Xemectrum

go to refresh values function change the pointer...

huh? I start from 0.. which mean bot also don't have.. ><"

can somebody teach me how do i use it?

You doesn't need it if you don't know how to use it

Say for StatsBase 01087ce8 the code is:

01087CEB - 66 7C 0F - jnge 01087CFD
01087CE8 - B4 B9 - mov ah,B9
01087CEA - 5F - pop edi
01087CEB - 66 7C 0F - jnge 01087CFD
01087CEE - 27 - daa
01087CEF - 00 58 0F - add [eax+0F],bl
01087CF2 - 27 - daa

I can form the AOB: b4 ?? 5f 66 ?? ?? 27 00 ?? ?? 27

How do i proceed to find the AOB for offset to HP 15AC?

rainforest wrote:Say for StatsBase 01087ce8 the code is:

01087CEB - 66 7C 0F - jnge 01087CFD
01087CE8 - B4 B9 - mov ah,B9
01087CEA - 5F - pop edi
01087CEB - 66 7C 0F - jnge 01087CFD
01087CEE - 27 - daa
01087CEF - 00 58 0F - add [eax+0F],bl
01087CF2 - 27 - daa

I can form the AOB: b4 ?? 5f 66 ?? ?? 27 00 ?? ?? 27

How do i proceed to find the AOB for offset to HP 15AC?

You FAILED. This is not the way to find pointer AoBs. Look THIS for examples.
http://w8file.com/cam/Pointer%20AOB.txt

Raiden wrote: You FAILED. This is not the way to find pointer AoBs. Look THIS for examples.
http://w8file.com/cam/Pointer%20AOB.txt

I see! Thanks for giving me a reference, does the following look correct for HP offset?

009F6364 - 89 8B AC150000 - mov [ebx+000015AC],ecx
009F636A - 8B 15 44790801 - mov edx,[01087944] : [002B937C]
009F6370 - 8B 8A 8C000000 - mov ecx,[edx+0000008C]
009F6376 - 8B 75 68 - mov esi,[ebp+68]

This one for the StateBase:

00BBE1A7 - 8B 0D E87C0801 - mov ecx,[01087CE8] : [64926A5C]
00BBE1AD - 85 C9 - test ecx,ecx
00BBE1AF - 74 07 - je 00BBE1B8
00BBE1B1 - 6A 00 - push 00


OOooooo i'm so excited!!

@rainforest: maybe you`re right. but everything has to be confirmed in the next patch. So good luck and happy haxing.

Thanks Raiden for working out the pointers and Nerrazzuri releasing them to the community, its really helpful for a beginner like me!
Keeping my fingers crossed, hopefully there are no major patches or HS revision rolls