Take the PTC function address. Look for commands that call that address.
Hey guys.
I have CShell open in Olly.
I am curious... How would I go about finding the PTC Commands?
I want to know also, if the addy for the command can be manipulated to make the PTC command work, as an alternative to using the PTC commands, considering the fact that for SOME reason, the PTC methods that I have gotten ahold of are not working.
I need PTC. :-/
[IMG]https://i33.photobucke*****m/albums/d55/y_owns_you/D-Vid665.png[/IMG]
Take the PTC function address. Look for commands that call that address.
That doesn't exactly help. :-\
I need like a tutorial or something on how to find certain addresses using olly.
I don't wanna hear about sigscans etc.
I just wanna know how I would go about taking an old address from last patch, and finding the new, updated one from this patch.
Explain?
That and I need a working PTC method too.
[IMG]https://i33.photobucke*****m/albums/d55/y_owns_you/D-Vid665.png[/IMG]
Right Click
Search for all reference text strings
One of many ways to find the LTClient pointer.
1. ) Search "drawguns 1"
3. ) ???Code:371A7C97 |. 8B15 50BE8137 MOV EDX,DWORD PTR DS:[3781BE50] 371A7C9D |. 8B82 08020000 MOV EAX,DWORD PTR DS:[EDX+208] 371A7CA3 |. 68 CC877137 PUSH CShell.377187CC ; ASCII "drawguns 1"
4. ) PROFITZZ
Heres a Sig I made using "Make Sig" Olly Debug plugin
Pattern
\xFA\x44\x24\x04\x50\x68\x00\x00\x00\x00\xE8\x00\x 00\x00\x00\x83\xC4\x08\xC3
Mask
xxxxxx????x????xxxx
Base Address
0x461000
Scan Size
0x4c0000