-
Notifications
You must be signed in to change notification settings - Fork 66
macOS Memory Patterns for CS:GO
sig: (Byte)"\x89\xD6\x41\x89\x00\x49\x89\x00\x48\x8B\x1D\x00\x00\x00\x00\x48\x85\xDB\x74\x00"*
mask: "xxxx?xx?xxx????xxxx?"
start: 0xB
offset: 0x4
sig: (Byte)"\x48\x8D\x1D\x00\x00\x00\x00\x48\x89\x00\xE8\x28\xD6\x00\x00"*
mask: "xxx????xx?xxx??"
start: 0x3
offset: 0x2C
sig: (Byte)"\x48\x8D\x3D\x8C\x2C\x00\x00\x48\x8D\x15\x25\xD5\x95\x00\xE8\x78\x1F\x40\x00\x48\x8D\x3D\x00\x00\x00\x00\xE8\x3C\x1F\x40\x00\x48\x8D\x05\x00\x00\x00\x00\x5D\xC3\x66\x66\x2E\x0F\x1F\x84\x00\x00\x00\x00\x00"*
mask: "xxxxxxxxxxxxx?xxxxxxxx????xxxxxxxx????xxxxxxxxxxxxx"
start: 0x22
offset: 0x4
sig: (Byte)"\x8B\x00\x00\x00\x00\x00\xA8\x00\x00\x95\xC1\x00\xB6\xC9\x09\xD1\x44\x89"*
mask: "x?????x??xx?xxxxxx"
start: 0x2
offset: 0x4
sig: from m_dwForceAttack
mask: from m_dwForceAttack
start: from m_dwForceAttack
offset: 0x10
sig: (Byte)"\x44\x89\xE1\xC1\xE9\x00\x83\xE1\x00\x83\xF1\x00\x21\xC1\x89\x0D\x00\x00\x00\x00\x8B\x05\x00\x00\x00\x00\x89\xD1\x83\xC9\x00\xA8\x00\x0F\x44\xCA\x44\x89\xE2\xD1\xEA\x83\xE2\x00"*
mask: "xxxxx?xx?xx?xxxx????xx????xxxx?x?xxxxxxxxxx?"
start: 0x16
offset: 0x4
m_dwCClientState: sig: (Byte)"\x84\x6D\xE9\xFF\x0F\x1F\x00\x00\x55\x48\x89\xE5\x48\x8B\x05\x00\x00\x00\x00\x48\x83\xC0\x00\x5D\xC3\x66\x66\x66\x66\x66\x66\x2E\x0F\x1F\x84"*
mask: "xxxxxx??xxxxxxx????xxx?xxxxxxxxxxxx"
start: 0xF
offset: 0x4
m_szGameDirectory: sig: (Byte)"\x48\x81\xEC\x00\x00\x00\x00\x48\x89\xF3\x49\x89\xFE\x4C\x8B\x2D\x9F\xDB\x66\x00\x49\x8B\x45\x00\x48\x89\x45\xD0\x48\x8D\x3D\x00\x00\x00\x00\x48\x8D\xB5"*
mask: "xxx????xxxxxxxxxxxxxxxxxxxxxxxx????xxx"
start: 0x1F
offset: 0x4
m_vecEngineOrigin: sig: (Byte)"\x4D\x85\xF6\x0F\x84\x00\x00\x00\x00\x31\xF6\x4C\x89\xF7\xE8\x87\xDB\x00\x00\xF3\x0F\x10\x00\xF3\x0F\x11\x05\x00\x00\x00\x00\xF3\x0F\x10\x40\x00"*
mask: "xxxxx????xxxxxxxx??xxxxxxxx????xxxx?"
start: 0x1B
offset: 0x4
Will also provide a memory reader and signature scanning class (source) in the next days. (If I'm not to lazy with it) :-)