|
You last visited: Today at 05:39
Advertisement
Reversing / Debugging Q
Discussion on Reversing / Debugging Q within the General Coding forum part of the Coders Den category.
12/25/2005, 00:47
|
#1
|
elite*gold: 0 
Join Date: Oct 2005
Posts: 20
Received Thanks: 0
|
So i got this address range in the 00ee0000 -> 00eeffff area ... its inventory bits /array of bytes(not bits) 1=inventory slot filled, and 0=not filled.
Thats good and all, but being dynamic and all means that the base address changes a bit from time to time.
SO I am looking for a pointer to that specific area of memory.
However i cannot find one ? The nearest pointer i find is like fff away from the destination!
MY question is this ; im obvsioly going about this wrong, finding a pointer to this address space so i can always look it up, not matter wich hardware configuration++ the game operates on... but what, and how should i be going about it!!
I could place a memory bp in olly, but dont see what that should give me in terms of finding a static pointer to my ****!
Ideas ? Please 
|
|
|
|
12/25/2005, 12:22
|
#2
|
elite*gold: 0
Join Date: Aug 2005
Posts: 896
Received Thanks: 334
|
Quote:
|
Originally posted by abitofboth+Dec 25 2005, 00:47--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (abitofboth @ Dec 25 2005, 00:47)</td></tr><tr><td id='QUOTE'>However i cannot find one ? The nearest pointer i find is like fff away from the destination![/b]
|
like fff or is it exactly fff :P ?
I guess its not exactly, otherwise you would have had the idea to calculate the other one already
<!--QuoteBegin--abitofboth@Dec 25 2005, 00:47
I could place a memory bp in olly, but dont see what that should give me in terms of finding a static pointer to my ****![/quote]
You would set that breakpoint on what exactly O_o ?
You don't mean a memory bp on the whole area do you :P ?
Anyway, do you know the code which reads/writes to that memory and where it is ?
I would try to screw around with that a bit...
|
|
|
|
|
12/26/2005, 08:52
|
#3
|
elite*gold: 0
Join Date: Oct 2005
Posts: 20
Received Thanks: 0
|
its like fff, not exactly, cause yes otherwise i'd nailed it allready ... i've also been looking into the construct staticpointer->dynamicpointer->target .. wich i've had success with before in other cases.
And naw, not the whole area, but i can do a search, find the first byte, place memory breakpoint, and the first time that is being accessed olly will break ... wich will yield the result as exactly what you're suggesting in your finalizing statement; finding the code that messes with that memory .... im still not too sure what i should make of that ? Ill give it another shot though. thx.
|
|
|
|
|
12/26/2005, 13:23
|
#4
|
elite*gold: 0
Join Date: Jul 2004
Posts: 980
Received Thanks: 46
|
Quote:
Originally posted by abitofboth@Dec 26 2005, 08:52
its like fff, not exactly, cause yes otherwise i'd nailed it allready ... i've also been looking into the construct staticpointer->dynamicpointer->target .. wich i've had success with before in other cases.
And naw, not the whole area, but i can do a search, find the first byte, place memory breakpoint, and the first time that is being accessed olly will break ... wich will yield the result as exactly what you're suggesting in your finalizing statement; finding the code that messes with that memory .... im still not too sure what i should make of that ? Ill give it another shot though. thx.
|
you need a place in the code that acceses the dynamic memory adress
if it is inventory you could use the open inventory button or so
to find that code you place a breakpoint on the inventory bits and when its accessed it breakes
then you know a place where you can get the dynamic adress and then you replace that code with your own that writes the dynamic adress to a fixed memory space
so you can alwas get the dynamic address
or was it that what you meant by "staticpointer->dynamicpointer->target" ??
if so why does that not work?
|
|
|
|
|
12/27/2005, 01:26
|
#5
|
elite*gold: 0
Join Date: Oct 2005
Posts: 20
Received Thanks: 0
|
Ultima -> Yes, thats next line of defence .. however i havent messed with code/dll injection before, so i have to wrap my head around that first (i could even write the address to a file or somethin' uber simpe)..
what i mean by "staticpointer->dynamicpointer->target" is simply that one fixed memory location( a static pointer) will point to a variable memory location(dynamic pointer) wich holds another pointer to the target...
For some *** forsaken reason i cant seem to find any references to this area .. !!!weird!!!
( and to top it off hidedebug plugin has stopped working on my box ... suspecting zonealarm, even though its shut down..)
|
|
|
|
|
12/27/2005, 11:44
|
#6
|
elite*gold: 0
Join Date: Jul 2004
Posts: 980
Received Thanks: 46
|
Quote:
Originally posted by abitofboth@Dec 27 2005, 01:26
Ultima -> Yes, thats next line of defence .. however i havent messed with code/dll injection before, so i have to wrap my head around that first (i could even write the address to a file or somethin' uber simpe)..
what i mean by "staticpointer->dynamicpointer->target" is simply that one fixed memory location( a static pointer) will point to a variable memory location(dynamic pointer) wich holds another pointer to the target...
For some *** forsaken reason i cant seem to find any references to this area .. !!!weird!!!
( and to top it off hidedebug plugin has stopped working on my box ... suspecting zonealarm, even though its shut down..)
|
code injection is very easy
you can do it with TSearch to try it
i wish i could find the video tutorial...
ill search and post if i find it
|
|
|
|
|
01/04/2006, 12:22
|
#7
|
elite*gold: 0
Join Date: Nov 2005
Posts: 8
Received Thanks: 0
|
It's probably a struct, and program access data using an offset + delta.
struct character ----> offset
{
int id;
char *name; + +4
.....
struct inventoryslots; + fff
}
try to find the nearest reference (smaller) of your dynamic data in static pointers and try to see if delta is always the same each time you run the app.
I hope it's help.
|
|
|
|
|
01/04/2006, 16:06
|
#8
|
elite*gold: 235
Join Date: Jul 2003
Posts: 16,559
Received Thanks: 17,765
|
Quote:
Originally posted by Ultima@Dec 27 2005, 11:44
code injection is very easy
you can do it with TSearch to try it
i wish i could find the video tutorial...
ill search and post if i find it
|
 ?
|
|
|
|
|
01/04/2006, 17:25
|
#9
|
elite*gold: 0
Join Date: Jul 2004
Posts: 980
Received Thanks: 46
|
Quote:
Originally posted by Lowfyr+Jan 4 2006, 16:06--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Lowfyr @ Jan 4 2006, 16:06)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--Ultima@Dec 27 2005, 11:44
code injection is very easy
you can do it with TSearch to try it
i wish i could find the video tutorial...
ill search and post if i find it
|
? [/b][/quote]
danke hatte noch überlegt ob ich dich drum bitten soll^^
|
|
|
|
|
01/18/2006, 15:52
|
#10
|
elite*gold: 0
Join Date: Oct 2005
Posts: 20
Received Thanks: 0
|
Thanks ..
(but i have a strict, dont download'n execute, policy when it comes to online communities )
hal -> Indeed, good suggestion... i'll find the nearest reference and see of offset is constant... good idea 
|
|
|
|
|
01/18/2006, 16:18
|
#11
|
elite*gold: 0
Join Date: Jul 2004
Posts: 980
Received Thanks: 46
|
Quote:
Originally posted by abitofboth@Jan 18 2006, 15:52
Thanks ..
(but i have a strict, dont download'n execute, policy when it comes to online communities )
hal -> Indeed, good suggestion... i'll find the nearest reference and see of offset is constant... good idea
|
^^ its safe its an external link but you can also search for it
just google and youll find that link if you can risk it you should watch the movie its worth it
|
|
|
|
|
01/19/2006, 08:32
|
#12
|
elite*gold: 0
Join Date: Oct 2005
Posts: 20
Received Thanks: 0
|
in fact, i have a ownable vmware for just those kinda defcon-2 kinda apps (like keygens and such ) .. ill give it a run then, thx.
If we're taling about toolbased memory injection, have you guys messed with memoryhackingtool ? Havent messed with the inject function yet, but that tool ******* rocks... (cant believe its still free, lspiro should get rich on that one someday!)
|
|
|
|
 |
Similar Threads
|
Debugging
07/16/2010 - Grand Chase - 0 Replies
D quote above is quoted from 745896321. As stated, it is possible to run d GCHAX (by makim) on a 64bit-running OS ... but does any1 care to explain how ?
|
[VB]Fehler bei Debugging
06/21/2010 - .NET Languages - 22 Replies
Moin Coders,
also ich hab jetzt versucht mir Hotkeys in meinen Bot einzubauen.
Bestimmte Hotkeys sollen einen bestimmtem Timer starten und stoppen.
Wie die Befehle lauten weis ich auch, ist alles kein Problem.
Aber sobald ich den Bot Debuggen will um zu Testen ob es funktioniert bekommt ich diese Fehlernachricht.
http://i47.tinypic.com/28hectg.jpg
|
debugging
01/28/2010 - Last Chaos - 4 Replies
hi.. hab probleme mit ollydbg und last chaos
also: was ich bisher mache .. lc starten, einloggen, olly starten, attachen
nach dem attachen funktioniert manchmal alles, meistens jedoch bleibt olly bei einer exception hängen und das spiel stürzt ab.
hat LC eine anti debug methode, oder mache ich etwas anderes falsch^^?
wenn ja: wie kann ich die bypassen =) ?
mfg d0m
|
Debugging Aion
09/19/2009 - Aion - 8 Replies
I am trying desperatly to debug/hook functions in Aion.
I have run the GG Killer, and that lets me get very close, but as soon as I set a breakpoint in CE or olly, it terminates.
Guessing there is a seperate thread that is constantly checking for breakpoints?
Any suggestions on how to proceed. I dont want a tutorial or somebody to do it for me, just some pointers so I can try to do it myself.
|
Debugging engine.exe on Int
09/03/2009 - Kal Online - 9 Replies
The disassembled code from engine.exe is undreadable (OllyDBG, IDA etc.), its packed.
I've used PeId to detect what packer is used, but I did not found unpacker.
BTW. Its some kind of Armadillo
|
All times are GMT +1. The time now is 05:40.
|
|
