⚙️ Simple Step to Step Tutorials for Disassembling / Code Injection & getting Pointer Addresses 🔧
- Set Value Type All
- Set Value (ex. (Int 32 = 4 Byte = 32 Bit) 85 or (float/double) 85.5) you search for and press First Scan
- Change Value in the Process
- The Changed Value will be red, on the left is the Pointer Address
- Right Click on Address Record
- Select Find out what writes to this address
- Press on Replace
- Delete the Assembly Code and Press OK
- Read the Address
- Check Checkbox Hex and put the Address in it
- The Address to the Pointer is in this ex. 1002CBA40
- Select Find out what writes to this address
- Press on More information
- The Address to the Pointer is in this ex. 011DC7A0
01168A78 = Address / base pointer (base ptr)
0x18 = Offset
"Tutorial-x86_64.exe" + 2CBA70 = static base address
-> = points to
01168A78 = Value = 2765
01188070 -> 1168A60 + 0x18 = 01168A78
01168A18 -> 01188070 + 0 = 01188070
011681D0 -> 1168A00 + 0x18 = 01168A18
"Tutorial-x86_64.exe" + 2CBA70 -> 11681C0 + 0x10 = 011681D0
- Right Click on Address Record
- Select Find out what accesses this address
- Calculate the Address using the Offset ex. -> (01188070 -> 1168A60 + 0x18 = 01168A78)
Calculation (hex) : (01168A78 - 18 = 01168A60 = 1168A60) - Check Checkbox Hex and put the Address in it (ex. 1168A60)
- The Address to the Pointer is in this ex. 01188070
- Repeat Step 1 to 5 until you get the static base Address, in this ex. "Tutorial-x86_64.exe" + 2CBA70
- Click on Add Address Manually
- Add Address, if needed with Offsets and click OK
- The Result should look like this:
- Click on Add Address Manually
- Add Address, if needed with Offsets and click OK
- The Result should look like this:
- Right Click on Address Record
- Select Find out what writes to this address
- Press Show disassembler
- Click on Tools and select Auto Assemble
- Click on Template and select Code Injection
- Click on OK
- Comment out as an ex. //sub dword ptr [rsi+00000780],01 (value - 1)
- Write as an ex. add dword ptr [rsi+00000780],01 (value + 1)
- Press on Execute and then click OK and it's Done!