Solved Making a Offset Dumper

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

fx705HUJX0

Jr.Coder
Dank Tier Donator
Nobleman
Mar 24, 2016
65
838
0
Hello Guys,

So at the Moment I am making a Team Fortress 2 Cheat (Will eventually post the Sauce) and I am running in to bigger getting Problems. I really want to focus about the actual Hack and the Features. But currently I cant because the Game gets a Update nearly every Day and I dont to waste my Time to search Offsets. So now I thought I could just make a Dumper for the Game. I saw the Video from Rake about External Sig Scanning. My Idea was to change the code a bit, so it just gives the Actual Memory Address out.



These are my Current Offsets. Don't really know how to go on with this. In the Video he just finds the Instruction that Subs the Health and Nops it. How can I find the Instrcution for LocalPlayer and then get the current Adress? Nothing Subs or does anything (At least I think so lol) :FeelsBadMan:

Maybe someone could give me some hints.

Thank you very much and yes I know that I am a Newb.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,073
78,998
2,371
What I am trying too do is, is getting the Base Adress ( Here rdx ) with some kind of sig scanning. When I just scan that Instruction it gives me the Adress of the Instrucion and not the Adress of the Base. What do I have to add to that Insctruction Adress? Most of the time the Instruction Adress is really far away of the Base.

Sorry for my bad explanation but dont know how too explain this good especially with my bad English and the fact that I never tried something like this :retard:
Do this tutorial:


the "Base address" you're talking about is the value held in the register RDX.

Somewhere in the code above this code, there is a "mov rdx, [baseAddress]" or a "lea rdx, baseAddress" or some shit

Base address will be a pointer and is the source operand for these instructions, you need to make your signature for that operand. Either you start your signature with wildcards to represent the operand and this will return the address of this operand or you create your signature for the instruction and then add the correct number of bytes to get the address of the operand.

Your signature should be for an "immediate value" not for a register, basically.

Now technically you could use a pattern scan to find this instruction, do a codecave/hook and grab the register using inline ASM but the whole idea is to make your life easier, not harder so I don't see any point in this unless it's the only way to do it
 
Last edited:

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,294
37,938
269
Something will most definitely access the local player, mate.
 

fx705HUJX0

Jr.Coder
Dank Tier Donator
Nobleman
Mar 24, 2016
65
838
0
Ok I can see there a many accesses. So I can already get the Adress from does Instructions, but how do they have anything to do with the LocalPlayer Adress? How can I now go from there to my LocalPlayer?
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,073
78,998
2,371
I saw the Video from Rake about External Sig Scanning. My Idea was to change the code a bit, so it just gives the Actual Memory Address out.
:wat: My function returns the actual memory address

How can I now go from there to my LocalPlayer?
Look at your health pointer. Remove the last offset. This is the address of your player object (playaerbase).

In the Video he just finds the Instruction that Subs the Health and Nops it. How can I find the Instrcution for LocalPlayer and then get the current Adress? Nothing Subs or does anything (At least I think so lol)
If you do "Find what writes to this address" and select "The address pointed to by this pointer" and then get shot and lose damage, it will list the instruction that edit your health value.
You get the current address of the player from a pointer, just remove the last offset from your health pointer. This works anytime the health variable is a member variable of the player object which is 99% of the time
 

fx705HUJX0

Jr.Coder
Dank Tier Donator
Nobleman
Mar 24, 2016
65
838
0
Hello Rake,

My function returns the actual memory address
Yes it does. I just meant that it doesn't return the "real" LocalPlayer address. Kind of screwed up there :smorc:

If you do "Find what writes to this address" and select "The address pointed to by this pointer" and then get shot and lose damage, it will list the instruction that edit your health value.
You get the current address of the player from a pointer, just remove the last offset from your health pointer. This works anytime the health variable is a member variable of the player object which is 99% of the time
Do you mean this? -->



What I am trying too do is, is getting the Base Adress ( Here rdx ) with some kind of sig scanning. When I just scan that Instruction it gives me the Adress of the Instrucion and not the Adress of the Base. What do I have to add to that Insctruction Adress? Most of the time the Instruction Adress is really far away of the Base.

Sorry for my bad explanation but dont know how too explain this good especially with my bad English and the fact that I never tried something like this :retard:
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods