Jump to content
Moopler Closing Read more... ×
  • 0
Sign in to follow this  

Question Questions about updating addresses


I have one more question.



call 004CF3E0 <-- How can I find this address?
mov ecx,eax
mov eax,[esp+0C]
mov edi,[01FC10F0]//8B 0D ? ? ? ? 85 ? ? ? E8 ? ? ? 00 8B 0D 78
mov edi,[edi+E9F0]
add edi,#0 // X
mov [eax],edi
pop edi
mov ecx,[01FC10F0]
mov ecx,[ecx+E9F4]
add ecx,#0 // Y
mov [eax+04],ecx
pop esi
ret 0004

jmp idea


Share this post

Link to post

4 answers to this question

Recommended Posts

  • 0

I want to know Array of Byte, but I can't

For example, I go to address 0075E2E7 in memory view.

I search 0075E2E7, this Array of Byte is 75 46 2B 56 70 81 FA B8 0B 00 00 7C 3B 8D BE 88

But, other people Array of Byte is 75 ? 2b 56 ? 81 fa b8 ? ? ? 7c ? 8d be

Why is different this result?

I want to know How can find Array of Byte.

Please help me.

My English is so pool.


Share this post

Link to post
  • 0

I merged both of your threads. Next time open only one thread and please use a deskriptiv title for your thread!

Share this post

Link to post
  • 0

For your first question, make an Assembly Scan in the client this script is for and find an addy which calls the address you are looking for. Make an aob for it and you've got it.

For the second question there are different ways of making an aob.

Share this post

Link to post
  • 0

The first question looks like you're trying to find the address of the TSecType<long>::GetData() function, which is being used inside your codecave for some CLife-derivative's GetPos or GetPosPrev function. You could simply find the GetPos-function you're trying to hook and check for the original call (this is the best method, as it ensures the correct template-type function).

Share this post

Link to post

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this