Easiest Offset to find (at the moment)

[WickedMofo]

Ok you picked a good one. However you are looking at the wrong address:
address0=4EF4E7 refers to 004EF4E0 line.

[COLOR=DarkSlateGray]Offset          [COLOR=Blue]00 01 02 03 04 05 06 [COLOR=Red]07[/COLOR] 08 09 0A 0B 0C 0D 0E 0F[/COLOR][/COLOR]
.text:004EF4E0  02 00 00 85 C9 74 08 [COLOR=Red]E8-34 EE F3 FF[/COLOR] 0F B6 E8 80

See how our code starts at 07 on line 04EF4E0 Hence 004EF4E7

.text:004EF4DD                 mov     ecx, [edi+230h]
.text:004EF4E3                 test    ecx, ecx
.text:004EF4E5                 jz      short loc_4EF4EF
[COLOR=Red].text:004EF4E7                 call    sub_42E320[/COLOR]
.text:004EF4EC                 movzx   ebp, al
 .text:004EF4EF
.text:004EF4EF loc_4EF4EF:                             ; CODE XREF: sub_4EF430+B5j

So this show you how we got the data. Gotta head out will finish later.

 

[Pepper]

oh hell bah

now i feel stupid i made the mistake. For some reason my hex wasnt anywhere near the address it should have been. I see how thats gotten now.

Of course that still leaves the crack at crack0="B0 01 90 90 90" How do you know to put the B0 01 90 90 90 here?

does this mean to jump down 1 then the rest of EE F3 FF dont do anything? If thats correct how is it came to the conclusion EE F3 FF basicly does nothing on this crack?


And here i was thinking finding the offset would be the hardest thing to do. I feel like that noob in pok begging for gear atm

 

[WickedMofo]

oh hell bah

now i feel stupid i made the mistake. For some reason my hex wasnt anywhere near the address it should have been. I see how thats gotten now.

Of course that still leaves the crack at crack0="B0 01 90 90 90" How do you know to put the B0 01 90 90 90 here?

does this mean to jump down 1 then the rest of EE F3 FF dont do anything? If thats correct how is it came to the conclusion EE F3 FF basicly does nothing on this crack?


And here i was thinking finding the offset would be the hardest thing to do. I feel like that noob in pok begging for gear atm

Ok 90 = NOP which means NO OPERATION.
B0 01 ok that is a RARE crack offset. I would have just put 90 90 90 90 90 all the way accross, but I am guessing that this is a kind of jump 1 place, so it will jump to the 90 90 90 and do NO OPERATION, then continue to go from there. I remember seeing a web page some where that had the codes for all jmps, jne, jpe, etc. Going to look it up later.

 

[WickedMofo]

Ok it makes sense now, well at least to me :

.text:004EF4D1                 pop     ebp
.text:004EF4D2                 mov     al, 1     <---- B0 01
.text:004EF4D4                 pop     ebx
.text:004EF4D5                 pop     ecx
.text:004EF4D6                 retn    4
.text:004EF4D9 ; ---------------------------------------------------------------------------
.text:004EF4D9
.text:004EF4D9 loc_4EF4D9:                             ; CODE XREF: sub_4EF430+6Bj
.text:004EF4D9                 mov     edi, [esp+10h]
.text:004EF4DD
.text:004EF4DD loc_4EF4DD:                             ; CODE XREF: sub_4EF430+50j
.text:004EF4DD                                         ; sub_4EF430+59j ...
.text:004EF4DD                 mov     ecx, [edi+230h]
.text:004EF4E3                 test    ecx, ecx
.text:004EF4E5                 jz      short loc_4EF4EF
.text:004EF4E7                 mov     al, 1  <---- B0 01
.text:004EF4E9                 nop
.text:004EF4EA                 nop
.text:004EF4EB                 nop
.text:004EF4EC                 movzx   ebp, al

What this is doing is mimicking the code above to make it match, the top one is the REAL can see invis, it jumps down to this call. Kinda hard to explain, you picked a hard one. Try one that is easier lol.

 

[Pepper]

I remember seeing a web page some where that had the codes for all jmps, jne, jpe, etc. Going to look it up later.

That would be great if you could find it. Would love to have something like that to refer to

Im pretty much enjoying this offset hunting stuff. As sad is it is id like to see another patch now just so i can try to find some before others find them