Updates in Addys And Pointers![All Enter Here]

[Dead(H)ell]

Okay i am expert in coding hacks or what ever in c++ but in finding any shit in olly i am a beginner i know how to unpack CShell but i dont know whats wrong with the addy it self like if the addy is like that :1021F334.. okay we take it and then convert it so it comes to be like this [0x21F334]thats what i learnt but in fact i found that 99% of the codes on mpgh removes that letter "F" and then put instaed of it "A" or "C" and from this add y which contains of 5-6 numbers in the base what i find that it comes to be 3-4 numbers and the letter "F" is changed so like it comes from what i said [0x21F334]to --->[0x3C4]for example thats not a real addy...so what i want to know and to learn it in same time is that what happens to the addys when you want to put them as definers for you pointers in your base thats a real example..{the addy for Basicplayerinfo) in ollllllly its like that:
PUSH 102F7734
and thats what i find under it which in lots of videos they take it:
LEA EAX,DWORD PTR SS:[ESP+3C]

so exactly in codes it comes to be like that..:
0xA02398<----[this was before the last patch](but still its the same question)how is it converted to be like that?
and if you dont know how to answer this question i request you to pm me on mpgh a message written in it all the new addys and i will really appreciate this from any one..thnx

---

If You Want To Join Master Coders Add Me on MSN Or PM Me On MPGH!
Heres The Email For MSN:
mastercoders@hotmail.com

[Zacherl]

The conversion is easy. Lets say our address in olly looks like this:
0x08E0478C

You found that address in the cshell.dll module. Open the executable module list (ALT+E) and look for the image base. Lets say its:
0x08160000

Now just subtract the image base from your address:
0x08E0478C - 0x08160000 = 0x00CA478C

[Dead(H)ell]

The conversion is easy. Lets say our address in olly looks like this:
0x08E0478C

You found that address in the cshell.dll module. Open the executable module list (ALT+E) and look for the image base. Lets say its:
0x08160000

Now just subtract the image base from your address:
0x08E0478C - 0x08160000 = 0x00CA478C

i couldnt undertsand anything from that..and subtracting what?and what images your talking about..pictures will be better lol or even a video

---

If You Want To Join Master Coders Add Me on MSN Or PM Me On MPGH!
Heres The Email For MSN:
mastercoders@hotmail.com

[kmanev073]

@Dead(H)ell
Binary_Decimal_HeX:

01_1_1
10_ 2_2
11_3_ 3
100_4_4
101_5_5
110_6_ 6
111_7_7
1000_8_8
1001_9_9
1010_10_A
1011_11_B
1100_12_C
1101_13_D
1111_14_E
10000_15_F

This will help you

[giniyat101]

@Dead(H)ell
just remove the 10 from pointers, do nothing for offsets

[CFhackerfree]

WallPointer:
0xA9748C

AmmoDamage:
0x7F8

[Dead(H)ell]

@Dead(H)ell
just remove the 10 from pointers, do nothing for offsets

so is that it?
i remove the 10 and then?i put ox..then the rest of it all after the 10?

[cc00_]

del...................

[Assassin's Creed]

so is that it?
i remove the 10 and then?i put ox..then the rest of it all after the 10?

ya.,..just get the pointer...lets say...."10A873273" ....then when u put it in C++ just make it #define pointer 0xA873273

[Dead(H)ell]

ya.,..just get the pointer...lets say...."10A873273" ....then when u put it in C++ just make it #define pointer 0xA873273

thnx @Assassin's Creed

[Zacherl]

@Dead(H)ell
just remove the 10 from pointers, do nothing for offsets

ya.,..just get the pointer...lets say...."10A873273" ....then when u put it in C++ just make it #define pointer 0xA873273

You dont know what you are doing. Removing the 10 only works, if your cshell image base in olly is EXACTLY at 0x100000000.

The image base is the base memory address for a module. These image bases can be different for each start of a program. Thats why you have to do that conversion from static offset to relative offset by subtracting the image base.

[giniyat101]

You dont know what you are doing. Removing the 10 only works, if your cshell image base in olly is EXACTLY at 0x100000000.

The image base is the base memory address for a module. These image bases can be different for each start of a program. Thats why you have to do that conversion from static offset to relative offset by subtracting the image base.

lol ofc i know this ..
when the bypass was working, i used to attach ollydbg to crossfire.exe and i see that CShell.dll loads on my pc on 3110000 (usually )

but the dll loader loads it at its original entrypoint because only the system modules are loaded on 7FXXXXXX and no more externel modules to be loaded on 10000000

[Assassin's Creed]

You dont know what you are doing. Removing the 10 only works, if your cshell image base in olly is EXACTLY at 0x100000000.

The image base is the base memory address for a module. These image bases can be different for each start of a program. Thats why you have to do that conversion from static offset to relative offset by subtracting the image base.

am just telling him the easy way

[Dead(H)ell]

am just telling him the easy way

lol i am not dumb i understood both ways

[Zacherl]

Sorry, both of you know the correct way, but this "easy" way is just confusing.

1021F334.. okay we take it and then convert it so it comes to be like this [0x21F334]thats what i learnt but in fact i found that 99% of the codes on mpgh removes that letter "F" and then put instaed of it "A" or "C"

I think the "hard" way (subtraction) explains very good, why the "F" sometimes got changed to some other value.