Results 1 to 7 of 7
  1. #1
    MrJarni's Avatar
    Join Date
    Sep 2014
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0

    Data validation dump?

    any chance someone could post a small memory dump for of the offset data validation.

    just a few bytes before and after the offset, i would just like to examine that area, via hex, i don't have aw for pc thats why i'm asking.

  2. #2
    ytoof's Avatar
    Join Date
    Aug 2010
    Gender
    male
    Location
    MPGH CoD-Section
    Posts
    823
    Reputation
    10
    Thanks
    741
    My Mood
    Cheerful
    14A817B80 is the adress

    NightmareTx was kind enough to post it a few days ago

  3. #3
    MrJarni's Avatar
    Join Date
    Sep 2014
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    Quote Originally Posted by ytoof View Post
    14A817B80 is the adress

    NightmareTx was kind enough to post it a few days ago
    I know what the address is, but that wasn't what i was looking for. what i was looking for was a hex dump of where the offset is located. a few bytes before the above offset and a few bytes after.

    i don't have aw for pc so the offset isn't much use to me. i'm just really after a dump of that generally area.

  4. #4
    distiny's Avatar
    Join Date
    Mar 2011
    Gender
    male
    Posts
    560
    Reputation
    67
    Thanks
    560
    My Mood
    Cynical
    Code:
    .data:000000014A817B6F                 db    0
    .data:000000014A817B70 unk_14A817B70   db 0C6h ;              ; DATA XREF: .data:off_140C26A00o
    .data:000000014A817B71                 db  9Bh ; 
    .data:000000014A817B72                 db 0ACh ; 
    .data:000000014A817B73                 db  40h ; @
    .data:000000014A817B74                 db    1
    .data:000000014A817B75                 db    0
    .data:000000014A817B76                 db    0
    .data:000000014A817B77                 db    0
    .data:000000014A817B78                 db    0
    .data:000000014A817B79                 db    0
    .data:000000014A817B7A                 db    0
    .data:000000014A817B7B                 db    0
    .data:000000014A817B7C                 db    5
    .data:000000014A817B7D                 db    0
    .data:000000014A817B7E                 db    0
    .data:000000014A817B7F                 db    0
    .data:000000014A817B80                 db    1
    .data:000000014A817B81                 db    0
    .data:000000014A817B82                 db    0
    .data:000000014A817B83                 db    0
    .data:000000014A817B84                 db    0
    .data:000000014A817B85                 db    0
    .data:000000014A817B86                 db    0
    .data:000000014A817B87                 db    0
    .data:000000014A817B88                 db  74h ; t
    .data:000000014A817B89                 db    0
    .data:000000014A817B8A                 db    0
    .data:000000014A817B8B                 db    0
    .data:000000014A817B8C                 db    0
    .data:000000014A817B8D                 db    0
    .data:000000014A817B8E                 db    0
    .data:000000014A817B8F                 db    0
    .data:000000014A817B90                 db    1
    .data:000000014A817B91                 db    0
    .data:000000014A817B92                 db    0
    hex:

    Code:
    000000014A817A90  00 00 00 00 80 4F 12 00  18 00 00 00 00 00 00 00  ....O..........
    000000014A817AA0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
    000000014A817AB0  0A 9C AC 40 01 00 00 00  00 00 00 00 05 00 00 00  .@............
    000000014A817AC0  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817AD0  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817AE0  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817AF0  00 00 00 00 02 00 00 00  18 00 00 00 00 00 00 00  ................
    000000014A817B00  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
    000000014A817B10  22 9C AC 40 01 00 00 00  00 00 00 00 05 00 00 00  "@............
    000000014A817B20  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817B30  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817B40  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817B50  00 00 00 00 01 00 00 00  18 00 00 00 00 00 00 00  ................
    000000014A817B60  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
    000000014A817B70  C6 9B AC 40 01 00 00 00  00 00 00 00 05 00 00 00  @............
    000000014A817B80  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817B90  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817BA0  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817BB0  00 00 00 00 01 00 00 00  00 00 00 00 08 01 00 00  ................
    000000014A817BC0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
    000000014A817BD0  E1 9B AC 40 01 00 00 00  00 00 00 00 05 00 00 00  @............
    000000014A817BE0  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817BF0  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817C00  01 00 00 00 00 00 00 00  74 00 00 00 00 00 00 00  ........t.......
    000000014A817C10  00 00 00 00 01 00 00 00  00 00 00 00 08 01 00 00  ................
    000000014A817C20  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
    000000014A817C30  CC D5 AC 40 01 00 00 00  00 20 00 00 05 01 00 00  i@..... ......
    000000014A817C40  00 00 00 00 00 00 00 00  60 FB 0E 00 00 00 00 00  ........`......
    000000014A817C50  00 00 00 00 00 00 00 00  60 FB 0E 00 00 00 00 00  ........`......
    000000014A817C60  00 00 00 00 00 00 00 00  F8 FF FF 7F 00 00 00 00  ........**.....
    000000014A817C70  00 00 00 00 10 00 00 00  18 00 00 00 00 00 00 00  ................
    000000014A817C80  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
    000000014A817C90  D9 D5 AC 40 01 00 00 00  02 00 00 00 00 00 00 00  +i@............
    000000014A817CA0  01 00 00 00 00 00 00 00  F8 FF FF 7F 00 00 00 00  ........**.....
    000000014A817CB0  01 00 00 00 00 00 00 00  F8 FF FF 7F 00 00 00 00  ........**.....
    000000014A817CC0  01 00 00 00 00 00 00 00  F8 FF FF 7F 00 00 00 00  ........**.....
    000000014A817CD0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
    000000014A817CE0  00 00 00 00 00 00 00 00  00 00 00 00 00 00 00 00  ................
    000000014A817CF0  1D C9 AC 40 01 00 00 00  00 00 00 00 05 00 00 00  .+@............
    000000014A817D00  00 00 00 00 00 00 00 00  F7 FF FF 7F 00 00 00 00  ........**.....
    000000014A817D10  00 00 00 00 00 00 00 00  F7 FF FF 7F 00 00 00 00  ........**.....
    FBI got my PC...Hardcore cheating is paused atm..

  5. #5
    distiny's Avatar
    Join Date
    Mar 2011
    Gender
    male
    Posts
    560
    Reputation
    67
    Thanks
    560
    My Mood
    Cynical
    Editing failed so you can merge the posts


    the address comes from
    0x14A817B70 + 0x10 -> .data:000000014A817B70 unk_14A817B70 db 0C6h ; ; DATA XREF: .dataff_140C26A00o

    leads back to
    Code:
    .data:0000000140C26A00 off_140C26A00   dq offset unk_14A817B70 ; DATA XREF: sub_14013D3D0+2Fw
    .data:0000000140C26A00                                         ; sub_14013D570+4r ...
    and back to

    Code:
    .text:000000014013D570 sub_14013D570   proc near               ; CODE XREF: sub_14013E3B0+4EAp
    .text:000000014013D570                 sub     rsp, 28h
    .text:000000014013D574                 mov     rax, cs:off_140C26A00
    .text:000000014013D57B                 test    rax, rax
    .text:000000014013D57E                 jz      short loc_14013D5A0
    .text:000000014013D580                 cmp     dword ptr [rax+10h], 0
    .text:000000014013D584                 jz      short loc_14013D5A0
    .text:000000014013D586                 lea     rcx, aS_ReportIssueA ; "%s. Report issue and set 'data_validati"...
    .text:000000014013D58D                 call    sub_1405DB9D0
    .text:000000014013D592                 xor     ecx, ecx
    .text:000000014013D594                 mov     rdx, rax
    .text:000000014013D597                 add     rsp, 28h
    .text:000000014013D59B                 jmp     sub_1404E12D0
    offset 0x140C26A00 being loaded in rax
    cmp dword ptr [rax+10h], 0 -> rax+10 being compared to 0 (is tamper check on or off)

    tracing it all back resulted in the original address

    All credit to NightmareTX for finding it
    Last edited by distiny; 11-10-2014 at 07:01 AM.
    FBI got my PC...Hardcore cheating is paused atm..

  6. #6
    distiny's Avatar
    Join Date
    Mar 2011
    Gender
    male
    Posts
    560
    Reputation
    67
    Thanks
    560
    My Mood
    Cynical
    Editing failed so you can merge the posts


    the address comes from
    0x14A817B70 + 0x10 ->
    Code:
    .data:000000014A817B70 unk_14A817B70   db 0C6h ;              ; DATA XREF: .data:off_140C26A00o
    leads back to
    Code:
    .data:0000000140C26A00 off_140C26A00   dq offset unk_14A817B70 ; DATA XREF: sub_14013D3D0+2Fw
    .data:0000000140C26A00                                         ; sub_14013D570+4r ...
    and back to

    Code:
    .text:000000014013D570 sub_14013D570   proc near               ; CODE XREF: sub_14013E3B0+4EAp
    .text:000000014013D570                 sub     rsp, 28h
    .text:000000014013D574                 mov     rax, cs:off_140C26A00
    .text:000000014013D57B                 test    rax, rax
    .text:000000014013D57E                 jz      short loc_14013D5A0
    .text:000000014013D580                 cmp     dword ptr [rax+10h], 0
    .text:000000014013D584                 jz      short loc_14013D5A0
    .text:000000014013D586                 lea     rcx, aS_ReportIssueA ; "%s. Report issue and set 'data_validati"...
    .text:000000014013D58D                 call    sub_1405DB9D0
    .text:000000014013D592                 xor     ecx, ecx
    .text:000000014013D594                 mov     rdx, rax
    .text:000000014013D597                 add     rsp, 28h
    .text:000000014013D59B                 jmp     sub_1404E12D0
    offset 0x140C26A00 being loaded in rax
    cmp dword ptr [rax+10h], 0 -> rax+10 being compared to 0 (is tamper check on or off)

    tracing it all back resulted in the original address

    All credit to NightmareTX for finding it
    FBI got my PC...Hardcore cheating is paused atm..

  7. #7
    MrJarni's Avatar
    Join Date
    Sep 2014
    Gender
    male
    Posts
    4
    Reputation
    10
    Thanks
    0
    Quote Originally Posted by distiny View Post
    Editing failed so you can merge the posts


    the address comes from
    0x14A817B70 + 0x10 ->
    Code:
    .data:000000014A817B70 unk_14A817B70   db 0C6h ;              ; DATA XREF: .data:off_140C26A00o
    leads back to
    Code:
    .data:0000000140C26A00 off_140C26A00   dq offset unk_14A817B70 ; DATA XREF: sub_14013D3D0+2Fw
    .data:0000000140C26A00                                         ; sub_14013D570+4r ...
    and back to

    Code:
    .text:000000014013D570 sub_14013D570   proc near               ; CODE XREF: sub_14013E3B0+4EAp
    .text:000000014013D570                 sub     rsp, 28h
    .text:000000014013D574                 mov     rax, cs:off_140C26A00
    .text:000000014013D57B                 test    rax, rax
    .text:000000014013D57E                 jz      short loc_14013D5A0
    .text:000000014013D580                 cmp     dword ptr [rax+10h], 0
    .text:000000014013D584                 jz      short loc_14013D5A0
    .text:000000014013D586                 lea     rcx, aS_ReportIssueA ; "%s. Report issue and set 'data_validati"...
    .text:000000014013D58D                 call    sub_1405DB9D0
    .text:000000014013D592                 xor     ecx, ecx
    .text:000000014013D594                 mov     rdx, rax
    .text:000000014013D597                 add     rsp, 28h
    .text:000000014013D59B                 jmp     sub_1404E12D0
    offset 0x140C26A00 being loaded in rax
    cmp dword ptr [rax+10h], 0 -> rax+10 being compared to 0 (is tamper check on or off)

    tracing it all back resulted in the original address

    All credit to NightmareTX for finding it
    thanks alot mate

Similar Threads

  1. Dump!
    By Flawless in forum Spammers Corner
    Replies: 20
    Last Post: 12-18-2014, 05:28 AM
  2. Replies: 3
    Last Post: 10-20-2013, 06:34 PM
  3. [Tutorial] Terraria 1.1.2 - Dumping Data / Textures
    By atom0s in forum Terraria Hacks
    Replies: 0
    Last Post: 05-20-2013, 06:30 AM
  4. [Info] MAT Automaton .bin data (dump)
    By xshoter in forum Mission Against Terror Hacks & Cheats
    Replies: 10
    Last Post: 02-19-2012, 04:09 AM