How get offsets from damp

HYBNK228

Posts: 4

Threads: 3

Joined: Mar, 2023

Reputation: 0

Posted

I did the damp Roblox app by usings Process Hacker 2 (for to freeze the application) and KsDumper11 (link). I open the dump exe in IDA pro and try to find offset for print. I find a string "Video recording started"

.rdata:00007FF7B9124040 aVideoRecording db 'Video recording started',0

But when I tried to find where it is used I get this

(image)

How did you found the offsets? What else do you use?

HexDX_nbVKCH

Posts: 16

Threads: 6

Joined: Jul, 2024

Reputation: 0

Replied

First you need 'Current identity is' to get print, you search it in strings go to it press x while selecting aCurrentIdentit, and get the first one(only one), go to it get the call remove the sub_ part and you've got yourself a print addy

HYBNK228

Posts: 4

Threads: 3

Joined: Mar, 2023

Reputation: 0

Replied

Have not found...

(image)

idea64

Posts: 4

Threads: 1

Joined: Jul, 2024

Reputation: 0

Replied

u need to rebase your segments to 0x400000 then copy offset of text "current identity is" then u need to jump to address your offset

Comments

HexDX_nbVKCH 0 Reputation

Commented

Did you fix your dump, if yes how?

Users viewing this thread:

( Members: 0, Guests: 1, Total: 1 )