• # Thread: Understand Pointers & Offset

1. ## Understand Pointers & Offset

Hello,

I followed the first videos tutorials from Fleep about "How to hack any game", and because I don't like to follow instructions I can't fully understand I need your help :

The first thing I would like to know is how an address is detected as static (see green text in CE).
Code:
`int nb = 15; // Apparently not static...`
Then I would like to understand the term offset : Why is there a gap between two pointers ?
When I think pointers it's all about :
Code:
```int nb = 15; // still not static
int *pNb = &nb; // pNb have the address of nb as a value = no gap```
If somebody can enlighten me about that, like a little code where I can find a static address and a gap (offset) between a pointer and his value.

Sorry for my spelling,
I'm also working on my English.

2. Offset can also be considered as a gap between program's "entrypoint" and an address.

3. Also whether the address pops up as static or dynamic can also be dependent on in which context it's called in the program code. For example:

Code:
```#include <iostream>

using namespace std;

int x = 15291;

int main()
{
cin.get();
cout << "x is: " << x << endl;
cin.get();
}```
In the code above, the address of the holder of x value is static. But in the context below:

Code:
```#include <iostream>

using namespace std;

int main()
{
cin.get();
int y = 15292;
cout << y is: << y << endl;
cin.get();
}```
The address of y appears to be dynamic. I can't explain why it is so, I'm sure someone will

4. Hello,

I understand now that the offset are the jump needed from the static base (thanks for the examples) to the wanted dynamic address.
But technically, what is an offset ? 1 offset = one address (Memory speaking ?)

With the video I have seen (Assault Cube), to get AMMO Address we need to do : BASE Address + 378 + 14 + 0. You can't do BASE Address + 392. So I'm wondering how it works ?
It goes to the BASE then jump of 378 offset, where there is a pointer (it gets the value) then go to this address to again jump of 14 offset etc... ?

Thank you again for your help,
and sorry if my sentances are incorrect.

PS : I see my thread at the second page (bug ?)

5. I hope that this solves most of your issues

https://en.wikipedia.org/wiki/Offset...ter_science%29

6. A little.

I just don't understand : what an offset is reffering to. One offset = ?
I understand that an address can be dynamic : malloc() can allocate differently when the program is restarted for example.
But in what an offset is different in the way you are SURE that BASE + offset = your address ?

1 offset cannot be 1 address, else it will not be static.

7. Offset = A number between something

BASE + Offset = Overall distance

lets assume that | is one slot, therefore:

| + ||| = ||||

Now we can see that our offset is 3 because it's 3 slots away from the |

or we can do it like that:

||| + |||| = |||||||

Now the offset is 4 because the end result is 4 (||||) away from 3 (|||)

Sorry, I can't really explain any better

8. Okey, I think I was wrong from the beginning.

I understand now that the base got a dynamic value, and from there, we can jump thanks of the offsets.
Why the value is different, is another question now... ?

Strange thing I got when I tried something on your code :
Code:
```#include <iostream>

using namespace std;

int x = 15291;

int main()
{
cin.get();
cout << "x is: " << x << endl;
cout << "&x is: " << &x << endl;
cin.get();
}```
From your code, address of x is static and is green in CE (logic).
From my code, address of x is dynamic but is also green in CE.
If somewhere in the code I put &x, boom, static to dynamic.

Thanks for yours answers, it's becoming clearer, even if there are some dark corners.

9. Sorry to bump an old thread but i kinda get where Shinao is coming, i am also having a hard time trying to understand how offsets and pointers and all that work in general, i have read but i just keep forgetting, its allot to take in when you haven't looked at them before. So let me explain what i am understanding and then maybe you guy's can help me.

1. You search for some value in a game e.g. Ammo Number (since that's the easiest one for me to understand).

2. After searching for the ammo value a few times i narrow it down to 2 addresses. (these are dynamic addresses right? and only 1 of the addresses is what i am looking to manipulate right? or could it be 2 or more depending on the game?)

3. I play about with the addresses freezing them and changing there values until i figure out which address is the one i am looking for. (presuming i am only looking for one address and not 2.)

4. Now just to clarify these addresses are not static, they are dynamic, so now i need to find the static addresses of these dynamic addresses. (am i right?)

5. In order to do this (and the only way i know how to), is to right click on the dynamic address in cheat engine, and click "find out what writes to this address".

6. This takes me to a new window that is searching for what writes to the dynamic address. So i go back in game and fire a round.

7. After firing the down i see this and address along with some assembly e.g. 0045B75F - FF 0E - dec [esi]

8. I right click on 0045B75F - FF 0E - dec [esi] and click "more info" this takes me to another windows where the address and assembly from the previous window are highlighted in red.

9. In this windows under the address and assembly that is highlighted in red there is some text that reads, the value of the pointer needed to find the address is probably 008A8CE4 (is this address my static address for the ammo meaning i could simply write somthing to it? what would i write to it? an int? i.e. 100 for 100 bullets aka ammo or would i write some thing else? this is where i get confused)

Thank's Again.
-Anton.

Here's an example:

You have 100 ammo, and you will need to find the dynamic address of that.
This address is dynamic, meaning it will change when you restart the game.

Now you will need to find the offsets, so you can always find the correct address from the BASE address.
To find the offsets, you will need to check what accesses/writes to this address.

Now it might say something like the value of the pointer needed to find the address is probably 0x12345.
Also save the offset in notepad or something. Offset is the hex value you see after the OP command.

mov eax,[ESP+10]

So 0x12345 is the value of the pointer, not the pointer's address it self, so you will need to search that 0x12345 with CE.
In the best case, it will give you one result, an address in the other column and 0x12345 in the other.

Now that address is the address of the pointer that points to AMMO.
Let's say that the address of the pointer is 0x5555.

You will tick the pointer check box, because we are using a pointer here, not a direct value.

Now you need to put 0x5555 in the address slot, and add one offset.
You found the offset (0x10), and you will put that in the offset slot.
Then click OK.

Now if you did everything correctly and you had the right addresses, you should see the ammo value.