How to find a offset

**♪~ ᕕ(ᐛ)ᕗ** · 07-25-2012

First of all for this tutorial you may need OllyDBG (or any other debugger but I will use Olly), so if you don't have OllyDBG just google it and download it's free.

So yeah now this tutorial is pretty easy, all what you have to do is to use your logic and everything will go smooth. First of all you may need a little knowledge of ASM (no need for the basics at all just a little knowledge I said).

So go ahead and remember: the offsets found in this tut might not work, I am just showing you the basic concepts of finding an offset.

We are going to find the offset for the command which sends a text in the chat. For this we need to scan the memory of the game for any strings located inside, and then filter our desired one.

So start with Opening Olly and then Go to: File->Open... and select "PBlackout.exe". Then right-click inside the window and select "Search For->All Referenced Text Strings".

Now a new window may appear and there you can see the strings in the memory. Right-Click inside that window and select "Search For Text", in the window that will appear enter the text "[%s] %s" (since when we send a message in-game it appears in the corner with the following format: "[PlayerName] Message"). Deselect the box "Case Sensitive" and select the box "Entry Scope". You will end up in the following line:

Then double-click on that line or press Enter and you may see that you've been redirected to the first window and the first thing that you will notice is that the selected line is the same as in the strings window. The following 3 lines of code are our key

As of now we see that only 1 argument is pushed (our text), the game will take care of EAX by itself, which means that we don't have to work hard with this one

The function as of now is:

Code:

void __cdecl PushTextToChat(char* text)
{
}

Next you may see that there is a line with the code "CALL" which means that it calls a function in the specific address of the process.

Code:

006F8179  |. E8 A2E5D0FF    |CALL PBlackou.00406720         ;PBlackout.00406720 -> The offset of our function is 00406720 (which is a HEX btw)

Now all what you have to do is to copy the code from

Code:

006F816D  |. 68 2CC89B00    |PUSH PBlackou.009BC82C                  ;  ASCII "[%s] %s"

TO:

006F817E  |. 83C4 10        |ADD ESP,10

Add it to our function, and it will end up like this:

Code:

void __cdecl PushTextToChat(char* text)
{
      DWORD pointer = 0x406720;
      __asm{
              push text
              lea eax, dword ptr ss:[ebp-218]
              push eax
              call pointer
              add esp, 10
     };
}

We're done

**ParkII** · 07-25-2012

wow Good Tutorial ..

+REP...

**♪~ ᕕ(ᐛ)ᕗ** · 07-25-2012

Originally Posted by ParkII

wow Good Tutorial ..

+REP...

Well thank you

**Reflex-** · 07-25-2012

Wow Awesome Job,

, I Repped you aswell..

**♪~ ᕕ(ᐛ)ᕗ** · 07-26-2012

Originally Posted by Entourage

Wow Awesome Job,

, I Repped you aswell..

Thanks nigga

**[MPGH]Time** · 07-26-2012

Get this section alive horatio! Good job .

**♪~ ᕕ(ᐛ)ᕗ** · 07-26-2012

Originally Posted by Time

Get this section alive horatio! Good job .

I'm such a badass and u remember my old name?

**♪~ ᕕ(ᐛ)ᕗ** · 07-28-2012

Just as an update: Every variable or struct that you might want to get is stored under the addy at:

Code:

MOV DWORD PTR DS:[ADDY],EAX

So if you want to get a specific object from the game's memory you gotta search a string reference about that object and find the MOV DWORD.... also remember that every object has its own related body in the diassembler, which means that not every line containing "MOV DWORD PTR SS:[ADDY], EAX" is the right one.

**BlackSock** · 08-03-2012

Would like to say it's a good tutorial xD thanks " every day you learn smth new "

**lannyboy** · 08-03-2012

Originally Posted by Richard Nixon

Just as an update: Every variable or struct that you might want to get is stored under the addy at:

Code:

MOV DWORD PTR DS:[ADDY],EAX

So if you want to get a specific object from the game's memory you gotta search a string reference about that object and find the MOV DWORD.... also remember that every object has its own related body in the diassembler, which means that not every line containing "MOV DWORD PTR SS:[ADDY], EAX" is the right one.

normally, they are using "push addy" instead of "mov dword pt ss:[addy], eax".

**♪~ ᕕ(ᐛ)ᕗ** · 08-04-2012

Originally Posted by lannyboy

normally, they are using "push addy" instead of "mov dword pt ss:[addy], eax".

Why push addy? It doesn't store anything, push is used to push in a parameter...

**iservefemales** · 08-20-2012

CAN u do a tut on how to add wepon addyes with CE plz :3 ?

**almar2023** · 01-29-2013

How Do you Guys Call It..??

Via Detour..??

or call it in a thread this way...

Code:

PushTextToChat("something i wanna say");

??

thanks..

**KirkNthePugs** · 06-14-2014

?????????????

**ugfyghkjugfhcghjukgfhgh** · 10-25-2015

THANK YOUU!!

Thread: How to find a offset

Thread Tools

Display

How to find a offset

The Following 5 Users Say Thank You to ♪~ ᕕ(ᐛ)ᕗ For This Useful Post:

The Following User Says Thank You to ParkII For This Useful Post:

The Following User Says Thank You to Reflex- For This Useful Post:

Similar Threads

[Help] Please help me how to find this offset?

[Help] how to find this offset in pointBlank please tell it here

[Help] How do you find unusual offsets?

[Tutorial] How to: Find Offsets

[Help] How to find offsets and addresses