thanks helped me a lot
thanks helped me a lot
Looks good man +Rep x2
Check out my YouTube: SkeetzGaming
Step #5 IDA Pro 5.2
What have i done wrong ?
oh my god, this what i finding ! very very nice post + rep
very nice tutorial but i have an proplem i have no idea what code i should use to read the memory or select the proces sory for my bad english but i hope anyone understand my proplem and i hope that anyone can give me a example
better late...
this is AWSOME!
HOW!? could I have missed this?? >.<
thanks a lot + rep
uhh so this mean that in the 4.0.3 patch the offset for
minimapzonetext
eax, dword_D8167C
//how come this wont work...
the offsets, that were listed, in another post, state that the address im looking for is this one.
However, via ida, D8167C Says that this is the correct address
0x98F68C
is there, some algorithm to calculate the Address?
Last edited by Neffarian; 11-19-2010 at 07:02 AM.
IDA's address is 0x00400000 over the address the forum members give you because the BaseAddress is different when running the program. I'm not sure in your case though.
Very Nice Tutorial especially for me as a beginner I have only one question to your c# code. +Rep
i cannot code a lot in c# so.. why do you write a "30" at the end of SMemory.ReadUInt? How do i know what number i have to enter there because i already read another tutorial about memory editing with c# an there was a 12.Code:SMemory.ReadUInt(mp.WindowHandle,0x113D778), 30);
Command in the other tut was a little bit different
Maybe anyone can explain it to me or give me a reference that i can look it up / learn it on my own ?Code:string Name = WoW.ReadASCIIString(0xAdress, 12);
Would be nice
With all due respect, you need to learn to program before you will be ready to enter this part of the forum.
Thanks but I would like to learn about offset-base relation of address. What the offsets are, what the base is, what operation is required to find the data. If someone could enlight me, I'll be appriciated. It may be simple for an expert, but hard at first time.
(In before nerd rage, Im not a programming newbie. Just new on memory editting)
Awesome! This is a great tutorial! Hopefully now I can know how to do this kind of stuff! Rep+
Thank you guys, your are all awesome, I appreciate your help to the Newbs!!!
---------- Post added at 05:44 AM ---------- Previous post was at 05:42 AM ----------
That is because the function called does not return to the caller, we atleast from what I read... Its not IDA screwing up, this feature was introduced in 5.1, hxxp://www.datarescue.com/idabase/ida51news.pdf
NORET-ANALYSIS
IDA performs the “no-return” analysis for all functions. It finds out if a particular function returns to the caller or not. This analysis greatly improves the listing quality because many wrong execution paths are detected and truncated at early stages. The user can use the Edit Function dialog box to assist IDA in difficult cases.
This analysis option can be turned on or off in the IDA.CFG file using the AF2_ANORET bit. By default it is active for the x86 processor.
---------- Post added at 05:52 AM ---------- Previous post was at 05:44 AM ----------
Well, the base address you gave (not exactly the Base Address *but close*) is not always going to be 400000, it all depends on the compiler, and mostly on the the PE loader, the loader decides where it will be mapped in. This is why we have 2 types of Addresses, VA(On disk/file) and RVA(In memory). I believe (correct me if I am wrong) RVA = VA-BASE ADDRESS
---------- Post added at 05:54 AM ---------- Previous post was at 05:52 AM ----------
Is he in the Resource section (or is that what they call the data section (.rdata)
Where is the C decompilation plugin?
Last edited by Flushie; 01-02-2011 at 06:05 AM.