Character attributes
1. Find an attribute that can control changes, such as blood volume, coordinates or five baht (bound gold coins). Here we use five baht to find
Five baht will add a little bit as long as you kill a monster.
2. We can directly search for the change and find the five baht address = 0AD64EAC
3. Our CE gives us access to the address
4. Here we finally find the first access because it has been changed or your CE writes to the address.
5. Then we put the address in XDBG to find it
6. Let’s cut it off here and kill a mob.
7. After disconnection, ECX=0AD5C0FC. What we are looking for is the source of ECX.
8.CTRL+F9 Return to the above picture mov ecx,esi So we continue to find the source of ESI
9. Scroll up and find that the previous code is confused. Ignore it for now. We return to one level in (CTRL+F9)
10. After returning to the previous level, here is the second return
11. Let’s go to the next section again, press F7 to enter or press Enter directly.
12. After we went in, we found that there was no confusion. There was an ESI. Let’s fight the monsters and see in the next section.
13. Sure enough it’s him ESI=0AD5C0FC
14.[EAX+98]+8DB0, we continue to look for EAX, the source of EAX is the upper layer CALL
15. Defeat the monsters
16.Eax was finally copied by [ECX+14]
17. ECX simply directly sources the [21D8630] base address from the upper layer.
18. Okay, here we get an offset expression: [[[21D8630]+14]+98]+8DB0
Verify data accuracy
1.[[[21D8630]+14]+98]+8DB0
2. That’s right, that’s it!!
3. So far we have determined: [[[21D8630]+14]+98] This layer is the character attribute object
Using the Person Object to Find Other Attributes
1. We can find other data in this layer
2. Use memory traversal tools or CE, for example: search blood volume
3. Five baht address = 0AD64EAC. I found an address not far from him.
4. Then it’s him. Calculate and find the offset of the blood volume!
5. Okay, it’s over here. It feels quite simple. Thank you everyone for supporting Di University.