1)
Offset is a value delta
For example:
x1 = 2
x2 = 6
Δx = 4 <-- offset for x1 to get x2 (x1 + Δx = x2)
2)
All variables got their place in the memory
For example:
Player health is stored at 0x10A000 runtime
When we get the base address of the process (0x100000 in this example)
we can calculate the delta (aka. offset) for the health so it will work every application launch
0x10A000 - 0x100000 = 0xA000 <--- offset for health
We need them to locate that variable in memory and modify it
~Note: it's a REALLY basic example, some offsets got multiple levels and they are not that easy to find
3)
Application structures / functions can be changed so we have to find new offsets.
They CAN change but don't have to. Depends what changes are made to the app / game.
Example before update:
To get the team variable in this structure we need a 0x4 + 0x4 * 3 = 0x10 offsetCode:struct Player { int health; float x; float y; float z; int team; <-- we want this }
Example after update:
Now the 0x10 offset points to state variable which is wrong!Code:struct Player { int health; float x; float y; float z; int state; <-- offset points here int team; }
We have to find the new offset which will be 0x14 now