Solved IDA Problems

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

PwndDepot

I has a status
Dank Tier VIP
Trump Tier Donator
Dank Tier Donator
Nov 5, 2014
239
7,748
19
Ok folks i'm just going to explain my whole situation because i'm losing sleep over this and it's driving me crazy.
I'm trying to reverse this game. It's compiled using visual studio c++ apparently but uses java heavily.
So what i'm trying to do is find the entity list. This game is an mmo fps so it's not as easy as spawning a bunch of bots.
One thing I noticed is that my health and player info is stored in a way different memory location than my player coordinates.
https://prntscr.com/au7cb2
When I do "find out what accesses this address" for stamina and health, I noticed the instruction is always the same, but the RVA and register ecx are always different
C++:
STAMINA
0497C051 - F3 0F11 41 14  - movss [ecx+14],xmm0
ecx = 12F24FD0
04C882ED - F3 0F11 41 14  - movss [ecx+14],xmm0
ecx = 1324CC78

HEALTH
0497C051 - F3 0F11 41 14  - movss [ecx+14],xmm0
ecx = 12F914C0
04C882ED - F3 0F11 41 14  - movss [ecx+14],xmm0
ecx = 1324CC8
So obviously ecx is not my playerbase.

Well Im not really after my playerbase right now, I'm more interested in my coordinates (stored client side in an mmofps :lol:) and Im looking to make a telehack so i'm trying to find the entity list. I'm probably a little in over my head since I don't even have the playerbase and I suck at reversing but I wanted to try anyways. However, I quickly ran into a problem with IDA.
I clicked "find out what accesses this address" to my z coordinate
https://prntscr.com/au7huh
I right click, go to address and copy the address, open up IDA, attach and press g for jump to address. paste it in and I get this:
https://prntscr.com/au7j9e

All I wanna do is use the decompiler feature in IDA so I can start figuring out how the game uses its player class, entity class, etc. :FeelsBadMan:
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,295
37,938
269
IDA doesn't think its code. click the location then press 'c'

or edit menu->code
 

PwndDepot

I has a status
Dank Tier VIP
Trump Tier Donator
Dank Tier Donator
Nov 5, 2014
239
7,748
19
Well that fixed that problem, thanks. Can IDA not show psuedocode when it's only attached? I go view>open subgraphs>decompile a function but it always says "place your cursor inside function"
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,295
37,938
269
Turn the code into a function then, believe the button is 'p' or 'f'
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods