(TUT)How to get some addys :)

I hope it helps you when you are new to exploiting :)

 

When you found functions that arent included you can dm me via discord Gauder Guy#9179 (just send me the current addy for the func :))

 

Ignore my bad english and spelling :\ (im not english)

 

Get_Lua_State

byte search with occurrences

55 8B EC 8B 45 08 8B 00  83 F8 09 

Then the lower one

 

Print

TestService: %s

xref first look the next call

 

Spawn

Spawn function requires 1 argument

func in this is used

 

GetDataModel1

Byte search

55 8B EC 6A ? 68 ? ? ? ? 64 A1 ? ? ? ? 50 64 89 25 ? ? ? ? 83 EC ? 8B 45 04 53 56 57 89 4D EC

 

GetDataModel2

Requested experience is full, retrying.

last call 

 

LuaV_execute

error in error handling

2 Xrefs with movups

goto one

2 inst up when movzx eax,byte ptr [eax+4] 

then after the next 9 calls

is the call with a function that includes Luav_execute

the only call in this function is Luav_execute

 

luau_deselerize

byte search

53 8B DC 83 EC ? 83 E4 ? 83 C4 ? 55 8B 6B 04 89 6C 24 04 8B EC 6A ? 68 ? ? ? ? 64 A1 ? ? ? ? 50 64 89 25 ? ? ? ? 53 81 EC ? ? ? ? 8B 43 08 56 57 8B FA

 

luaV_betavm

remember the old func that includes Luav_execute?

the second call is luaV_betavm

 

taskscheduler

55 8B EC 64 A1 ? ? ? ? 6A ? 68 ? ? ? ? 50 64 89 25 ? ? ? ? 83 EC ? 64 A1 ? ? ? ? 8B 08 A1 ? ? ? ? 3B 81 08 00 00 00 7F ? A1 ? ? ? ? 8B 4D F4 64 89 0D ? ? ? ? 8B E5 5D C3 8D 4D E4 E8 ? ? ? ? 68 ? ? ? ? 8D 45 E4 50 E8 ? ? ? ? 68 ? ? ? ? E8 ? ? ? ? 83 C4 ? 83 3D ? ? ? ? ? 75 ? 68 ? ? ? ?

byte search

 

retcheck

8B EC 64 A1 ? ? ? ? 6A ? 68 ? ? ? ? 50 64 89 25 ? ? ? ? 83 EC ? 53 56 57 6A ? 8B F1 E9 ? ? ? ?

byte search

 

fireclickdetector

55 8B EC 83 EC ? 8B 45 04

pattern scan

 

pseodo2addr

%s:%d: %s

second upper call