Code injection is better.
I see, I closed and opened the game and the addreses were changed...
Thanks for helping me.
Assume I want to change some bytes in the memory i found instructions, but not necessarily into meaningful instructions, but to other bytes. What I mean is even if we store an array of charcters, it will show up as assembly instructions. Can I just go ahead and replace the 12 bytes like this?
alloc(newmem,2048) //2kb should be enough
label(returnhere)
label(originalcode)
label(exit)
07AB3AD1:
jmp newmem
nop
returnhere:
newmem: //this is allocated memory, you have read,write,execute access
//place your code here
nop // of course i repeat this line 9 more times.
What now? the line add al,2a has memory equiqvalent of 04 2a
and I want to keep the 2a, but change the 04 to 90 (nop) how can i do that?
originalcode:
add ah,[edx]
add [eax],al
add [eax],al
jnl 07ab3afc
or [eax],eax
add al,2a <-- this 04 2a in memory. I want to make it 00 2a
exit:
jmp returnhere
[Edited by AramAz, 5/9/2010 12:14:11 PM]
You should learn more about registers and code-injection. See DABhand's Basic Assembly Tutorial in the Tutorials pages.
thanks. I already know assembly.
What I'm trying to understand is that for ex the line: add al,2a which appears to be an immediate value add, is not really anything important in that sense. It could be a part of a .txt which is bundled as a resource in a .dll library which is called by an exe file.
Relating to opcodes, the diassembler in ce or any other diassembler tries to make it look like assembly instructions, for ex an opcode of the instruction 'jmp' will follow a number of bytes which defines the label address. But as I said this is not what I'm trying to change, I'm simply trying to modify a bunch of bytes in memory.
[Edited by AramAz, 5/9/2010 12:58:35 PM]
Code Injection is better?
Not if the base address of the .dll is dynamic. Then Code Shifting applies.
Code-injection is better when the game doesn't code-shift.
[Edited by Hamadah, 5/9/2010 2:48:40 PM]