Author Topic: Creating my first cheat: Autokick  (Read 1320 times)

0 Members and 1 Guest are viewing this topic.

snake123adfs

  • Cheater Apprentice
  • *
  • Posts: 13
    • View Profile
Creating my first cheat: Autokick
« on: September 14, 2018, 10:16:42 pm »
Hello everyone!! I currently am very bored out of mind, and have no small term goals, so I have decided I will try to make an Autokick hack for warband. I have very limited programming experience, like noob level from years ago when I tried to start coding and failed.

I know it has been said that I can learn from the downloads section but I have no idea what to download from there. Anyone can link me to a thread for a legit beginner?

Edit: am taking notes from this thread http://tkc-community.net/forum/index.php/topic,16834.0.html and trying to understand it, is very hard.

double edit: just read this from another thread "get the vector rotation of the player ( you ) then check if the enemy is in a certain zone + distance from you if they are then send a kick command"

so that means when I create the program I will need some if functions that will run when I press the kick button E correct?



« Last Edit: September 14, 2018, 10:44:49 pm by snake123adfs »

snake123adfs

  • Cheater Apprentice
  • *
  • Posts: 13
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #1 on: September 14, 2018, 11:20:42 pm »
found this guys videos https://www.youtube.com/watch?v=XgV76LapvGs

gunna start there

snake123adfs

  • Cheater Apprentice
  • *
  • Posts: 13
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #2 on: September 15, 2018, 12:16:24 am »
I have downloaded cheat engine, loaded it up with Napoleonic wars, I'm on my own server, trying to find the memory address for health, read in a thread from 2014 that the default value for health is 60, so I put 60 in the value box,value type set to 4 bytes, do a scan, get 70,000 results, then I jump off a mountain, takes about 3/4th of my Health away. do a searched for decreased value, 12 results show up, hit scan again, and they all just disappear. Has the memory addresses and values for the game changed over the years?

edit: used my noggin, think I found out what I did wrong, going to try to find the health address by first searching for unknown and narrowing it down

well RIP, I got it narrowed down to 12 addresses, and the next time I jumped off the cliff and injured myself and search decreased value all the addresses disappeared

double edit: searching float instead of 4 bytes now, see if that will work

triple edit: I think the memory for health may either be 0A5B6658 or 4D6F3468, both have values of 56 instead of 60.

yeah that is definitely it,  just jumped off and injured myself and the value went to 16. NW sets the default health to 56, not 60 like Native I guess.

why are there two addresses for health btw?

quad edit: Right Clicked on address 0A5B6658 and clicked to find out what acceses it and this is what showed up

005D9573 - D9 86 18020000  - fld dword ptr [esi+00000218]

005D956B - FF D0  - call eax
005D956D - D9 85 00600000  - fld dword ptr [ebp+00006000]
005D9573 - D9 86 18020000  - fld dword ptr [esi+00000218] <<
005D9579 - DAE9 - fucompp
005D957B - DFE0 - fnstsw ax

EAX=004570E0
EBX=0005BE00
ECX=5A2336D0
EDX=007C4104
ESI=0A5B6440
EDI=4C9E3DF8
ESP=0314EF08
EBP=4D6ED468
EIP=005D9579


then I did the same for the other address 4D6F3468

and got this:

005A73CF - D8 9E 00600000  - fcomp dword ptr [esi+00006000]
005D956D - D9 85 00600000  - fld dword ptr [ebp+00006000]
0052AF57 - D9 80 00600000  - fld dword ptr [eax+00006000]

005A73CA - D9EE - fldz
005A73CC - 83 C4 08 - add esp,08
005A73CF - D8 9E 00600000  - fcomp dword ptr [esi+00006000] <<
005A73D5 - DFE0 - fnstsw ax
005A73D7 - F6 C4 05 - test ah,05

EAX=00000020
EBX=0086AB40
ECX=00000000
EDX=00862E30
ESI=4D6ED468
EDI=0314F454
ESP=0314F3F0
EBP=0A5B673C
EIP=005A73D5

005D9565 - 8B 82 DC000000  - mov eax,[edx+000000DC]
005D956B - FF D0  - call eax
005D956D - D9 85 00600000  - fld dword ptr [ebp+00006000] <<
005D9573 - D9 86 18020000  - fld dword ptr [esi+00000218]
005D9579 - DAE9 - fucompp

EAX=004570E0
EBX=0005BE00
ECX=5A2336D0
EDX=007C4104
ESI=0A5B6440
EDI=4C9E3DF8
ESP=0314EF08
EBP=4D6ED468
EIP=005D9573


0052AF50 - 8B CE  - mov ecx,esi
0052AF52 - E8 D943EEFF - call mb_warband.exe+F330
0052AF57 - D9 80 00600000  - fld dword ptr [eax+00006000] <<
0052AF5D - DC 0D 18EF7B00  - fmul qword ptr [mb_warband.exe+3BEF18]
0052AF63 - 57 - push edi

EAX=4D6ED468
EBX=472658C0
ECX=4C9E3DF8
EDX=00000000
ESI=082A3B2C
EDI=0000000F
ESP=03139C20
EBP=0314E538
EIP=0052AF5D



OK So when I had gotten all that information, it was when my character was still injured, so i restored his health, and checked the addresses again to see what writes to them, and now nothing is showing under 4D6F3468, but 0A5B6658 is still showing the one address that accesses it

what 0A5B6658 is now showing after healing my player fully

005D956B - FF D0  - call eax
005D956D - D9 85 00600000  - fld dword ptr [ebp+00006000]
005D9573 - D9 86 18020000  - fld dword ptr [esi+00000218] <<
005D9579 - DAE9 - fucompp
005D957B - DFE0 - fnstsw ax

EAX=004570E0
EBX=0005BE00
ECX=5A2336D0
EDX=007C4104
ESI=0A5B6440
EDI=4C9E3DF8
ESP=0314EF08
EBP=4D6ED468
EIP=005D9579





« Last Edit: September 15, 2018, 01:16:52 am by snake123adfs »

snake123adfs

  • Cheater Apprentice
  • *
  • Posts: 13
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #3 on: September 15, 2018, 01:08:09 am »
"when you finally find the value and your sure its your health , find out what access it

jump to that location ( of the offset that is actually changing it , usually a float store [fstp] sometimes a double , mostly int or dword though warband is uncommon in most aspects actually )

now we have this address that is changing health

fstp [ebx+6000] ( local )

ok now you see the ebx .. ( ignore the + 6000 as its irrelivant at this point )

the ebx is what is known as the base .. or local , or local player pointer , this ebx is pointing to the start of you , ie your player' - mrmedic

this is confusing, looking at the addresses I posted I don't see anything that says this "fstp [ebx+6000] ( local )" there is no ebx+6000, there are ebp and the other prefixes, as well as 00006000 but there is no ebx or +6000

but then worm on the otherhand said "fst dword ptr [esi+00006000]   (Static Addr : mb_warband.exe+D25F4)
ESI - > Base
Base + 0x6000 - > Health.
"

Seb

  • Relentless Teamkiller
  • **
  • Posts: 72
    • View Profile
    • Aimjunkies.com
Re: Creating my first cheat: Autokick
« Reply #4 on: September 15, 2018, 03:27:20 am »
Took me a while to read all of that, but there is already so much information on these forums which I have posted and then some more obscure info posted by Medic. You may want to throw the executable into IDA and analyze the functions which have already been analyzed.
Regarding the two health value, one is for the UI and the other is for your actual player.
Games have a lot of different reasons for using multiple health values at times.

EternalAgonu

  • Intentional Cheater
  • **
  • Posts: 34
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #5 on: September 15, 2018, 04:17:01 am »
Took me a while to read all of that, but there is already so much information on these forums which I have posted and then some more obscure info posted by Medic. You may want to throw the executable into IDA and analyze the functions which have already been analyzed.
Regarding the two health value, one is for the UI and the other is for your actual player.
Games have a lot of different reasons for using multiple health values at times.
English please...

snake123adfs

  • Cheater Apprentice
  • *
  • Posts: 13
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #6 on: September 15, 2018, 06:04:46 am »
Took me a while to read all of that, but there is already so much information on these forums which I have posted and then some more obscure info posted by Medic. You may want to throw the executable into IDA and analyze the functions which have already been analyzed.
Regarding the two health value, one is for the UI and the other is for your actual player.
Games have a lot of different reasons for using multiple health values at times.

executable? what do you mean, all I have found is the addresses, and which value will I use, the one for the player or the UI?

I am literally brand new to this stuff.

Also how do I find the X,Y,Z coordinates of my player?

Question, is it possible to make a Health Cheat on Multiplayer? Where my health gets replenished or I have 10x more health?

I tried changing the health values with cheat engine, I had someone stab my character to do a bit of damage then I would change the value in cheat engine. The health bar would go full, but it was just superficial, the actual value of my characters health would not change.

BTW, I went to buy IDA Pro, and it is just too expensive for me. I have the freeware version will that do? For some reason I can't find out how to install class informer on IDA

edit: trying to find X and Y, think I have found the dynamic addresses, and they are 00DE0670 which has a small value of 8.349216836E-15 and 01D99488 which has a value of 179.4599915


These are what  access 00DE0670:
0062501C - 89 44 8F F4  - mov [edi+ecx*4-0C],eax
00625020 - 8B 44 8E F8  - mov eax,[esi+ecx*4-08]
00625024 - 89 44 8F F8  - mov [edi+ecx*4-08],eax <<
00625028 - 8B 44 8E FC  - mov eax,[esi+ecx*4-04]
0062502C - 89 44 8F FC  - mov [edi+ecx*4-04],eax

EAX=2816688F
EBX=0000001A
ECX=00000006
EDX=00000002
ESI=0314E47C
EDI=00DE0660
ESP=0314E3FC
EBP=0314E404
EIP=00625028

0046BDEB - 73 21 - jae mb_warband.exe+6BE0E
0046BDED - 8B 4C 24 14  - mov ecx,[esp+14]
0046BDF1 - 8B 54 A9 04  - mov edx,[ecx+ebp*4+04] <<
0046BDF5 - 2B C6  - sub eax,esi
0046BDF7 - 8B 04 85 4C70DD00  - mov eax,[eax*4+mb_warband.exe+9D704C]

EAX=00000011
EBX=0314F858
ECX=00DE0660
EDX=2816688F
ESI=0000000B
EDI=0314F82C
ESP=0314F7F4
EBP=00000003
EIP=0046BDF5

0046BDD4 - D3 E2  - shl edx,cl
0046BDD6 - F7 D0  - not eax
0046BDD8 - 23 14 AF   - and edx,[edi+ebp*4] <<
0046BDDB - 8B 7C 24 1C  - mov edi,[esp+1C]
0046BDDF - 23 07  - and eax,[edi]

EAX=FFFE0000
EBX=0314F858
ECX=00000006
EDX=00166880
ESI=00000011
EDI=00DE0660
ESP=0314F7E0
EBP=00000004
EIP=0046BDDB

00625014 - 89 44 8F F0  - mov [edi+ecx*4-10],eax
00625018 - 8B 44 8E F4  - mov eax,[esi+ecx*4-0C]
0062501C - 89 44 8F F4  - mov [edi+ecx*4-0C],eax <<
00625020 - 8B 44 8E F8  - mov eax,[esi+ecx*4-08]
00625024 - 89 44 8F F8  - mov [edi+ecx*4-08],eax

EAX=2816688F
EBX=0000001D
ECX=00000007
EDX=00000001
ESI=0314E47C
EDI=00DE0660
ESP=0314E3FC
EBP=0314E404
EIP=00625020


And these are what access 01D99488:

0046D3E9 - 8B 50 04  - mov edx,[eax+04]
0046D3EC - D9 5C 24 08  - fstp dword ptr [esp+08]
0046D3F0 - 89 15 8894D901  - mov [mb_warband.exe+1999488],edx <<
0046D3F6 - 8B 48 08  - mov ecx,[eax+08]
0046D3F9 - 89 0D 8C94D901  - mov [mb_warband.exe+199948C],ecx

EAX=0314F85C
EBX=0087B3F0
ECX=4382C3D7
EDX=433375C2
ESI=00DE0658
EDI=00000000
ESP=0314F850
EBP=00DE0658
EIP=0046D3F6

004E95BF - A1 8494D901 - mov eax,[mb_warband.exe+1999484]
004E95C4 - 89 43 40  - mov [ebx+40],eax
004E95C7 - 8B 0D 8894D901  - mov ecx,[mb_warband.exe+1999488] <<
004E95CD - 89 4B 44  - mov [ebx+44],ecx
004E95D0 - 8B 15 8C94D901  - mov edx,[mb_warband.exe+199948C]

EAX=4382C3D7
EBX=52825E18
ECX=433375C2
EDX=00000000
ESI=07605FC0
EDI=0005BE00
ESP=0314F7D0
EBP=0314F85C
EIP=004E95CD


BTW I got these from Worm's thread
mb_warband.exe+2B12F3C - > X
mb_warband.exe+2B12F3C+4 -> Y
mb_warband.exe+2B12F3C+4+ 4 - > Z

But when I put them into cheat engine it cant find the addresses




 
« Last Edit: September 15, 2018, 11:52:31 pm by snake123adfs »

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #7 on: September 15, 2018, 10:21:08 pm »
"when you finally find the value and your sure its your health , find out what access it

jump to that location ( of the offset that is actually changing it , usually a float store [fstp] sometimes a double , mostly int or dword though warband is uncommon in most aspects actually )

now we have this address that is changing health

fstp [ebx+6000] ( local )

ok now you see the ebx .. ( ignore the + 6000 as its irrelivant at this point )

the ebx is what is known as the base .. or local , or local player pointer , this ebx is pointing to the start of you , ie your player' - mrmedic

this is confusing, looking at the addresses I posted I don't see anything that says this "fstp [ebx+6000] ( local )" there is no ebx+6000, there are ebp and the other prefixes, as well as 00006000 but there is no ebx or +6000

but then worm on the otherhand said "fst dword ptr [esi+00006000]   (Static Addr : mb_warband.exe+D25F4)
ESI - > Base
Base + 0x6000 - > Health.
"

005D956D - D9 85 00600000  - fld dword ptr [ebp+00006000] ebp .. points to your local ( base )... the +6000 is the offset from you to health address.

well done btw you are getting there , keep trying.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

snake123adfs

  • Cheater Apprentice
  • *
  • Posts: 13
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #8 on: September 15, 2018, 10:47:56 pm »
"when you finally find the value and your sure its your health , find out what access it

jump to that location ( of the offset that is actually changing it , usually a float store [fstp] sometimes a double , mostly int or dword though warband is uncommon in most aspects actually )

now we have this address that is changing health

fstp [ebx+6000] ( local )

ok now you see the ebx .. ( ignore the + 6000 as its irrelivant at this point )

the ebx is what is known as the base .. or local , or local player pointer , this ebx is pointing to the start of you , ie your player' - mrmedic

this is confusing, looking at the addresses I posted I don't see anything that says this "fstp [ebx+6000] ( local )" there is no ebx+6000, there are ebp and the other prefixes, as well as 00006000 but there is no ebx or +6000

but then worm on the otherhand said "fst dword ptr [esi+00006000]   (Static Addr : mb_warband.exe+D25F4)
ESI - > Base
Base + 0x6000 - > Health.
"

005D956D - D9 85 00600000  - fld dword ptr [ebp+00006000] ebp .. points to your local ( base )... the +6000 is the offset from you to health address.

well done btw you are getting there , keep trying.

Thanks. Do you know how to find the X,Y,Z coordinates of my player? I think finding Z would be easy, just go on a flat map and jump on a box and search for a value that increased.

But X and Y seems like itd take a really long time.

just to clarify, 005D956D  is the pointer to the dynamic health address right?

btw im doing all of this on a multiplayer server is that alright or should I take it offline?


double edit: just got it down to 19 addresses from moving ot other parts of the map

still stuck at 19 addresses..... but I think this dynamic address might be it 01D9948C


these are what accesses it

0046D3F0 - 89 15 8894D901  - mov [mb_warband.exe+1999488],edx
0046D3F6 - 8B 48 08  - mov ecx,[eax+08]
0046D3F9 - 89 0D 8C94D901  - mov [mb_warband.exe+199948C],ecx <<
0046D3FF - 8B 50 0C  - mov edx,[eax+0C]
0046D402 - 8D 44 24 20  - lea eax,[esp+20]

EAX=0314F85C
EBX=0087B3F0
ECX=4023D700
EDX=43A0570A
ESI=00DE0658
EDI=00000000
ESP=0314F850
EBP=00DE0658
EIP=0046D3FF

004E95C7 - 8B 0D 8894D901  - mov ecx,[mb_warband.exe+1999488]
004E95CD - 89 4B 44  - mov [ebx+44],ecx
004E95D0 - 8B 15 8C94D901  - mov edx,[mb_warband.exe+199948C] <<
004E95D6 - 89 53 48  - mov [ebx+48],edx
004E95D9 - A1 9094D901 - mov eax,[mb_warband.exe+1999490]

EAX=43ABA666
EBX=52825E18
ECX=43A0570A
EDX=4023D700
ESI=0763B600
EDI=0005BE00
ESP=0314F7D0
EBP=0314F85C
EIP=004E95D6


triple edit

I just found 4 dynamic addresses that decrease when I crouch are these the ones I need for the Z coordinate? The address I posted above I think had to do with how high I was on the map

These are from the 4 dynamic addresses that decreased when I crouched

00473F54 - 05 28020000 - add eax,00000228
00473F59 - B9 8A000000 - mov ecx,0000008A
00473F5E - 81 C2 28020000 - add edx,00000228 <<
00473F64 - F3 A5 - repe movsd
00473F66 - 3B C5  - cmp eax,ebp

EAX=4F9C6700
EBX=00DD8DF0
ECX=00000078
EDX=4F9C64D8
ESI=4F9C6520
EDI=4F9C62F8
ESP=0314F85C
EBP=4F9C6700
EIP=00473F64

00473F54 - 05 28020000 - add eax,00000228
00473F59 - B9 8A000000 - mov ecx,0000008A
00473F5E - 81 C2 28020000 - add edx,00000228 <<
00473F64 - F3 A5 - repe movsd
00473F66 - 3B C5  - cmp eax,ebp

EAX=4F9C6700
EBX=00DD8DF0
ECX=00000074
EDX=4F9C64D8
ESI=4F9C6530
EDI=4F9C6308
ESP=0314F85C
EBP=4F9C6928
EIP=00473F64


00473249 - 56 - push esi
0047324A - 8B 74 24 10  - mov esi,[esp+10]
0047324E - B9 8A000000 - mov ecx,0000008A <<
00473253 - F3 A5 - repe movsd
00473255 - 5E - pop esi

EAX=0314F054
EBX=00DE807C
ECX=00000078
EDX=0314F054
ESI=0314F09C
EDI=4F9C6520
ESP=0314E994
EBP=0314E9C4
EIP=00473253

00473F54 - 05 28020000 - add eax,00000228
00473F59 - B9 8A000000 - mov ecx,0000008A
00473F5E - 81 C2 28020000 - add edx,00000228 <<
00473F64 - F3 A5 - repe movsd
00473F66 - 3B C5  - cmp eax,ebp

EAX=4F9C6700
EBX=00DD8DF0
ECX=00000074
EDX=4F9C64D8
ESI=4F9C6530
EDI=4F9C6308
ESP=0314F85C
EBP=4F9C6700
EIP=00473F64

00473249 - 56 - push esi
0047324A - 8B 74 24 10  - mov esi,[esp+10]
0047324E - B9 8A000000 - mov ecx,0000008A <<
00473253 - F3 A5 - repe movsd
00473255 - 5E - pop esi

EAX=0314F054
EBX=00DE807C
ECX=00000074
EDX=0314F054
ESI=0314F0AC
EDI=4F9C6530
ESP=0314E994
EBP=0314E9C4
EIP=00473253


These are all that access the addresses


so when standing on completley flat land, my player height is set at 77, if I go up a hill, 2 of the dynmaic address values will change slightly to 78 or 79.

but no matter where I am, when i crouch, two addresses go to 4 and two go to 6

« Last Edit: September 16, 2018, 12:07:27 am by snake123adfs »

snake123adfs

  • Cheater Apprentice
  • *
  • Posts: 13
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #9 on: September 16, 2018, 01:29:36 am »
just viewed this

Quote
here are some usefull functions i have dumped for you all , these can be used for:

admin control bypass ( any server ).
autoblock
auto attack
auto chamber
aimbot
kick distance evade / auto kick opponent
cycle ents ( built in so no need to check just hook and away you go all relevant data is there for you )
and there is an unblockable in there ( works on v1.73 and probably all future versions.)



-> 0x4B63D9
-> 0x4AF73F
-> 0x4AF8B4
-> 0x816CE0
-> 0x5B19AA
->  0x5D6674
->  0xE0B1C8
->  0x423557
->  0x5D793A
->  0x8681B0
->  0x4AF73F
->  0x4AB2D9
Localbase 2  -> 0x5D7BAD
-> 0x499E34
have fun.  sorry admin control bypass ( any server ) removed ( can crash servers and i dont support that )

 

These are functions in IDA correct? I only have IDA freeware 7.0, and I don't have class informer.

I have a fucking landslide of questions to ask lol
« Last Edit: September 16, 2018, 01:41:39 am by snake123adfs »

snake123adfs

  • Cheater Apprentice
  • *
  • Posts: 13
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #10 on: September 16, 2018, 03:49:16 am »
Yes I know I am coming off as an idiot lol, I just started learning about reverse engineering yesterday, any help would be much appreciated from you guys.

Seb

  • Relentless Teamkiller
  • **
  • Posts: 72
    • View Profile
    • Aimjunkies.com
Re: Creating my first cheat: Autokick
« Reply #11 on: September 16, 2018, 07:50:45 am »
You seem to actually be trying, I'll help you out a little, can you send me your discord name?

snake123adfs

  • Cheater Apprentice
  • *
  • Posts: 13
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #12 on: September 16, 2018, 10:24:26 am »
You seem to actually be trying, I'll help you out a little, can you send me your discord name?
ok i just created a discord, my name on there is snake123adfs

And yes I am trying lol, I set a goal and I'm not stopping till I finish it goddamnit lol.
« Last Edit: September 16, 2018, 11:47:29 pm by snake123adfs »

Seb

  • Relentless Teamkiller
  • **
  • Posts: 72
    • View Profile
    • Aimjunkies.com
Re: Creating my first cheat: Autokick
« Reply #13 on: September 17, 2018, 10:07:47 pm »
You seem to actually be trying, I'll help you out a little, can you send me your discord name?
ok i just created a discord, my name on there is snake123adfs

And yes I am trying lol, I set a goal and I'm not stopping till I finish it goddamnit lol.
You need to send me your name and number.

snake123adfs

  • Cheater Apprentice
  • *
  • Posts: 13
    • View Profile
Re: Creating my first cheat: Autokick
« Reply #14 on: September 17, 2018, 11:26:58 pm »
just got IDA 6.8 pro and class informer installed.

edit: OK so can MrMedic or Seb help me out here.


I would like to know the significance of the following information.


Quote
mb_warband.exe+2B12F3C - > X
mb_warband.exe+2B12F3C+4 -> Y
mb_warband.exe+2B12F3C+4+ 4 - > Z

^^^ Those are pointers to the dynamic addresses for X,Y,Z, but I can't find them through cheat engine on NW. I got them from a thread from 2014, so did the game's pointers change from all the patches?

Quote
005D956B - FF D0  - call eax
005D956D - D9 85 00600000  - fld dword ptr [ebp+00006000]
005D9573 - D9 86 18020000  - fld dword ptr [esi+00000218] <<
005D9579 - DAE9 - fucompp
005D957B - DFE0 - fnstsw ax

EAX=004570E0
EBX=0005BE00
ECX=5A2336D0
EDX=007C4104
ESI=0A5B6440
EDI=4C9E3DF8
ESP=0314EF08
EBP=4D6ED468
EIP=005D9579

^^^ I have no clue what all these are, other than that 005D956D - D9 85 00600000  - fld dword ptr [ebp+00006000] is health.


Quote
-> 0x4B63D9
-> 0x4AF73F
-> 0x4AF8B4
-> 0x816CE0
-> 0x5B19AA
->  0x5D6674
->  0xE0B1C8
->  0x423557
->  0x5D793A
->  0x8681B0
->  0x4AF73F
->  0x4AB2D9

^^^ and those are functions I can find in IDA correct?

Like I said, I'm literally brand new to all this stuff lol, and have a massive amount of questions.

sooooo, I started up NW again, found the health address and stuff like that because it changed since last time, got the ebp, searched for it in hex 4 byte aaaaannnddd theres 15,000 addresses and no green static addresses.
« Last Edit: September 18, 2018, 02:26:42 am by snake123adfs »