Originally Posted by -InSaNe-
This is why you use a pattern in this case which is one that contains wildcards in their byte order.
Here's a little snippet on finding a pattern in C++:
So you can use this by:
bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
if(*szMask=='x' && *pData!=*bMask)
return (*szMask) == NULL;
DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
for(DWORD i=0; i<dwLen; i++)
Eg. You have a byte pattern: 6A 32 0D 51 but the third byte is not the same even though you're sure the function or location is correct. (Same for pointers)
So the pattern for this would be: (We use the byte prefix "\x") "\x6A\x32\x0D\x51" and all patterns must have a mask map so it will be: (Third is "?") "xx?x"
So you can get the address for something by:
int HealthAddress = FindPattern ( ( DWORD )0xDEADBEEF, GetSizeOfModule ( "iw5mp.exe" ), ( PBYTE )"\x6A\x32\x0D\x51", ( char * )"xx?x" );
So for a multi pointer:
DWORD * CorrectedHealthAddress = * ( DWORD * ) * ( DWORD * ) * ( DWORD * ) ( DWORD* ) HealthAddress;