General Discussions

Page 2 of 4   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
Can we give a request to CH authors?
  • Current rank: 2 Stars. Next Rank at 1000 Posts.
    Send a message to iNTANGiBLE
    ELITE
    iNTANGiBLE posted on May 09, 2010 11:38:02 AM - Report post
     
    Yes; let's assume we choose CoSMOS with itself (there's no code-shifting here, just an example for what to do); open Memory View, then go to address 0060CC05, then click View --> Show module addresses; the address should turn to something like this: CoSMOS.exe+20CC05, then click Tools --> Auto Assemble, then click Template --> Code injection; the address filled is 0060CC05, just change it to CoSMOS.exe+20CC05 (0060CC05 is CoSMOS.exe+20CC05) and do normal code-injection, simple.

    For your second question, I don't know, sorry.

    [Edited by Hamadah, 5/9/2010 11:39:16 AM]
    CPU: Intel Core-i7 960 @ 3.20 GHz
    MB: ASUS X58
    GPU: ASUS GTX560Ti 1 GB
    RAM: Kingston DDR3 2 x 4 GB
    HDD: 2 x 500 GB
    PSU: ADATA HM-850W
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to AramAz
    AUTHOR
    AramAz posted on May 09, 2010 11:58:50 AM - Report post
     
    Wow thanks,

    I tried searching my hex values i needed to change, I've found them in memory view (although with .exe name not the dll one) and I right clicked that address and added to address list and changed the hex bytes directly.

    Is this safe? or the code injection is better? I need to change twelve bytes (3 assembly instructions).



    [Edited by AramAz, 5/9/2010 12:02:54 PM]
  • Current rank: 2 Stars. Next Rank at 1000 Posts.
    Send a message to iNTANGiBLE
    ELITE
    iNTANGiBLE posted on May 09, 2010 12:02:06 PM - Report post
     
    Code injection is better.
    CPU: Intel Core-i7 960 @ 3.20 GHz
    MB: ASUS X58
    GPU: ASUS GTX560Ti 1 GB
    RAM: Kingston DDR3 2 x 4 GB
    HDD: 2 x 500 GB
    PSU: ADATA HM-850W
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to AramAz
    AUTHOR
    AramAz posted on May 09, 2010 12:13:36 PM - Report post
     
    quote:
    originally posted by Hamadah

    Code injection is better.

    I see, I closed and opened the game and the addreses were changed...

    Thanks for helping me.

    Assume I want to change some bytes in the memory i found instructions, but not necessarily into meaningful instructions, but to other bytes. What I mean is even if we store an array of charcters, it will show up as assembly instructions. Can I just go ahead and replace the 12 bytes like this?


    alloc(newmem,2048) //2kb should be enough
    label(returnhere)
    label(originalcode)
    label(exit)

    07AB3AD1:
    jmp newmem
    nop
    returnhere:

    newmem: //this is allocated memory, you have read,write,execute access
    //place your code here
    nop // of course i repeat this line 9 more times.

    What now? the line add al,2a has memory equiqvalent of 04 2a
    and I want to keep the 2a, but change the 04 to 90 (nop) how can i do that?

    originalcode:
    add ah,[edx]
    add [eax],al
    add [eax],al
    jnl 07ab3afc
    or [eax],eax
    add al,2a <-- this 04 2a in memory. I want to make it 00 2a
    exit:
    jmp returnhere






    [Edited by AramAz, 5/9/2010 12:14:11 PM]

  • Current rank: 2 Stars. Next Rank at 1000 Posts.
    Send a message to iNTANGiBLE
    ELITE
    iNTANGiBLE posted on May 09, 2010 12:43:06 PM - Report post
     
    You should learn more about registers and code-injection. See DABhand's Basic Assembly Tutorial in the Tutorials pages.
    CPU: Intel Core-i7 960 @ 3.20 GHz
    MB: ASUS X58
    GPU: ASUS GTX560Ti 1 GB
    RAM: Kingston DDR3 2 x 4 GB
    HDD: 2 x 500 GB
    PSU: ADATA HM-850W
  • Current rank: 1 Star. Next Rank at 100 Posts.
    Send a message to AramAz
    AUTHOR
    AramAz posted on May 09, 2010 12:56:43 PM - Report post
     
    quote:
    originally posted by Hamadah

    You should learn more about registers and code-injection. See DABhand's Basic Assembly Tutorial in the Tutorials pages.

    thanks. I already know assembly.

    What I'm trying to understand is that for ex the line: add al,2a which appears to be an immediate value add, is not really anything important in that sense. It could be a part of a .txt which is bundled as a resource in a .dll library which is called by an exe file.

    Relating to opcodes, the diassembler in ce or any other diassembler tries to make it look like assembly instructions, for ex an opcode of the instruction 'jmp' will follow a number of bytes which defines the label address. But as I said this is not what I'm trying to change, I'm simply trying to modify a bunch of bytes in memory.

    [Edited by AramAz, 5/9/2010 12:58:35 PM]

  • Current rank: 3.5 Stars. Next Rank at 8000 Posts.
    Send a message to DABhand
    PHAT CAT
    DABhand posted on May 09, 2010 2:14:54 PM - Report post
     
    Code Injection is better?

    Not if the base address of the .dll is dynamic. Then Code Shifting applies.

    As for the legal point, its not illegal. As you are technically changing memory on the fly so to speak.

    Ive seen reviews for this game looks fun and new, but I haven't played it to say what is what with the game. If indeed the routines are stored in dynamically loaded libraries then code shifting will be the answer.


    You said you know ASM, but obviously you dont 100%.

    You cant change the start of that opcode to a 00 or 90. that would be silly.

    04 is the usual hex value for add al, changing it to 90 would knocked the subsequent bytes out of touch. 00 would give you another add instruction but to a different lower register.

    [Edited by DABhand, 5/9/2010 2:19:44 PM]
    Oh and Don't forget some tuts on ASM and defeating DMA

    Clicky Here for them
  • Current rank: 2 Stars. Next Rank at 1000 Posts.
    Send a message to iNTANGiBLE
    ELITE
    iNTANGiBLE posted on May 09, 2010 2:47:46 PM - Report post
     
    quote:
    originally posted by DABhand

    Code Injection is better?

    Not if the base address of the .dll is dynamic. Then Code Shifting applies.

    Code-injection is better when the game doesn't code-shift.

    [Edited by Hamadah, 5/9/2010 2:48:40 PM]

    CPU: Intel Core-i7 960 @ 3.20 GHz
    MB: ASUS X58
    GPU: ASUS GTX560Ti 1 GB
    RAM: Kingston DDR3 2 x 4 GB
    HDD: 2 x 500 GB
    PSU: ADATA HM-850W
Page 2 of 4   •  First Page  •  Previous Page  •   Next Page  •   Last Page
Signup or Login to Post
All times are (GMT -06:00) Central Time (US & Canada). Current time is 9:58:42 PM