Defeating DMA

Orochisuke · 08/12/2006, 21:16

How would you go about doing so?

I've done this with T Search but now I'm trying to do this in Visual Basic. I've hit a brick wall... Multiple times...

I made my noob trojan look like he's wearing Burning Blades. Lol. So, no word on defeating the DMA? Stupid TSearch wont let isn't doing something right.

Someone check this please.

Code:

offset 0x400300
lea eax,&#91;esi+0x4&#93;
mov &#91;0x5002F0&#93;,eax
nop
jmp 534487

offset 0x5002F0
hex 00000000

offset 534486
jmp 400300

---
offset 534486
nop

It's not redirecting the address to 0x5002F0.

user_1 · 08/13/2006, 07:43

sry for asking, but wat is DMA?

Orochisuke · 08/13/2006, 08:20

Dynamic memory allocation.
In other words, the address for something constantly changes.

SmartGuy · 08/13/2006, 10:04

have you tried using an UCE? UCE is way better than Tsearch, im not sure if tsearch does the same thing still. well, just try a UCE or CE if you cannot make your own.

Orochisuke · 08/13/2006, 10:41

What's UCE?
Read more about defeating DMA.
Rewrote the code above.

Code:

offset 0x968D3D
mov &#91;esi+0x4&#93;,eax
MOV &#91;00453F30&#93;,eax
JMP 00534446

Offset 0x00534443
JMP 968D3D

-------------------------------------

offset 0x00534443
mov &#91;esi+0x4&#93;,eax

It's supposed to help me find the root address. Maybe something's wrong with it?

joey17 · 08/13/2006, 15:29

wat the hell are all of these codes how can u make them work

Lateralus · 08/13/2006, 15:36

Quote:
Originally posted by Orochisuke@Aug 12 2006, 21:16
How would you go about doing so?

I've done this with T Search but now I'm trying to do this in Visual Basic. I've hit a brick wall... Multiple times...

I made my noob trojan look like he's wearing Burning Blades. Lol. So, no word on defeating the DMA? Stupid TSearch wont let isn't doing something right.

Someone check this please.

Code:

offset 0x400300 lea eax,[esi+0x4] mov [0x5002F0],eax nop jmp 534487 offset 0x5002F0 hex 00000000 offset 534486 jmp 400300 --- offset 534486 nop

It's not redirecting the address to 0x5002F0.

I'm sorry to say that very few people here can actually code. Everyone leeches.

G-Unot · 08/13/2006, 17:28

wow, this is all comfusing. DMA, UCE, UC, wut the hell is all this. Some1 plz explain. =(

Orochisuke · 08/14/2006, 12:46

Forgive the bumping...

I changed my code in T Search. Well, the value returned from this address [453F30] was 956301313. I didn't know whether this was in hex or decimal.
Anyway, I got a new address [95630129] from that but it was also 956301313. However, when I went to edit the value of 453F30, the value of [453F30], [95630129]'s value changed to the item ID of my equipped weapon. Then, when I try to edit the value of [95630129], it jumps back to 956301313. This happens even after freezing the value.

The Easywrite codes

Code:

offset 0x968D3D
mov eax,&#91;ecx+0x8&#93;
MOV &#91;00453F30&#93;,eax
JMP 005371d3

Offset 0x005371d0
JMP 968D3D

-------

offset 0x005371d0
mov eax,&#91;ecx+0x8&#93;

Someone please explain why this happens?

bishopeice · 08/14/2006, 15:31

OK OROCH. WTF IS ALL THAT ****, IM BLONDE AND ITS HURTING ME HEAD

Lateralus · 08/14/2006, 15:49

Quote:

Originally posted by G-Unot@Aug 13 2006, 17:28
wow, this is all comfusing. DMA, UCE, UC, wut the hell is all this. Some1 plz explain. =(

DMA = Dynamic Memory Allocation.

Shame everyone here is a noob.

(Along with me, I don't know how to defeat DMA =D, but I seem to remember a guide somewhere around here.)

Orochisuke · 08/14/2006, 16:13

Wee, I fixed it! Now just two teeny tiny problems.

The procedure that changes the weapons run each time a new player model is drawn. So in theory, this would change them if run incorrectly, right?

Code:

mov &#91;ebp+4&#93;,ebx
pop esi
mov &#91;00450f30&#93;,ebp
pop ebp
jmp 00637164

Problem 2:
I'm using Visual Basic. But the program keeps giving me errors. AcessViolationException was unhandled. How do I get past this?

WaRpEd · 08/14/2006, 19:25

Quote:

Originally posted by joey17@Aug 13 2006, 15:29
wat the hell are all of these codes how can u make them work

it makes ur peepee enlarge...

To use repeat them in a tantric fashion while standing naked over a dead bloodied goat.

UCGone · 08/14/2006, 20:10

lol UCE is undetected Cheat Engine.... yeah i would tell u to use Cheat Engine instead of Art Money.. Cheat ENgine has a lot more options that are not all noob friendly though. but for the DMA u should try using the Randomnizer(spell check

) but yeah because i use a UCE on MS and randomnizer can be used to make it so taht the random dice's that turn in that game come out to what u want. may be u can get it to work the same way u want

Orochisuke · 08/14/2006, 20:38

Hrm.. I'll see what I can do with this randomizer.

The address for the code that changes the motions keep changing. It's either 637164 or 537164. Any ideas on keeping still?