Skip to content

Find Multiple Offsets

Jump to bottom
Jacob Fliss edited this page Nov 14, 2016 · 4 revisions

The following guide is for finding Pointer->Offset->Offset (etc)

  1. Search for value you want to modify.

  2. Once you find it, right click, and press “Watch write accesses”. Go back to game and increase/decrease the value.

  3. Right click on the shown instructions, press "Show in Debugger". In the example below, my address was 0x6EDD0. Place a break point on the address. NOTE: If the address is move eax, [ESI+0x2a4] then ESI should now be showing the address below.

  4. Add the ESI address to addresses table, right click, “Search Pointer to Variable” All pointers to ESI now show.

  5. In the Debug window, browse above the pointer address you need to see if something like mov esi, [ebp+0x8] as an instructions. If it is, then you have to Debug Break the push edp to see what that address is.

  6. Add the EDP address to addresses table, right click, “Search Pointer to Variable”

  7. All pointers to EDP now show.

  • The final pointer->offset->offset address should look like [[edp_pointer]+0x8]+0x2a4
  • If you need to, you can continue this with [[[[pointer]+offset]+offset]+offset]+offset (etc)

Replace edp_pointer with found pointer.

Bit Slicer

Searching

Memory

Debugging

Scripting

Clone this wiki locally