Quote:
Originally Posted by zev
Although, it could be that we'r talking about different topics, are you refering to Rufus' code or to the actual data?
|
I was talking about the code that was posted, I don't do RTS games (Lot of work, to hack a game that really shouldn't be hacked in the first place - but this is neither the time nor the place for that discussion). At any rate, I noticed that I had made an assumption that wasn't true - I had merely glanced over the code posted originally and had thought that the if...else block had checked for 0, then 1 - when in fact it only checked for 0. So, I decided to humor you and write a proof of concept app.
Code:
#include <stdio.h>
#include <stdlib.h>
typedef struct MyStruct {
unsigned long dwSomeData;
} *pMyStruct;
int main() {
pMyStruct StructInstance = (pMyStruct) malloc(sizeof(MyStruct));
unsigned int x = (unsigned int)&StructInstance, y = (unsigned int)StructInstance, z = sizeof(StructInstance);
printf("%X - %X - %i\n", x, y, z);
StructInstance = NULL, x = (unsigned int)&StructInstance, y = (unsigned int)StructInstance, z = sizeof(StructInstance);
printf("%X - %X - %i\n", x, y, z);
free(StructInstance);
system("pause");
return 0;
}
The applications behavior is similar to what you claim the game's behavior is, but there is one critical difference: the address of the pointer to the instance of the struct is always different upon every run of the program. The address which you claim is a pointer to the game's class is not ever-changing (otherwise it would be a waste of time to check the same address all the time), how do you account for this if you are right? And, isn't it equally possible that it is indeed a byte pointer as I said, and just not a boolean? From your Olly snippet It appears as though it's possible that the "08" is data, and the trailing "E90088" is code - a call, to be exact.