Results 1 to 13 of 13
  1. #1
    Ch40zz-C0d3r's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Posts
    839
    Reputation
    44
    Thanks
    400
    My Mood
    Twisted

    Getting WORKING signatures

    Hey guys
    Since so many peole are just failing at this, and I hate people posting 1000 threads about updated addies, Im going to show you now how to make WORKING signature scans. This method is well known by some people, but most just c&p, thats why I will not give examples on real addresses.
    So for now, lets look at a function in CShell.dll:



    As you can see, here is much empty, not initialized memory. The game will intialize it later, but we dont want to wait for this.
    So, lets do 2 simple things:

    1. Search for static pointers
    You simply rightclick anywhere in the CPU window, and click search for -> All constants.
    Enter your address above and press ok, Olly will list you some pointers using this address.

    2. Search for All references
    If the first method fails, just try it with this method.
    Mark the address you want to find and press CTRL + R.
    Olly will make a list of the adresses using this address as parameter.

    If you have a list, you need to look for some things:
    Code:
    372EDDE9   |.  8B15 F8FB8237      MOV EDX,DWORD PTR DS:[3782FBF8]
    This line is good. Our address is moved into a register. Now you need this table:
    Code:
    EAX - 0x1
    ECX - 0x2
    EDX - 0x3
    EBX - 0x4
    ESP - 0x5
    EBP - 0x6
    ESI - 0x7
    EDI - 0x8
    As we can see, the register is clearly EDX which means an offset of 0x3!
    Now we will make the signature. Make a signaturescan of the adress which is MOVING your addressinto the register, not the address itself. (Make a sginature from 0x372EDDE9)

    And when you logg this address in your hack, simply add the offset and read out the pointer, which is pointing TO OUR ADDRESS WE WANT.
    Code:
    dwAdrTbl[8] = (DWORD)*(DWORD*)(dwTmp + 0x3);
    So, in pseudocode:
    Code:
    FinalAddress = (DWORD)*(DWORD*)(MOVAddress + RegisterOffset);
    I hope you understood all well, give credits, and dont be a noob


    CREDITS:
    Ch40zz-C0d3r
    MattyPatty (used this method earlier)
    Attached Thumbnails Attached Thumbnails
    emptymemory.png  

    Last edited by Ch40zz-C0d3r; 09-22-2012 at 03:47 AM.

    Progress with my game - "Disbanded"
    • Fixed FPS lag on spawning entities due to the ent_preload buffer!
    • Edit the AI code to get some better pathfinding
    • Fixed the view bug within the sniper scope view. The mirror entity is invisible now!
    • Added a new silencer for ALL weapons. Also fixed the rotation bugs
    • Added a ton of new weapons and the choice to choose a silencer for every weapon
    • Created a simple AntiCheat, noobs will cry like hell xD
    • The name will be Disbanded, the alpha starts on the 18th august 2014



    Some new physics fun (Serversided, works on every client)



    My new AI
    http://www.youtube.com/watch?v=EMSB1GbBVl8

    And for sure my 8 months old gameplay with 2 friends
    http://www.youtube.com/watch?v=Na2kUdu4d_k

  2. The Following 12 Users Say Thank You to Ch40zz-C0d3r For This Useful Post:

    arun823 (09-22-2012),Element™ (10-02-2012),experthack (05-11-2013),[MPGH]Flengo (09-22-2012),gibam761 (11-09-2012),Hacker Fail (01-12-2013),mach-kernel (09-23-2012),matypatty (09-23-2012),Otaviomorais (10-08-2012),Shadow` (09-22-2012),Sneak84 (11-09-2012),The Decoder (01-14-2013)

  3. #2
    arun823's Avatar
    Join Date
    Jun 2010
    Gender
    male
    Location
    Los Angeles, California
    Posts
    524
    Reputation
    151
    Thanks
    1,887
    My Mood
    Amused
    Good thread, hopefully people can stop posting wrong addresses, and for the people who DON'T know how to make sigs in olly, google SigMaker plugin, just a hint.
    Last edited by arun823; 09-22-2012 at 09:36 AM.

  4. #3
    Flengo's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    Ontario, Canada
    Posts
    15,695
    Reputation
    3319
    Thanks
    11,108
    My Mood
    Happy
    You were telling me about this before, I got some sense out of it by looking at Gellin's examples.

    But this is a greater help, thanks for sharing some of your knowledge


    I Read All Of My PM's & VM's
    If you need help with anything, just let me know.
     
     
    VM | PM

    Publicist Since 04.04.2015
    Middleman Since Unknown - Unknown
    Global Moderator Since 08.01.2013
    Donator Since 05.29.2013

    Minion+ Since 04.18.2013

    District 187 Minion Since 04.04.2013
    Steam Minion Since 02.26.2013
    WarRock Minion Since 02.19.2013
    A.V.A Minion Since 02.13.2013
    DayZ Minion Since 01.21.2013
    Combat Arms Minion Since 12.26.2012
    Contributor Since 11.16.2012
    Member Since 05.11.2010


  5. #4
    Shadow`'s Avatar
    Join Date
    Nov 2011
    Gender
    male
    Location
    MN
    Posts
    643
    Reputation
    74
    Thanks
    2,999
    My Mood
    Relaxed
    Thanks for the great tutorial, hopefully people post some good pattern scans now and can create working ones!

  6. #5
    Avery17's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Posts
    28
    Reputation
    21
    Thanks
    10
    How about a tutorial for attaching Olly to Combat Arms undetected?

  7. #6
    Ch40zz-C0d3r's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Posts
    839
    Reputation
    44
    Thanks
    400
    My Mood
    Twisted
    Quote Originally Posted by Avery17 View Post
    How about a tutorial for attaching Olly to Combat Arms undetected?
    I will floot this section with my methods soon, just be patient
    Hope my shit gets stickied or something, since its not useless :P

    Progress with my game - "Disbanded"
    • Fixed FPS lag on spawning entities due to the ent_preload buffer!
    • Edit the AI code to get some better pathfinding
    • Fixed the view bug within the sniper scope view. The mirror entity is invisible now!
    • Added a new silencer for ALL weapons. Also fixed the rotation bugs
    • Added a ton of new weapons and the choice to choose a silencer for every weapon
    • Created a simple AntiCheat, noobs will cry like hell xD
    • The name will be Disbanded, the alpha starts on the 18th august 2014



    Some new physics fun (Serversided, works on every client)



    My new AI
    http://www.youtube.com/watch?v=EMSB1GbBVl8

    And for sure my 8 months old gameplay with 2 friends
    http://www.youtube.com/watch?v=Na2kUdu4d_k

  8. #7
    arun823's Avatar
    Join Date
    Jun 2010
    Gender
    male
    Location
    Los Angeles, California
    Posts
    524
    Reputation
    151
    Thanks
    1,887
    My Mood
    Amused
    Quote Originally Posted by Avery17 View Post
    How about a tutorial for attaching Olly to Combat Arms undetected?
    I have never attached CA to olly, that's just too much work. Link CShell .dll to Load Lib, google PE Tools, run it and search for the Load Lib program you have. Now just look for cshell.dll and dump! Then you can load it into IDA or Olly, w/e you use. For engine.exe, as soon as you start ca, you must suspend the process then head on over to pe tools look for engine.exe and dump. Hope this helps

  9. #8
    Flengo's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    Ontario, Canada
    Posts
    15,695
    Reputation
    3319
    Thanks
    11,108
    My Mood
    Happy
    Quote Originally Posted by Ch40zz-C0d3r View Post
    I will floot this section with my methods soon, just be patient
    Hope my shit gets stickied or something, since its not useless :P
    Make a bunch of threads like this.
    Make one thread which links to all this, plus more, even older things.
    That thread gets stickied.

    Possibly.


    I Read All Of My PM's & VM's
    If you need help with anything, just let me know.
     
     
    VM | PM

    Publicist Since 04.04.2015
    Middleman Since Unknown - Unknown
    Global Moderator Since 08.01.2013
    Donator Since 05.29.2013

    Minion+ Since 04.18.2013

    District 187 Minion Since 04.04.2013
    Steam Minion Since 02.26.2013
    WarRock Minion Since 02.19.2013
    A.V.A Minion Since 02.13.2013
    DayZ Minion Since 01.21.2013
    Combat Arms Minion Since 12.26.2012
    Contributor Since 11.16.2012
    Member Since 05.11.2010


  10. #9
    Shadow`'s Avatar
    Join Date
    Nov 2011
    Gender
    male
    Location
    MN
    Posts
    643
    Reputation
    74
    Thanks
    2,999
    My Mood
    Relaxed
    Quote Originally Posted by Flengo View Post


    Make a bunch of threads like this.
    Make one thread which links to all this, plus more, even older things.
    That thread gets stickied.

    Possibly.
    If he continues to make tutorials, this section will only continue to improve

  11. #10
    Departure's Avatar
    Join Date
    Nov 2010
    Gender
    male
    Posts
    818
    Reputation
    125
    Thanks
    1,785
    My Mood
    Doh
    whats this offset register table?

    the line "MOV EDX,DWORD PTR DS:[3782FBF8]"
    is taking the bytes at address 3782FBF8 and placing them into EDX register, EDX is a 32bit register which means 4 bytes is place there(aka Dword), could you please explain the "Register Offset" a little better I don't see what this has to do with anything, Maybe I have misunderstood something.

    now if you look at 372EDDE9 |. 8B15 F8FB8237 MOV EDX,DWORD PTR DS:[3782FBF8]

    for each byte the address is increased by 1

    first lets look take the byte values "8B15 F8FB8237" the address 3782FBF8 is in these byte values as little endian.

    Take address 372EDDE9 + 2 bytes would land here 8B15 F8FB8237 so it will take byte values from F8(green) and copy the size of a dword( 4 bytes) in the EDX register, This is a 2 byte offset from original address and it has nothing to do with register table offset.

    to prove this what if the line said to mov EBX instead of EDX? 372EDDE9 8B1D F8FB8237 MOV EBX,DWORD PTR DS:[3782FBF8]

    according to you it would be a 0x4 byte offset(From your "register table") which is incorrect it is still 0x2 bytes offset. So once again it has nothing to with Register table. only when mov EAX is used it will be a 1 byte offset

    Code:
    Bytes                               Instructions
    ======================================================
    A1 F8FB8237                     MOV EAX,[3782FBF8]
    8B0D F8FB8237                   MOV ECX,[3782FBF8]
    8B15 F8FB8237                   MOV EDX,[3782FBF8]
    8B1D F8FB8237                   MOV EBX,[3782FBF8]
    8B25 F8FB8237                   MOV ESP,[3782FBF8]
    8B2D F8FB8237                   MOV EBP,[3782FBF8]
    8B35 F8FB8237                   MOV ESI,[3782FBF8]
    8B3D F8FB8237                   MOV EDI,[3782FBF8]
    as you can see for each register it would be 2 byte offset(Except for EAX, 1 byte) to get the value "F8FB8237" which once placed into the register is 3782FBF8 because of little endian.


    Unless I have missed something here or misunderstood what you are actually trying to do, I suggest editing your original post with correct information so people don't get confused why there offsets are not working...
    Last edited by Departure; 09-28-2012 at 01:16 AM.
    DJector.Lite
    Get the advantages of new injection technology, with 1 click easy to use injector, work for all platforms x86/x64

    Download

    D-Jector
    Get the most advanced and full featured injector around, works for any game and any platform x86/x64, nothing comes even close.
    Download

  12. The Following User Says Thank You to Departure For This Useful Post:

    UTAN (11-05-2012)

  13. #11
    master131's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    Melbourne, Australia
    Posts
    8,802
    Reputation
    3165
    Thanks
    73,324
    My Mood
    Breezy
    I agree with Departure, the "offset register table" is just plain wrong. It just depends on which variant of an assembly instruction is used.
    Donate:
    BTC: 1GEny3y5tsYfw8E8A45upK6PKVAEcUDNv9


    Handy Tools/Hacks:
    Extreme Injector v3.6.1 *NEW* Windows 10 compatible!
    A powerful and advanced injector in a simple GUI.
    Can scramble DLLs on injection making them harder to detect and even make detected hacks work again!

    Minion Since: 13th January 2011
    Moderator Since: 6th May 2011
    Global Moderator Since: 29th April 2012
    Super User/Unknown Since: 23rd July 2013
    'Game Hacking' Team Since: 30th July 2013

    --My Art--
    [Roxas - Pixel Art, WIP]
    [Natsu - Drawn]
    [Natsu - Coloured]


    All drawings are coloured using Photoshop.

    --Gifts--
    [Kyle]

  14. #12
    UTAN's Avatar
    Join Date
    Sep 2012
    Gender
    male
    Posts
    66
    Reputation
    10
    Thanks
    46
    @Departure
    can you help me

    i cant get the right offset log

    Code:
    00C8BF06   D958 04          FSTP DWORD PTR DS:[EAX+4]
    00C8BF09   83C4 04          ADD ESP,4
    00C8BF0C   8B4C24 2C        MOV ECX,DWORD PTR SS:[ESP+2C]
    Code:
    DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
    {
    	for(DWORD i=0; i < dwLen; i++)
    		if( bCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
    			return (DWORD)(dwAddress+i);
    	return 0;
    }
    Code:
    unsigned long DamagePerMeter = FindPattern(dwCShellEntryPoint, dwCShellCodeSize, (PBYTE)Pattern, Mask);
    
    if(DamagePerMeter)
    {
    DamagePerMeter = *(PDWORD)(DamagePerMeter+0x2);
    log("#define DamagePerMeter 0x%X",DamagePerMeter);
    }
    Log result
    Code:
    #define DamagePerMeter 			0x4C48304
    Last edited by UTAN; 11-05-2012 at 08:28 PM.

  15. #13
    Ch40zz-C0d3r's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Posts
    839
    Reputation
    44
    Thanks
    400
    My Mood
    Twisted
    So you guys wre right, I just learned some ASM now.
    So basicly my table posted is bullshit.
    Simply do this:
    Code:
    A1 F8FB8237                     MOV EAX,[3782FBF8]
    Notice the space between A1 and the rest?
    A1 = 1 byte = 0x1 offset

    Code:
    8B0D F8FB8237                   MOV ECX,[3782FBF8]
    Heres the space after 2 bytes = 0x2 offset

    The first bytes are the command itself (MOV EAX, MOV ECX) and the last bytes the address read backwards (C compiler is backwards, PASCAL compiler its forward).
    Hope people will use this
    Sorry for the shit I posted above :P

    @UTAN
    What are you trying to do?
    I dont see what Address you want.
    Last edited by Ch40zz-C0d3r; 01-11-2013 at 01:56 PM.

    Progress with my game - "Disbanded"
    • Fixed FPS lag on spawning entities due to the ent_preload buffer!
    • Edit the AI code to get some better pathfinding
    • Fixed the view bug within the sniper scope view. The mirror entity is invisible now!
    • Added a new silencer for ALL weapons. Also fixed the rotation bugs
    • Added a ton of new weapons and the choice to choose a silencer for every weapon
    • Created a simple AntiCheat, noobs will cry like hell xD
    • The name will be Disbanded, the alpha starts on the 18th august 2014



    Some new physics fun (Serversided, works on every client)



    My new AI
    http://www.youtube.com/watch?v=EMSB1GbBVl8

    And for sure my 8 months old gameplay with 2 friends
    http://www.youtube.com/watch?v=Na2kUdu4d_k

  16. The Following User Says Thank You to Ch40zz-C0d3r For This Useful Post:

    Timboy67678 (03-05-2013)

Similar Threads

  1. Either works Signature/Avatar
    By Dakota in forum Help & Requests
    Replies: 8
    Last Post: 11-10-2010, 05:11 PM
  2. how to get working prestige hack
    By 3pino in forum Call of Duty Modern Warfare 2 Help
    Replies: 4
    Last Post: 05-23-2010, 04:06 AM
  3. cant get working
    By palikka34 in forum Combat Arms Europe Hacks
    Replies: 4
    Last Post: 11-20-2009, 01:42 AM
  4. the only thing i can get working
    By CORRUPTION53 in forum Combat Arms Hacks & Cheats
    Replies: 0
    Last Post: 08-22-2009, 12:12 PM
  5. [tut]How to get working chams
    By ostisgood in forum Combat Arms Europe Hacks
    Replies: 17
    Last Post: 06-01-2009, 03:14 AM