aghisna128 (03-17-2015),lannyboy (07-26-2012),ParkII (07-25-2012),src36 (07-03-2013),vanko97 (08-15-2012)
First of all for this tutorial you may need OllyDBG (or any other debugger but I will use Olly), so if you don't have OllyDBG just google it and download it's free.
So yeah now this tutorial is pretty easy, all what you have to do is to use your logic and everything will go smooth. First of all you may need a little knowledge of ASM (no need for the basics at all just a little knowledge I said).
So go ahead and remember: the offsets found in this tut might not work, I am just showing you the basic concepts of finding an offset.
We are going to find the offset for the command which sends a text in the chat. For this we need to scan the memory of the game for any strings located inside, and then filter our desired one.
So start with Opening Olly and then Go to: File->Open... and select "PBlackout.exe". Then right-click inside the window and select "Search For->All Referenced Text Strings".
Now a new window may appear and there you can see the strings in the memory. Right-Click inside that window and select "Search For Text", in the window that will appear enter the text "[%s] %s" (since when we send a message in-game it appears in the corner with the following format: "[PlayerName] Message"). Deselect the box "Case Sensitive" and select the box "Entry Scope". You will end up in the following line:
Then double-click on that line or press Enter and you may see that you've been redirected to the first window and the first thing that you will notice is that the selected line is the same as in the strings window. The following 3 lines of code are our key As of now we see that only 1 argument is pushed (our text), the game will take care of EAX by itself, which means that we don't have to work hard with this one
The function as of now is:
Next you may see that there is a line with the code "CALL" which means that it calls a function in the specific address of the process.Code:void __cdecl PushTextToChat(char* text) { }
Now all what you have to do is to copy the code fromCode:006F8179 |. E8 A2E5D0FF |CALL PBlackou.00406720 ;PBlackout.00406720 -> The offset of our function is 00406720 (which is a HEX btw)
Add it to our function, and it will end up like this:Code:006F816D |. 68 2CC89B00 |PUSH PBlackou.009BC82C ; ASCII "[%s] %s" TO: 006F817E |. 83C4 10 |ADD ESP,10
Code:void __cdecl PushTextToChat(char* text) { DWORD pointer = 0x406720; __asm{ push text lea eax, dword ptr ss:[ebp-218] push eax call pointer add esp, 10 }; }
We're done
aghisna128 (03-17-2015),lannyboy (07-26-2012),ParkII (07-25-2012),src36 (07-03-2013),vanko97 (08-15-2012)
wow Good Tutorial ..
+REP...
♪~ ᕕ(ᐛ)ᕗ (07-25-2012)
Wow Awesome Job, , I Repped you aswell..
♪~ ᕕ(ᐛ)ᕗ (07-26-2012)
Get this section alive horatio! Good job .
Just as an update: Every variable or struct that you might want to get is stored under the addy at:
So if you want to get a specific object from the game's memory you gotta search a string reference about that object and find the MOV DWORD.... also remember that every object has its own related body in the diassembler, which means that not every line containing "MOV DWORD PTR SS:[ADDY], EAX" is the right one.Code:MOV DWORD PTR DS:[ADDY],EAX
Would like to say it's a good tutorial xD thanks " every day you learn smth new "
CAN u do a tut on how to add wepon addyes with CE plz :3 ?
How Do you Guys Call It..??
Via Detour..??
or call it in a thread this way...??Code:PushTextToChat("something i wanna say");
thanks..