k Im going to try and explain how I found a new PTC address, I dont know why a lot of people here are calling it "pointers" there is no pointers(do you guys actually know what a pointer is?) .. let me show you what I was using in the hotkey hacks
Code:
Const
dwPtcAddr = $00485E10;
....
....
....
Procedure Pushit (const PCharCommand: PChar);
asm
PUSH PCharCommand
MOV EAX, dwPtcAddr
CALL EAX
ADD ESP, $00000004
end;
end.
Very simple yeah.. and no pointers, it actually worked very good and has worked for a few months now as I also used this address last year but in a "Gordons" method way.
Anyway lets look in Olly at this address.
Code:
00485E10 /$ 8B4424 04 MOV EAX,[ESP+4]
00485E14 |. 50 PUSH EAX
00485E15 |. 68 F0238000 PUSH 008023F0
00485E1A |. E8 A1EDFFFF CALL 00484BC0
00485E1F |. 83C4 08 ADD ESP,8
00485E22 \. C3 RET
we can see two things that stick out here, it pushes "008023F0" to the stack and Calls address 00484BC0 then returns to its caller + 8.
Btw I still don't see any of this infamous "pointers", one more thing to take note of is in the info panel
Code:
Local calls/jumps from 0046FA66, 004FB070, 004FB09C, 004FB0C8, 004FB0F7, 004FB4EE, 004FB51A, 004FB546, 004FB575
This means everyone of these addresses Calls this address(00485E10), Try and remember this basic thing as it will help you find other addresses to use in the future. SO with that in mind lets look at the address that PTC(00485E10) calls, in this case it calls 00484BC0.
Code:
00485E1A |. E8 A1EDFFFF CALL 00484BC0
Now think logically here, We call 00485E10 so it calls 00484BC0, what if there are other address that also call 00484BC0? would it make sense we could use the others address if found instead of this one? Answer is yes, simply right click on "Call 00484BC0" and in the menu "Find Reference to---->Call Destination" now you see a huge list of addresses that call this, Go and analyze them and you will find a couple you can use as an alternative to 00485E10.. And btw Still no "Pointers" seen here.
Also If this address(00485E10) is NOT detected as people claim why is my hotkey hack not working for PTC, everything else still works? but PTC works once I use another address using the method described above.