporate pointers inside of your script and just compare against that.

So, find your XYZ values (and XYZ of everyone else), and perform a pointer scan on each X value. Once you have reliable pointers for each, just incorporate those inside of your script and compare the register address/value against each one.
 
Top Bottom