Im trying to learn to reverse engineer a game.
Its a game and it has an item to add up random stats to an equip when it is used.
First, i tried using a memory scanner to determine which of memory holds the value i want to manipulate. hoping it would be that easy, i was wrong because it was holding the value that the game uses to let the user see. so i guessed it was a pointer.
so i found the pointer.
one was changing every second (clue)
the other was not a pointer it was an address to the code that uses that address..
pointer:
tracing the pointer i couldn't find the value same as the one it is pointing.. instead i see values changing every second..
and i also found another address leading to this code..
i tried fixing the value but still it didnt work. it crashed. so i figured there must be some interrupts to cause the program to crash when someone is fiddling with the code.. so created a breakpoint and i NOPed the values that lead to the interrupts and still i couldn't get to fix the value.
i also tried a shortcut to jmp to the ret at the end of the code, instead i lost all the enhancements of the item.
im quite stuck.. having not much lead to what to do next..
i would be happy to learn more and if somebody could shed some light where or what i should do next is much appreciated. :D
oh here's the code till the ret instruction..
Its a game and it has an item to add up random stats to an equip when it is used.
First, i tried using a memory scanner to determine which of memory holds the value i want to manipulate. hoping it would be that easy, i was wrong because it was holding the value that the game uses to let the user see. so i guessed it was a pointer.
so i found the pointer.
one was changing every second (clue)
the other was not a pointer it was an address to the code that uses that address..
pointer:
Code:
lea edi,[ebp-000002b0] repe movsd
and i also found another address leading to this code..
Code:
mov ecx,00000030 repe movsd jmp 006f9414
i also tried a shortcut to jmp to the ret at the end of the code, instead i lost all the enhancements of the item.
im quite stuck.. having not much lead to what to do next..
i would be happy to learn more and if somebody could shed some light where or what i should do next is much appreciated. :D
oh here's the code till the ret instruction..
Code:
006F93A4 - mov ecx,00000030 006F93A9 - repe movsd 006F93AB - jmp 006f9414 006F93AD - push 000000c0 006F93B2 - call 00589486 006F93B7 - add esp,04 006F93BA - mov [ebp-20],eax 006F93BD - cmp dword ptr [ebp-20],00 006F93C1 - je 006f93d8 006F93C3 - mov esi,[ebp+08] 006F93C6 - mov ecx,00000030 006F93CB - mov edi,[ebp-20] 006F93CE - repe movsd 006F93D0 - mov edx,[ebp-20] 006F93D3 - mov [ebp-34],edx 006F93D6 - jmp 006f93df 006F93D8 - mov [ebp-34],00000000 006F93DF - mov eax,[ebp-34] 006F93E2 - push eax 006F93E3 - mov ecx,[ebp+08] 006F93E6 - mov edx,[ecx] 006F93E8 - push edx 006F93E9 - lea eax,[ebp-28] 006F93EC - push eax 006F93ED - call 0058b0bf 006F93F2 - add esp,0c 006F93F5 - push eax 006F93F6 - lea ecx,[ebp-1c] 006F93F9 - call 005957c7 006F93FE - lea ecx,[ebp-1c] 006F9401 - push ecx 006F9402 - lea edx,[ebp-30] 006F9405 - push edx 006F9406 - mov ecx,[ebp-04] 006F9409 - add ecx,000000e4 006F940F - call 0058da54 006F9414 - push edx 006F9415 - mov ecx,ebp 006F9417 - push eax 006F9418 - lea edx,[006f9437] : 00000001 006F941E - call 0059b2c1 006F9423 - pop eax 006F9424 - pop edx 006F9425 - pop edi 006F9426 - pop esi 006F9427 - add esp,34 006F942A - cmp ebp,esp 006F942C - call 005938f5 006F9431 - mov esp,ebp 006F9433 - pop ebp 006F9434 - ret 0004