Point Addresses Manual vs Pointer Scans

  • This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.
  • ► You must register to download attachments!
Swift Games Accounts
Sep 1, 2012
Hi guys!

I've pretty much spent the last 3-5 days doing nothing but watching Fleep videos and applying the techniques. I'm going with basic stuff and slowly moving onto more complex things. There are a few topics I've learned that weren't covered in Fleep's tutorials.

First off, despite the fact that you've successful figured out the static base pointer that points to the chain of pointers, that ultimately point to the value you want to hack, that static address CAN change. This is due to the fact that the address is written in HEX, and is an absolute address.

Addresses that don't change, and written relative to the process itself. For "game.exe" + 00B00BS vs some pointer chain starting at 0x17702134.

I generally get the base static address within minutes of scanning for the value.

I've read online that in order to turn the absolute address so that it's a relative address, we need to use another program to determine the base address of the desired process.

The other way around it is to use pointer scans, which are relative by default, but do take a lot of time.

I imagine using a program to get the base address method should be fastest, but does anyone else have experience in this matter? Is it a simple matter of using a program to find the base address of the process, and then do some math?

Thanks in Advance.
May 27, 2012
OllyDbg will give you the base address of the Executable Module then you can use that base address + 0x1337 or what ever the address is.




May 20, 2012
The way the game does "game.exe" + 0x12356AB you can do exactly the same, all you need is a function no additional maths other than if multi-level pointers are in play.
I followed this a long time ago and it worked fine,
You do not have permission to view link Log in or register now.
I do have a c++ version of it somewhere but I have no clue where it is.
The second post by pingo should have your answer, just adapt it to whatever language you are dealing with ;).

Sep 1, 2012
I believe you guys answered my question. I'm trying to avoid coding right now. Building up my basics on finding addresses, getting addresses that are permanent, and then down the line, writing code to do something programmatic with the addresses.

Reading from everyone's response, it confirms my belief that there's:

1. The math method: Manually find addresses, use IDA to get base address, then calculate the difference to arrive at the relative address.
2. There's the write and then use a program method, write a program to read the module's address, and then do method 1.
3. There's always the pointer scan method. Which is more time consuming, but you wouldn't need a programming background to do it.

Did I sum it up properly?