CF Proplem

[moathebest]

Guys when i made a base for the hack "_CShell" and i try to open CF it gives me this proplem W[2007] L[0] CShell is changed...
and where is the add or offset in this:



10134B98 . 68 4C4C2F10 PUSH _CShell.102F4C4C ; ASCII "ReloadAnimRatio"

[Brimir]

Guys when i made a base for the hack "_CShell" and i try to open CF it gives me this proplem W[2007] L[0] CShell is changed...

That doesn't mather. Its becouse some one dumpt it. You can make your own "dump". It is easy and you alway's have the last addies.
Load Cshell.dll in to a procces. Then freeze it.
Attach olly. Done.

and where is the add or offset in this:
10134B98 . 68 4C4C2F10 PUSH _CShell.102F4C4C ; ASCII "ReloadAnimRatio"

Where the (class + and offset) gets called.

Code:

10131D68    68 040D2F10                 PUSH 102F0D04                                                                                              ; ASCII "ReloadAnimRatio"
10131D6D    D998 98260000               FSTP DWORD PTR DS:[EAX+2698]
10131D73    55                          PUSH EBP
10131D74    E8 57D41700                 CALL 102AF1D0
10131D79    83C4 08                     ADD ESP,8
10131D7C    85C0                        TEST EAX,EAX
10131D7E    74 46                       JE SHORT 10131DC6
10131D80    8B48 04                     MOV ECX,DWORD PTR DS:[EAX+4]
10131D83    8B51 04                     MOV EDX,DWORD PTR DS:[ECX+4]
10131D86    8B0D E85EA610               MOV ECX,DWORD PTR DS:[10A65EE8]
10131D8C    85C9                        TEST ECX,ECX
10131D8E    8B5A 04                     MOV EBX,DWORD PTR DS:[EDX+4]
10131D91    74 0E                       JE SHORT 10131DA1
10131D93    A1 EC5EA610                 MOV EAX,DWORD PTR DS:[10A65EEC]
10131D98    2BC1                        SUB EAX,ECX
10131D9A    C1F8 02                     SAR EAX,2
10131D9D    3BF0                        CMP ESI,EAX
10131D9F    72 08                       JB SHORT 10131DA9
10131DA1    FFD7                        CALL EDI
10131DA3    8B0D E85EA610              MOV ECX,DWORD PTR DS:[10A65EE8]
10131DA9    53                          PUSH EBX
10131DAA    8D3CB1                     LEA EDI,DWORD PTR DS:[ECX+ESI*4]
10131DAD    90                          NOP
10131DAE    E8 C2FF3A62                 CALL MSVCR80.atof
10131DB3    D95C24 14                   FSTP DWORD PTR SS:[ESP+14]
10131DB7    D94424 14                   FLD DWORD PTR SS:[ESP+14]
10131DBB    8B07                        MOV EAX,DWORD PTR DS:[EDI]
10131DBD    D998 98260000               FSTP DWORD PTR DS:[EAX+2698]
10131DC3    83C4 04                     ADD ESP,4

You need to learn how this works The address in here is the address of the class.
The offset is the place in the class.

In this case, it isn't a class. But I'm not going to bother you with this :P

[moathebest]

So what u are saying is the offset or addy is:

68 040D2F10

[Brimir]

Uhh, no.
You need to learn assambly first.

On the left is the location in the proccess. Then you have the bytes on that address till the next address. Then you have the bytes translated.

[moathebest]

Or u are saying that the add is a part the address:
the address:
10131D68
Or u are saying that there is no addy or offset in this? and Why???

sry am a little dumb in Olly and C++

[Brimir]

Or u are saying that the add is a part the address:
the address:
10131D68
Or u are saying that there is no addy or offset in this? and Why???

Just read what I typed xD And I markt the parts that you need xD

Code:

10131D68    68 040D2F10                 PUSH 102F0D04                                                                                              ; ASCII "ReloadAnimRatio"
10131D6D    D998 98260000               FSTP DWORD PTR DS:[EAX+2698]
10131D73    55                          PUSH EBP
10131D74    E8 57D41700                 CALL 102AF1D0
10131D79    83C4 08                     ADD ESP,8
10131D7C    85C0                        TEST EAX,EAX
10131D7E    74 46                       JE SHORT 10131DC6
10131D80    8B48 04                     MOV ECX,DWORD PTR DS:[EAX+4]
10131D83    8B51 04                     MOV EDX,DWORD PTR DS:[ECX+4]
10131D86    8B0D E85EA610               MOV ECX,DWORD PTR DS:[10A65EE8]
10131D8C    85C9                        TEST ECX,ECX
10131D8E    8B5A 04                     MOV EBX,DWORD PTR DS:[EDX+4]
10131D91    74 0E                       JE SHORT 10131DA1
10131D93    A1 EC5EA610                 MOV EAX,DWORD PTR DS:[10A65EEC]
10131D98    2BC1                        SUB EAX,ECX
10131D9A    C1F8 02                     SAR EAX,2
10131D9D    3BF0                        CMP ESI,EAX
10131D9F    72 08                       JB SHORT 10131DA9
10131DA1    FFD7                        CALL EDI
10131DA3    8B0D E85EA610              MOV ECX,DWORD PTR DS:[10A65EE8]
10131DA9    53                          PUSH EBX
10131DAA    8D3CB1                     LEA EDI,DWORD PTR DS:[ECX+ESI*4]
10131DAD    90                          NOP
10131DAE    E8 C2FF3A62                 CALL MSVCR80.atof
10131DB3    D95C24 14                   FSTP DWORD PTR SS:[ESP+14]
10131DB7    D94424 14                   FLD DWORD PTR SS:[ESP+14]
10131DBB    8B07                        MOV EAX,DWORD PTR DS:[EDI]
10131DBD    D998 98260000               FSTP DWORD PTR DS:[EAX+2698]
10131DC3    83C4 04                     ADD ESP,4

sry am a little dumb in Olly and C++

I can see that xD

[moathebest]

WOHOO now i know the addy:
10A65EE8]

but do i put 0x before it?? and what is:
LEA EDI,DWORD PTR DS:[ECX+ESI*4]

and:
MOV EAX,DWORD PTR DS:[EDI]
EAX+2698]
if u are bored from me its ok and thanks for all of ur help

[Brimir]

Just learn C++ and assambly xD lolz.