Results 1 to 5 of 5
  1. #1
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10

    [Guide] Finding pointers and offsets with CE and OllyDbg

    This is a method for finding pointers in a non protected game with OllyDbg (HP in Knight Online “KO”)

    1. Open your favorite memory editor and find your HP.

    2. Open olly and attach it to KO.

    3. Anywhere in the hex dump right click and choose "Go to" > "Expression".

    4. Enter the address of your HP found by the memory editor and press OK.
    This will take you to that address in the hex dump.

    5. Right click on your HP in the hex dump and choose "Breakpoint" > "Hardware, on access" > "Dword".
    What we're doing here is telling olly to break on any code that accesses a dword value at 0x02559A3C. (Your address will more than likely be different)

    6. If KO is paused hit run then go ingame and do something that will affect your HP (get hit by a mob)
    Olly will pause KO when you get hit or your HP is modified.
    As you can see from the pic below olly breaks at 0x007A7ED7 however if you look at the bottom you'll see "Hardware breakpoint 1 at KnightOn.007A7ED7 - EIP points to next instruction", this is just olly's cryptic way of saying
    that the previous instruction caused the break (0x007A7ED1).
    So you can see the offset at 0x007A7ED1 straight away is 0x594 and whatever is in EAX is the pointer.
    To find out what goes into EAX just read the instructions previous to 0x007A7ED1, you will find that
    0x007A7EC8 - MOV EAX,DWORD PTR DS:[B6D38C] sets EAX.
    So the pointer is 0x00B6D38C and the offset to current hp is +0x594

    Notes:
    Never add software (int3) breakpoints to data, this will cause the program to crash
    To remove a hardware breakpoint choose "Debug" > "Hardware breakpoints" from the file menu.
    Everything with olly is done with hex with the exception that the data dump window can be changed to what ever type you like by right clicking and choosing the appropriate type.

    You can integrate Olly into windows to make it the Just-In-Time debugger. To do it go to "Options" then "Just-in-time debugging" then press "Make OllyDbg just-in-time debugger" (1).
    This will allow you to attach Olly to a process via the Task Manager (2) and this will also let Olly debug a crashed program.

    by frognik
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  2. #2
    SaptaAgunk
    SaptaAgunk is offline
    New member SaptaAgunk's Avatar
    Join Date
    2010 Dec
    Posts
    13
    Thanks Thanks Given 
    14
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    so.. what if the offset and base pointer is always updated or changed every day?

    whether we can make a search offset and automatic pointers and then also will automatically write to the source code?
    so we do not need to change the offset in the source code!

    and whether it could be made in the form of injection, etc. or "exe"?

    if can, how it menbuat?

    please answer it!

    Thank you before ..

  3. #3
    Dwar
    Dwar is offline
    Veteran Dwar's Avatar
    Join Date
    2010 Mar
    Posts
    2,222
    Thanks Thanks Given 
    211
    Thanks Thanks Received 
    2,230
    Thanked in
    292 Posts
    Rep Power
    10
    Quote Originally Posted by SaptaAgunk View Post
    what if the offset and base pointer is always updated or changed every day
    Make opcode finder and every time when you run your app finder will get necessary data. The same techniques I used in darBOI for Battle Of the Immortal, 'coz there is no static base address
    Please, post your questions on forum, not by PM or mail

    I spend my time, so please pay a little bit of your time to keep world in equilibrium

  4. #4
    ferchoman
    ferchoman is offline
    New member
    Join Date
    2011 Jul
    Posts
    4
    Thanks Thanks Given 
    1
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0

    Ban Knight Online when I use ollydbg debugger

    Hi.
    Interesting information.
    I have obtained the address with cheat engine.
    But when I put the breakpoint with OllyDbg and starts the debugger gives me 48 hours Ban KO.

  5. #5
    Rookie
    Rookie is offline
    Inactive
    Join Date
    2020 Oct
    Posts
    1
    Thanks Thanks Given 
    0
    Thanks Thanks Received 
    0
    Thanked in
    0 Posts
    Rep Power
    0
    i just registered on this forum after reading that !

    print "hello world"

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •