14A817B80 is the adress
NightmareTx was kind enough to post it a few days ago
any chance someone could post a small memory dump for of the offset data validation.
just a few bytes before and after the offset, i would just like to examine that area, via hex, i don't have aw for pc thats why i'm asking.
14A817B80 is the adress
NightmareTx was kind enough to post it a few days ago
I know what the address is, but that wasn't what i was looking for. what i was looking for was a hex dump of where the offset is located. a few bytes before the above offset and a few bytes after.
i don't have aw for pc so the offset isn't much use to me. i'm just really after a dump of that generally area.
hex:Code:.data:000000014A817B6F db 0 .data:000000014A817B70 unk_14A817B70 db 0C6h ; ã ; DATA XREF: .data:off_140C26A00o .data:000000014A817B71 db 9Bh ; ø .data:000000014A817B72 db 0ACh ; ¼ .data:000000014A817B73 db 40h ; @ .data:000000014A817B74 db 1 .data:000000014A817B75 db 0 .data:000000014A817B76 db 0 .data:000000014A817B77 db 0 .data:000000014A817B78 db 0 .data:000000014A817B79 db 0 .data:000000014A817B7A db 0 .data:000000014A817B7B db 0 .data:000000014A817B7C db 5 .data:000000014A817B7D db 0 .data:000000014A817B7E db 0 .data:000000014A817B7F db 0 .data:000000014A817B80 db 1 .data:000000014A817B81 db 0 .data:000000014A817B82 db 0 .data:000000014A817B83 db 0 .data:000000014A817B84 db 0 .data:000000014A817B85 db 0 .data:000000014A817B86 db 0 .data:000000014A817B87 db 0 .data:000000014A817B88 db 74h ; t .data:000000014A817B89 db 0 .data:000000014A817B8A db 0 .data:000000014A817B8B db 0 .data:000000014A817B8C db 0 .data:000000014A817B8D db 0 .data:000000014A817B8E db 0 .data:000000014A817B8F db 0 .data:000000014A817B90 db 1 .data:000000014A817B91 db 0 .data:000000014A817B92 db 0
Code:000000014A817A90 00 00 00 00 80 4F 12 00 18 00 00 00 00 00 00 00 ....ÇO.......... 000000014A817AA0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000014A817AB0 0A 9C AC 40 01 00 00 00 00 00 00 00 05 00 00 00 .£¼@............ 000000014A817AC0 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817AD0 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817AE0 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817AF0 00 00 00 00 02 00 00 00 18 00 00 00 00 00 00 00 ................ 000000014A817B00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000014A817B10 22 9C AC 40 01 00 00 00 00 00 00 00 05 00 00 00 "£¼@............ 000000014A817B20 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817B30 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817B40 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817B50 00 00 00 00 01 00 00 00 18 00 00 00 00 00 00 00 ................ 000000014A817B60 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000014A817B70 C6 9B AC 40 01 00 00 00 00 00 00 00 05 00 00 00 ãø¼@............ 000000014A817B80 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817B90 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817BA0 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817BB0 00 00 00 00 01 00 00 00 00 00 00 00 08 01 00 00 ................ 000000014A817BC0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000014A817BD0 E1 9B AC 40 01 00 00 00 00 00 00 00 05 00 00 00 ßø¼@............ 000000014A817BE0 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817BF0 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817C00 01 00 00 00 00 00 00 00 74 00 00 00 00 00 00 00 ........t....... 000000014A817C10 00 00 00 00 01 00 00 00 00 00 00 00 08 01 00 00 ................ 000000014A817C20 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000014A817C30 CC D5 AC 40 01 00 00 00 00 20 00 00 05 01 00 00 ¦i¼@..... ...... 000000014A817C40 00 00 00 00 00 00 00 00 60 FB 0E 00 00 00 00 00 ........`¹...... 000000014A817C50 00 00 00 00 00 00 00 00 60 FB 0E 00 00 00 00 00 ........`¹...... 000000014A817C60 00 00 00 00 00 00 00 00 F8 FF FF 7F 00 00 00 00 ........°**..... 000000014A817C70 00 00 00 00 10 00 00 00 18 00 00 00 00 00 00 00 ................ 000000014A817C80 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000014A817C90 D9 D5 AC 40 01 00 00 00 02 00 00 00 00 00 00 00 +i¼@............ 000000014A817CA0 01 00 00 00 00 00 00 00 F8 FF FF 7F 00 00 00 00 ........°**..... 000000014A817CB0 01 00 00 00 00 00 00 00 F8 FF FF 7F 00 00 00 00 ........°**..... 000000014A817CC0 01 00 00 00 00 00 00 00 F8 FF FF 7F 00 00 00 00 ........°**..... 000000014A817CD0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000014A817CE0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ................ 000000014A817CF0 1D C9 AC 40 01 00 00 00 00 00 00 00 05 00 00 00 .+¼@............ 000000014A817D00 00 00 00 00 00 00 00 00 F7 FF FF 7F 00 00 00 00 ........¸**..... 000000014A817D10 00 00 00 00 00 00 00 00 F7 FF FF 7F 00 00 00 00 ........¸**.....
FBI got my PC...Hardcore cheating is paused atm..
Editing failed so you can merge the posts
the address comes from
0x14A817B70 + 0x10 -> .data:000000014A817B70 unk_14A817B70 db 0C6h ; ã ; DATA XREF: .dataff_140C26A00o
leads back to
and back toCode:.data:0000000140C26A00 off_140C26A00 dq offset unk_14A817B70 ; DATA XREF: sub_14013D3D0+2Fw .data:0000000140C26A00 ; sub_14013D570+4r ...
offset 0x140C26A00 being loaded in raxCode:.text:000000014013D570 sub_14013D570 proc near ; CODE XREF: sub_14013E3B0+4EAp .text:000000014013D570 sub rsp, 28h .text:000000014013D574 mov rax, cs:off_140C26A00 .text:000000014013D57B test rax, rax .text:000000014013D57E jz short loc_14013D5A0 .text:000000014013D580 cmp dword ptr [rax+10h], 0 .text:000000014013D584 jz short loc_14013D5A0 .text:000000014013D586 lea rcx, aS_ReportIssueA ; "%s. Report issue and set 'data_validati"... .text:000000014013D58D call sub_1405DB9D0 .text:000000014013D592 xor ecx, ecx .text:000000014013D594 mov rdx, rax .text:000000014013D597 add rsp, 28h .text:000000014013D59B jmp sub_1404E12D0
cmp dword ptr [rax+10h], 0 -> rax+10 being compared to 0 (is tamper check on or off)
tracing it all back resulted in the original address
All credit to NightmareTX for finding it
Last edited by distiny; 11-10-2014 at 06:01 AM.
FBI got my PC...Hardcore cheating is paused atm..
Editing failed so you can merge the posts
the address comes from
0x14A817B70 + 0x10 ->leads back toCode:.data:000000014A817B70 unk_14A817B70 db 0C6h ; ã ; DATA XREF: .data:off_140C26A00o
and back toCode:.data:0000000140C26A00 off_140C26A00 dq offset unk_14A817B70 ; DATA XREF: sub_14013D3D0+2Fw .data:0000000140C26A00 ; sub_14013D570+4r ...
offset 0x140C26A00 being loaded in raxCode:.text:000000014013D570 sub_14013D570 proc near ; CODE XREF: sub_14013E3B0+4EAp .text:000000014013D570 sub rsp, 28h .text:000000014013D574 mov rax, cs:off_140C26A00 .text:000000014013D57B test rax, rax .text:000000014013D57E jz short loc_14013D5A0 .text:000000014013D580 cmp dword ptr [rax+10h], 0 .text:000000014013D584 jz short loc_14013D5A0 .text:000000014013D586 lea rcx, aS_ReportIssueA ; "%s. Report issue and set 'data_validati"... .text:000000014013D58D call sub_1405DB9D0 .text:000000014013D592 xor ecx, ecx .text:000000014013D594 mov rdx, rax .text:000000014013D597 add rsp, 28h .text:000000014013D59B jmp sub_1404E12D0
cmp dword ptr [rax+10h], 0 -> rax+10 being compared to 0 (is tamper check on or off)
tracing it all back resulted in the original address
All credit to NightmareTX for finding it
FBI got my PC...Hardcore cheating is paused atm..