Wiki

Clone wiki

Bit Slicer / Pointers

##Definition A pointer is a memory address. A pointer variable is a variable whose value is a pointer; this memory address is pointing to some data in memory.

##For Instance Say a player has found his player's health variable. After he dies, he notices that his health variable is no longer valid. There might be a pointer variable though that always holds the correct address of the player's health.

##Testing it out I wrote a small test program, FindPointerTest, to help understand the concept. Download the program and run it.

  1. Search and find the counter variable in Bit Slicer. Use the increase counter button to change its value.
  2. If more than one result is returned, find which variable is the actual legit one and not a dummy. This can be done by changing its value in Bit Slicer and hitting Increase Counter button to update the display. Remove all dummy results.
  3. Un-tick the search box for the counter variable in Bit Slicer, so we can begin a pointer search.
  4. Copy the address from the counter variable that was found, and put that into the search value field, and set the data type to 'Pointer.' Begin the search.
  5. Now that the pointer variable is found, in the test program, hit the 'Change pointer' button. Notice that the pointer variable's value changes, however, the original counter variable you've found is no longer valid (try hitting increase counter button to see for yourself)
  6. We can fix this by modifying the counter's variable's address in dynamic way. Copy the address from the pointer variable, then select the counter variable we're going to fix, go to Tools -> Edit Variable Address, and paste in the address and enclose it with square brackets. It should look something similar to [0x112F28B80]. This will tell Bit Slicer to read the pointer at the address enclosed by []'s for the variable's address.
  7. If all goes well the value should be the counter value. When hitting increase counter, the counter variable still remains valid.

##Conclusion This is a basic example. Often, there might be data that doesn't have pointers pointing to it directly, but by some kind of offset. For example, if 0x112F29C90 is a pointer to a player's x location, and I had to get the player's x location by modifying a variable's address with [0x112F29C90] in Bit Slicer, there might be no pointer to the player's y location. Instead I might have to do [0x112F29C90] + 0x4 if the player's location variables are 32-bit long.

Updated