PathOfExile Offsets help leading my way

[arsenicdan]

Since GameHelper release it's source code for the overlay I was trying to understand how it works. So I begin learning ReverseEngineering with ASM, manipulating CheatEngine and its memory.
Now I'm in middle of a dilema.



this is the bytes pattern for that function or part of it.

I did find who access the float that increases and decreases while you change your resolution.



but the pattern is not near of what is in the Source Code.

then I did try to find the bytes from source code into the memory to see the location of that function and ofc is in other place.

Now, sure something I'm missing here, if someone can lead my way, I will be very glad. Thank you!

[darkxell133]

Use Dissassamble this memoryaddres to see the instructions these will give you the Code thats used for the array
what access this address is used if u searching for Pointer Offset or a Static value
The Array is used to access Code Pattern without any offset

[arsenicdan]

Use Dissassamble this memoryaddres to see the instructions these will give you the Code thats used for the array
what access this address is used if u searching for Pointer Offset or a Static value
The Array is used to access Code Pattern without any offset

thank you, I did find what function access this static address (green should be static right?) so no pointers are use in the code. or should I try a point scanner?



from this code and bytes, does not look like the same pattern

[Sychotix]

thank you, I did find what function access this static address (green should be static right?) so no pointers are use in the code. or should I try a point scanner?



from this code and bytes, does not look like the same pattern

Usually a single address is accessed by MANY different functions.

[darkxell133]

U can see that the marked Line has the Comment 1920 und two lines down is 1080 and that is your resolution that means u dont need to looking for what access this address
i know that ExileAPI is using the pointer to the window scale values that means when offset changing after patch u have to search for it
with the pattern u get straight to the value
and if u take a look to the memory view the first two bytes are 80 07 now swaping these bytes to 08 70 read it from right to left is 07 80 thats 1920 from Hex to Dec
1080 is 438 hex 834 readed from rigfht to left swaping bytes 38 04 and these can be found in the first row ^^
i dont know if this is helpfully for anything but its nice to know i thing ^^

[arsenicdan]

Usually a single address is accessed by MANY different functions.

I was thinking the same way, this not be that easy and find it right away as a static address.

U can see that the marked Line has the Comment 1920 und two lines down is 1080 and that is your resolution that means u dont need to looking for what access this address
i know that ExileAPI is using the pointer to the window scale values that means when offset changing after patch u have to search for it
with the pattern u get straight to the value
and if u take a look to the memory view the first two bytes are 80 07 now swaping these bytes to 08 70 read it from right to left is 07 80 thats 1920 from Hex to Dec
1080 is 438 hex 834 readed from rigfht to left swaping bytes 38 04 and these can be found in the first row ^^
i dont know if this is helpfully for anything but its nice to know i thing ^^

thank you, this changes on the bytes, is some kind of obfuscation? or what is the reason

[darkxell133]

I was thinking the same way, this not be that easy and find it right away as a static address.



thank you, this changes on the bytes, is some kind of obfuscation? or what is the reason

Mhh no not really thats more like how a processor write annd read stuff

[arsenicdan]

Mhh no not really thats more like how a processor write annd read stuff

to be really honest on x64dbg never worked directly in bytes or memory, not so advance, but I manage to learn asm and do some jumps and things over some crackme challanges, thanks for invo

[darkxell133]

I learned some of that stuff while my education to an Electrician for devices and systems there we have to Write Code direct into a 16bit Controller
it takes houers to write a Code that let some LED's blinking ^^
but there we only had 2 buttens left butten fur up, right button for save value and 2 7-segment displays to se the HEX number
and we got a spreadsheet with the ASM commands and the Byte code xD

[Sychotix]

I was thinking the same way, this not be that easy and find it right away as a static address.

A green address is already a static address that won't change on game restart. The point of a pattern is to find the function that accesses that static pointer. When the game updates, the static address will change. Now you have a pattern for the function that accessed it to look up the new static pointer.

[arsenicdan]

I learned some of that stuff while my education to an Electrician for devices and systems there we have to Write Code direct into a 16bit Controller
it takes houers to write a Code that let some LED's blinking ^^
but there we only had 2 buttens left butten fur up, right button for save value and 2 7-segment displays to se the HEX number
and we got a spreadsheet with the ASM commands and the Byte code xD

I really love ASM and things you can do with it, and I feel hype to discover this with the game I like, I also register to guided hacking to learn more.

A green address is already a static address that won't change on game restart. The point of a pattern is to find the function that accesses that static pointer. When the game updates, the static address will change. Now you have a pattern for the function that accessed it to look up the new static pointer.

I also find very useful information about the SkipToBytes function on GameHelper



Now I understand that the .exe have a lot of bytes in there so the pattern is the optimal way to find a place in a memory then use SkipToBytes to go to that byte [value] and use it in code

[GameHelper]

Since GameHelper release it's source code for the overlay I was trying to understand how it works. So I begin learning ReverseEngineering with ASM, manipulating CheatEngine and its memory.
Now I'm in middle of a dilema.



this is the bytes pattern for that function or part of it.

I did find who access the float that increases and decreases while you change your resolution.



but the pattern is not near of what is in the Source Code.

then I did try to find the bytes from source code into the memory to see the location of that function and ofc is in other place.

Now, sure something I'm missing here, if someone can lead my way, I will be very glad. Thank you!

I just tested the "Alternative approach" and it's working fine.

you have missed the part where it says MAX = 1.0 MIN = 0.3
your results show weird values i.e. 800, 600, 1920, etc.
all values should be between 0.3 and 1.0.