Bear with me...

Say you wanted to always resolve the location for '# of lives' in your game.

You could do a function:

'Location held by static pointer' +/- distance to lives value.


Now this works because even though the locations of values are dynamically allocated at runtime, the relative distance between them remains the same. So whatever the distance between 'location held by static pointer' and your value is in one instance of live memory, that distance will be the same at the next runtime.

This does not work in dynamic pointers of course, because the location held by a dynamic pointer will change at each runtime. i.e (esi+4) (There is usually a register involved with dynamic pointers).

The beauty of static pointers is that you can use any one, you just need to add the distance between the location it holds and your value. Then if you wanted to resolve a second value, you can just use that same static pointer.

The problem is, how do you locate a static pointer's location in memory? 99% of values that you BP on in memory will be generated by dynamic pointers which are useless.

Static pointers are the only true non-dynamic part of live memory. (The only thing that has a predictable location.)



QUOTE:



http://216.239.53.104/search?q=cache:wPZuqcARiUAJ:www.mpcheatz.de/mpc/forum/showthread/t-35738.html+%22static+pointer%22+trainer&hl=en


You guys understand what I am talking about now?

(Isn't there always at least one 'Global Static Base Pointer'?)


So, what is a quick way to locate these static pointers?

Gosh. There's something vaguely familiar about the contents of this post. Seems I've read it somewhere else very recently. Deja vu all over again. Hope you get more help here.

Regards,

me too. I deleted the old thread.

Well if you have read the appropriate MPC threads regarding 'private hacks', DMA whatever you would have known that TSearch is your tool of trade.

There are lots of tutorials how to do that (no need to reiterate here).

Regards

Guh. You have to register to use their search function.

If you mean Eedock's tut, well that is a rubbish tut cause the game he uses has no dynamic pointers anyway. So dynamic pointer aren't even dealt with.

SysCall:

Don't you think the "attitude" of your post was more than a little condescending for someone who only started posting here three days ago?

Regards,

Yeah, lol.

But let's not de-rail this thread.

No de-railment intended, but it IS my job to help maintain the sensibilities around here and it's a function I intent to carry out.

Regards,

You're rather confusing here ... you seem to be mixing up static and dynamic pointers quite a bit.

Here's the thing: if a given variable resides at a dynamically allocated place, there's no way to know where that will be (unless you fire your executable up several times in a row under win9x, in which there is quite a chance that windows will respond each time with the same memory places allocated). Now, as for the relation between static pointers and dynamic pointers ... there is NONE. Not if you consider both pointers to point to places in data. However, the text you quoted seems to me to be about something else:
It looks as if the static pointer is actually a pointer to a place in the code, where the SAME variable is referred to. That place in the code will always refer to the same variable, and can therefore be used as a point of departure - since, by normal programmer praxis, the structure of the data array will be the same from time, for expediency.

Have you understoodthis? You see, I just don't get your reply:


The problem is, how do you locate a static pointer's location in memory? 99% of values that you BP on in memory will be generated by dynamic pointers which are useless.

If you BP on the memory that holds the variable, and you get to a place in the code that is responsible for changing the variable, you can then check if it changes that and only that location. If it does, lo and behold, there's your static pointer.



Static pointers are the only true non-dynamic part of live memory. (The only thing that has a predictable location.)

Yes, but because they are part of the code, not because they are pointers in any normal fashion.

Fake

EDIT: ramble ramble ramble. Are you in any way referring to apps/games that always allocate memory in the same every time? By way of virtualalloc, say. Then just break on the calls to the alloc functions. I still don't see any use of this, though. Much better to break on a part in the code that you know does the dirty work, and just get the address from there.

Aquatic, isn't this practically the exact same thing you asked in a thread here some months ago? We were discussing following the pointer chain backward then too...

Anyway, I think you need to be a little more specific, but if you want to just know if a pointer at a certain memory address is in static or dynamic memory, I guess you could simply look if the pointer is located inside the memory range of a PE section or not. If it is, it is static, otherwise it is dynamic. If it is on the stack, it can be considered somewhere inbetween, also depending on how deep on the stack it is etc...

Do we talk about same tool?
I used TSearch 1.6b some time ago (from http://membres.lycos.fr/tsearch/) which has no limitation i am aware of (though i never used it extensively).
I preferred attaching ollydbg to the running process or injecting helper dlls fixing up some stuff



Dunno who that guy is. Just check the BF1942 and BFV subforums there is lots of stuff/tutorials posted on this topic (dynamic/static pointers).

Almost everything in this mutiplayer game has been hacked.
I bet there are 100s of private hacks around which have been built from the knownledge exposed in these threads.

The accompanying PB provides no protection at all.
I explained some of the inner workings in some threads just search for it.

Regards



No offense meant. Yes maybe ... sometimes i get a bit angry when questions get asked 1000 times.
There is much stuff around that topic in MPC subforums .. one only has to use search function.

Your name over at that board isn't SysCall, is it? I searched for it, and didn't get any hits. Also, when searching for just "punk buster" and similar I got too many unrelated hits to be able to find any juicy ones. I've been a bit curious about it before, and exactly what it does, so if you have some good technical info about its internals, could you post some links to it here?

I guess there is no simple answer to my question.

So let me try and get everyone on the same wavelength here.

Lets go on a journey...


1. Search for value in game.

2. BP on it.

3. Find the pointer that points to the value. (holds the value's location).

4. restart game.

5. Go to the addy where the pointer was before. (It's the same pointer, but wait the memory location that it holds (points to), doesn't hold your value anymore). So it's a dynamic pointer. Now, if it were a static pointer, then the location it points to would always hold your value.

However, say you found a static pointer that has nothing to do with your value, ... well that's ok too, because all you need to know is the distance between your value and that of the value held at the location that this arbritrary static pointer points to.


...Up to this point I haven't even had to look at the asm code, all the above has to do with live memory locations. (Artmoney can do step 3 automatically for you.)


Why the hell am I asking this? Well think about it. Most trainers use the crude method of having to patch the asm code in order to defeat dynamic values, this requires way more work than is neccessary, and also it prevents you from altering client-side values whilst online. Oh man, don't you guys get it? My theory would allow you to manipulate client-side values without the server disconecting you for patching the game's raw asm.

*laughs hysterically as head explodes*

Yes, i never use the same nick/handle for different message boards/forums.
Its better to keep low noise

Posting deep links to threads is not a good idea ... just search for punkbuster screenshot, console hack, code cave parts whatever.

Regards

Here's the where the chain snaps for me:
You find your dynamic pointer (a variable, that changes, since the memory place changes)
Your find your static pointer (which is, mysteriously, always the same, quite possibly because it's in the .data section)
The range between the two will be ... dynamic.

Hence, the only thing to do is to find the code that references the dynamic pointer, and grab the pointer from there.

If this is not what you're looking for, please do be more specific ... and logical.

Fake