Solved internal multi level memory reading

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

sharp0009

Newbie
Dank Tier Donator
Feb 18, 2016
21
743
1
hi, I've been working on function calling, however I found that my function has this call. Some kind of object is passed via ECX, however it's dynamic address, changes all the time.

as solution I guess it's good idea to find pointers who always point's to correct address, so I could call this function. (if it's not a good solution, feel free to correct me).

however I need to know, how to read and write memory internally and with multi level pointers. If someone could show me example I would be very thankful.
 

Teuvin

now I am become Death
Dank Tier VIP
Trump Tier Donator
Dec 8, 2016
403
10,388
65
You could just make a signature for the function, it's way easier imo
 

sharp0009

Newbie
Dank Tier Donator
Feb 18, 2016
21
743
1
Well I heard about this, but have no idea how to get what I want by pattern scan, I'm still new in internal stuff :biblethump:
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,747
40,528
317
You could just make a signature for the function, it's way easier imo
For the function, yes. Not for the thisptr.
You should try to find the instance by reversing and checking how the game calls the function.
Internally you can simply dereference pointers:
C++:
UINT_PTR Base = 0x123456;
UINT_PTR Buffer = *(UINT_PTR*)Base;
Buffer = *(UINT_PTR*)(Buffer + Offset1);
Buffer = *(UINT_PTR*)(Buffer + Offset2);
Buffer = *(UINT_PTR*)(Buffer + Offset3);
UINT_PTR FinalAddress = Buffer + Offset4;
You should add checks after each level in case the pointer isn't intialized or you'll crash.
 

sharp0009

Newbie
Dank Tier Donator
Feb 18, 2016
21
743
1
For the function, yes. Not for the thisptr.
You should try to find the instance by reversing and checking how the game calls the function.
Internally you can simply dereference pointers:
C++:
UINT_PTR Base = 0x123456;
UINT_PTR Buffer = *(UINT_PTR*)Base;
Buffer = *(UINT_PTR*)(Buffer + Offset1);
Buffer = *(UINT_PTR*)(Buffer + Offset2);
Buffer = *(UINT_PTR*)(Buffer + Offset3);
UINT_PTR FinalAddress = Buffer + Offset4;
You should add checks after each level in case the pointer isn't intialized or you'll crash.
thanks, helping me out a lot!
 

sharp0009

Newbie
Dank Tier Donator
Feb 18, 2016
21
743
1
Rake;50645 said:
sharp0009 The function you're looking at is a thiscall function, a class member function. The address of the object calling the function is passed in the ECX register.
Video tutorial by Traxin here
thanks, I have already watches all Traxin videos, he's awesome, learned a lot about function calling. Actually I have finally called game function, thanks to all this community. :smile:
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods