Results 1 to 11 of 11
  1. #1
    CodeDemon's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    vagina
    Posts
    1,074
    Reputation
    50
    Thanks
    936
    My Mood
    Fine

    Updated Client Info Pointer

    Since SeePlusPlus and ppl2pass got me to update it for them since they were posing as Marko have fun nabs!

    0x3780A0A8

    GOGOGOGOGO

    I dont even use the pointer. GCS FTW

  2. #2
    Hahaz's Avatar
    Join Date
    Sep 2008
    Gender
    male
    Location
    Matrix World
    Posts
    1,170
    Reputation
    64
    Thanks
    4,083
    My Mood
    Bored

  3. #3
    whatup777's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    CA Source Code Section
    Posts
    4,030
    Reputation
    147
    Thanks
    351
    My Mood
    Dead
    Quote Originally Posted by CodeDemon View Post
    Since SeePlusPlus and ppl2pass got me to update it for them since they were posing as Marko have fun nabs!

    0x3780A0A8

    GOGOGOGOGO

    I dont even use the pointer. GCS FTW
    I dun give half a crap. GCS. /
    Quotes I live by.


    A foolish person learns from his mistakes, I wise person learns from others.
    Quote Originally Posted by AVGN View Post



    mhm

    i live in texas

    i was at the grocery store with my son. He saw a mexican guy, and he said "Look daddy! a mower man!"

    he's 4 yrs old

  4. #4
    dean-wingess's Avatar
    Join Date
    Jan 2009
    Gender
    male
    Posts
    409
    Reputation
    29
    Thanks
    212
    My Mood
    Stressed
    Quote Originally Posted by CodeDemon View Post
    Since SeePlusPlus and ppl2pass got me to update it for them since they were posing as Marko have fun nabs!

    0x3780A0A8

    GOGOGOGOGO

    I dont even use the pointer. GCS FTW
    I feel sorry for you.. :/ hard work and they just leeched it for themself
    [YOUTUBE]e89lqiE0wi0[/YOUTUBE]

  5. #5
    CodeDemon's Avatar
    Join Date
    Jul 2010
    Gender
    male
    Location
    vagina
    Posts
    1,074
    Reputation
    50
    Thanks
    936
    My Mood
    Fine
    Quote Originally Posted by hahaz View Post
    This one is more noticeable /

  6. #6
    qwerty01's Avatar
    Join Date
    Feb 2010
    Gender
    male
    Posts
    179
    Reputation
    9
    Thanks
    215
    My Mood
    Lurking
    do you mind sharing how you found that?
    already know sigs won't work for it, but is there a pointer that points to it?

  7. #7
    RagedYet's Avatar
    Join Date
    Aug 2010
    Gender
    male
    Location
    California
    Posts
    221
    Reputation
    -3
    Thanks
    34
    My Mood
    Devilish
    Quote Originally Posted by qwerty01 View Post
    do you mind sharing how you found that?
    already know sigs won't work for it, but is there a pointer that points to it?
    Learn some basic assembly go to the pointer in a dissambler look how is called and prettymuch you do some reverse enginering to know how it was built :O ofc no asm u wont ever be a good coder /yea



  8. #8
    CoderDream's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    42
    Reputation
    10
    Thanks
    5
    My Mood
    Aggressive
    Quote Originally Posted by RagedYet View Post


    Learn some basic assembly go to the pointer in a dissambler look how is called and prettymuch you do some reverse enginering to know how it was built :O ofc no asm u wont ever be a good coder /yea
    .... know / LOl TIRED AND BORED JUST... YOU ARE RIGHT

  9. #9
    freedompeace's Avatar
    Join Date
    Jul 2010
    Gender
    female
    Posts
    3,035
    Reputation
    340
    Thanks
    2,784
    My Mood
    Sad
    Quote Originally Posted by RagedYet View Post


    Learn some basic assembly go to the pointer in a dissambler look how is called and prettymuch you do some reverse enginering to know how it was built :O ofc no asm u wont ever be a good coder /yea
    Actually, he does know basic ASM.

  10. The Following User Says Thank You to freedompeace For This Useful Post:

    qwerty01 (11-23-2010)

  11. #10
    SNal2F's Avatar
    Join Date
    Jul 2009
    Gender
    male
    Posts
    175
    Reputation
    30
    Thanks
    99
    the function is part of a class of functions and structured data ...therefore when its called its assumed a this . 'This' is a pointer to the class itself. When you see it called you see the this being moved into ecx. Even when you call a function from a class it is assumed the first parameter is pointer to the class in which it comes from.

    The __thiscall calling convention is used on member functions and is the default calling convention used by C++ member functions that do not use variable arguments. Under __thiscall, the callee cleans the stack, which is impossible for vararg functions. Arguments are pushed on the stack from right to left, with the this pointer being passed via register ECX, and not on the stack, on the x86 architecture.
    __thiscall (C++)


    from my post on UC

    Code:
    3715F660   53                    PUSH EBX  //tried tracing back this function with no luck but you can see that the call in red is from the same class so i traced that for the this:it is lazy but w/e 
    3715F661   8BD9                  MOV EBX,ECX // here you can see this being moved into ebx so now i know the call below is part of the same class
    3715F663   56                    PUSH ESI
    3715F664   8D43 08               LEA EAX,DWORD PTR DS:[EBX+8]
    3715F667   57                    PUSH EDI
    3715F668   C700 00000000         MOV DWORD PTR DS:[EAX],0
    3715F66E   50                    PUSH EAX
    3715F66F   A1 10D97E37           MOV EAX,DWORD PTR DS:[377ED910]
    3715F674   8B88 84000000         MOV ECX,DWORD PTR DS:[EAX+84]
    3715F67A   FFD1                  CALL ECX
    3715F67C   8B7C24 1C             MOV EDI,DWORD PTR SS:[ESP+1C]
    3715F680   83C4 04               ADD ESP,4
    3715F683   6A 00                 PUSH 0
    3715F685   57                    PUSH EDI
    3715F686   8BCB                  MOV ECX,EBX
    3715F688   E8 F3E2FFFF           CALL cshell.3715D980//getplayerbyindex
    3715F68D   E8 7EFDFFFF           CALL cshell.3715F410
    3715F692   8BF0                  MOV ESI,EAX
    3715F694   85F6                  TEST ESI,ESI
    3715F696   75 20                 JNZ SHORT cshell.3715F6B8
    3715F698   8B4C24 10             MOV ECX,DWORD PTR SS:[ESP+10]
    3715F69C   A1 10D97E37           MOV EAX,DWORD PTR DS:[377ED910]
    3715F6A1   8B10                  MOV EDX,DWORD PTR DS:[EAX]
    3715F6A3   8B52 18               MOV EDX,DWORD PTR DS:[EDX+18]
    3715F6A6   51                    PUSH ECX
    3715F6A7   68 04A46E37           PUSH cshell.376EA404                                    ; ASCII "CCBAClientInfoMgr::AddClient %s End"
    
    
    
    3715E914   8B0D 48CE7E37         MOV ECX,DWORD PTR DS:[377ECE48]   //this ClientInfoMgr                      ; cshell.37805DA0
    3715E91A   6A 00                 PUSH 0 //unk
    3715E91C   56                    PUSH ESI//index
    3715E91D   E8 5EF0FFFF           CALL cshell.3715D980//getplayerbyindex
    I couldnt easy trace back(quickly) the initial function therefore i traced the getplayerByindex function which is shown in part 2.....The Getplayerbyindex has ebx moved into ecx , trae back ecx and you see it is set by 'This pointer' off the stack (in the same class "ClientInfoMgr")


    hope this helps.



    @ GCS --- so what its not like you reversed it ....just copy pasted, acted like you reversed it psssh.

    any1 that want gcs pointer its [[[0x3784568C ]]+ 0xB0] = clientinfoMgr //credits to zoomgod


    37181080 8D81 54850100 LEA EAX,DWORD PTR DS:[ECX+18554] // eax = 37823154
    37181086 C3 RETN
    Last edited by SNal2F; 11-23-2010 at 10:38 AM.

  12. The Following 5 Users Say Thank You to SNal2F For This Useful Post:

    fvestrgenrl (11-23-2010),GodHack2 (11-23-2010),NOOB (02-04-2011),qwerty01 (11-23-2010),Synns (11-23-2010)

  13. #11
    qwerty01's Avatar
    Join Date
    Feb 2010
    Gender
    male
    Posts
    179
    Reputation
    9
    Thanks
    215
    My Mood
    Lurking
    sry, for some reason last time i tried finding the pointer it wasn't working...worked today though...thx snal2f