offsets

Tags:    visual-basic

Hej.. hvis man skal åbne et program med et Hex program for at lave offsets er der så nogle der kan hjælpe mig med hvordan de ser ud ? Altså offsets

På forhånd mange tak.



Du kan bruge ollydbg

her er nogle offsets fra gameserver.exe ;)

005BA4B4 > $ 68 41A35B00 PUSH gameserv.005BA341 ; /FileName = "SkyEvent"
005BA4B9 . FF15 04CD650C CALL DWORD PTR DS:[<&KERNEL32.LoadLibrar>; \\LoadLibraryA
005BA4BF . A3 51A35B00 MOV DWORD PTR DS:[5BA351],EAX
005BA4C4 . 68 61A35B00 PUSH gameserv.005BA361 ; /ProcNameOrOrdinal = "NPCEvent"
005BA4C9 . 50 PUSH EAX ; |hModule
005BA4CA . FF15 00CD650C CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \\GetProcAddress
005BA4D0 . A3 71A35B00 MOV DWORD PTR DS:[5BA371],EAX
005BA4D5 . 68 81A35B00 PUSH gameserv.005BA381 ; /ProcNameOrOrdinal = "Loaded"
005BA4DA . A1 51A35B00 MOV EAX,DWORD PTR DS:[5BA351] ; |
005BA4DF . 50 PUSH EAX ; |hModule => NULL
005BA4E0 . FF15 00CD650C CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \\GetProcAddress
005BA4E6 . FFD0 CALL EAX
005BA4E8 . 68 91A35B00 PUSH gameserv.005BA391 ; /ProcNameOrOrdinal = "NewGObj"
005BA4ED . A1 51A35B00 MOV EAX,DWORD PTR DS:[5BA351] ; |
005BA4F2 . 50 PUSH EAX ; |hModule => NULL
005BA4F3 . FF15 00CD650C CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \\GetProcAddress
005BA4F9 . FFD0 CALL EAX
005BA4FB . 68 01A45B00 PUSH gameserv.005BA401 ; /ProcNameOrOrdinal = "MixRecv"
005BA500 . A1 51A35B00 MOV EAX,DWORD PTR DS:[5BA351] ; |
005BA505 . 50 PUSH EAX ; |hModule => NULL
005BA506 . FF15 00CD650C CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \\GetProcAddress
005BA50C . A3 C9A35B00 MOV DWORD PTR DS:[5BA3C9],EAX
005BA511 . 68 11A45B00 PUSH gameserv.005BA411 ; /ProcNameOrOrdinal = "Eventime"
005BA516 . A1 51A35B00 MOV EAX,DWORD PTR DS:[5BA351] ; |
005BA51B . 50 PUSH EAX ; |hModule => NULL
005BA51C . FF15 00CD650C CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \\GetProcAddress
005BA522 . FFD0 CALL EAX
005BA524 . 68 21A45B00 PUSH gameserv.005BA421 ; /ProcNameOrOrdinal = "FixS3Quest"
005BA529 . A1 51A35B00 MOV EAX,DWORD PTR DS:[5BA351] ; |
005BA52E . 50 PUSH EAX ; |hModule => NULL
005BA52F . FF15 00CD650C CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \\GetProcAddress
005BA535 . A3 39A45B00 MOV DWORD PTR DS:[5BA439],EAX
005BA53A . 68 49A45B00 PUSH gameserv.005BA449 ; /ProcNameOrOrdinal = "NewS3Quest"
005BA53F . A1 51A35B00 MOV EAX,DWORD PTR DS:[5BA351] ; |
005BA544 . 50 PUSH EAX ; |hModule => NULL
005BA545 . FF15 00CD650C CALL DWORD PTR DS:[<&KERNEL32.GetProcAdd>; \\GetProcAddress
005BA54B . A3 59A45B00 MOV DWORD PTR DS:[5BA459],EAX
005BA550 . EB 2B JMP SHORT gameserv.005BA57D

ved ikke om det er det du mener :D



t