Objective
Ÿ Health
Ÿ Rifle Ammo
Ÿ Pistol Ammo
Ÿ Player Pointer
0x01 player health
Find the player's health value, the player's health value is 100, but we don't know the type of value, we can use the exact search method to search for 100-all types of
CE search
results are many, we can use grenades to reduce the blood volume,
we will get two results
We can try to change the value, and finally found that one is our client health value, and the other is the server health value. The focus of our analysis is on the client side. This is the invincible effect that can be achieved by modifying the server in stand-alone mode, but it does not not the focus of the analysis.
Right-click to change the address and choose to find what changed the address, enter the game and continue to let the grenade change the health value.
Let us remember this address, OD attach the game and then go to this address (unfortunately the game crashed halfway, we started from the beginning again, so the address must be different later) 0x03 base address and peripheral data
analysis
Now we start to look for the base address, so that the next time you open the game, you won't be afraid of changing the address where the player's health value is stored.
[edx+0xF8] is the address of the player’s health value. edx comes from eax
eax comes from the above call.
There are still many running logics in the call. Let’s debug the running logic at the F2 breakpoint.
According to the debugging analysis, eax comes from
the final expression of [0x50F4F4] The formula is as follows
[0x50F4F4+0xF8]
Open the CE data structure analysis, we fill in 0x50F4F4, the first one is very similar to our player object,
we add a few BOTs
just seven object pointers,
the preliminary analysis may be the map player coordinates
offset 150 rifle ammunition
offset 13C pistol ammunition
offset Shift 128 rifle spare ammunition
Offset 114 Pistol Spare Ammo
At this point, the entire data analysis is almost done, basically all in the vicinity.