Register for your free account! | Forgot your password?

Go Back   elitepvpers > Coders Den > General Coding
You last visited: Today at 20:36

  • Please register to post and access all features, it's quick, easy and FREE!


Reversing / Debugging Q

Reply
 
Old   #1
 
elite*gold: 0
Join Date: Oct 2005
Posts: 20
Received Thanks: 0
So i got this address range in the 00ee0000 -> 00eeffff area ... its inventory bits /array of bytes(not bits) 1=inventory slot filled, and 0=not filled.

Thats good and all, but being dynamic and all means that the base address changes a bit from time to time.

SO I am looking for a pointer to that specific area of memory.
However i cannot find one ? The nearest pointer i find is like fff away from the destination!

MY question is this ; im obvsioly going about this wrong, finding a pointer to this address space so i can always look it up, not matter wich hardware configuration++ the game operates on... but what, and how should i be going about it!!

I could place a memory bp in olly, but dont see what that should give me in terms of finding a static pointer to my ****!



Ideas ? Please



abitofboth is offline  
Old 12/25/2005, 12:22   #2
 
elite*gold: 0
Join Date: Aug 2005
Posts: 898
Received Thanks: 334
Quote:
Originally posted by abitofboth+Dec 25 2005, 00:47--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (abitofboth @ Dec 25 2005, 00:47)</td></tr><tr><td id='QUOTE'>However i cannot find one ? The nearest pointer i find is like fff away from the destination&#33;[/b]

like fff or is it exactly fff :P ?
I guess its not exactly, otherwise you would have had the idea to calculate the other one already

<!--QuoteBegin--abitofboth
@Dec 25 2005, 00:47
I could place a memory bp in olly, but dont see what that should give me in terms of finding a static pointer to my ****&#33;[/quote]
You would set that breakpoint on what exactly O_o ?
You don&#39;t mean a memory bp on the whole area do you :P ?


Anyway, do you know the code which reads/writes to that memory and where it is ?
I would try to screw around with that a bit...


mr.rattlz is offline  
Old 12/26/2005, 08:52   #3
 
elite*gold: 0
Join Date: Oct 2005
Posts: 20
Received Thanks: 0
its like fff, not exactly, cause yes otherwise i&#39;d nailed it allready ... i&#39;ve also been looking into the construct staticpointer->dynamicpointer->target .. wich i&#39;ve had success with before in other cases.

And naw, not the whole area, but i can do a search, find the first byte, place memory breakpoint, and the first time that is being accessed olly will break ... wich will yield the result as exactly what you&#39;re suggesting in your finalizing statement; finding the code that messes with that memory .... im still not too sure what i should make of that ? Ill give it another shot though. thx.
abitofboth is offline  
Old 12/26/2005, 13:23   #4
 
elite*gold: 0
Join Date: Jul 2004
Posts: 981
Received Thanks: 46
Quote:
Originally posted by abitofboth@Dec 26 2005, 08:52
its like fff, not exactly, cause yes otherwise i&#39;d nailed it allready ... i&#39;ve also been looking into the construct staticpointer->dynamicpointer->target .. wich i&#39;ve had success with before in other cases.

And naw, not the whole area, but i can do a search, find the first byte, place memory breakpoint, and the first time that is being accessed olly will break ... wich will yield the result as exactly what you&#39;re suggesting in your finalizing statement; finding the code that messes with that memory .... im still not too sure what i should make of that ? Ill give it another shot though. thx.
you need a place in the code that acceses the dynamic memory adress

if it is inventory you could use the open inventory button or so

to find that code you place a breakpoint on the inventory bits and when its accessed it breakes

then you know a place where you can get the dynamic adress and then you replace that code with your own that writes the dynamic adress to a fixed memory space

so you can alwas get the dynamic address

or was it that what you meant by "staticpointer->dynamicpointer->target" ??

if so why does that not work?


Ultima is offline  
Old 12/27/2005, 01:26   #5
 
elite*gold: 0
Join Date: Oct 2005
Posts: 20
Received Thanks: 0
Ultima -> Yes, thats next line of defence .. however i havent messed with code/dll injection before, so i have to wrap my head around that first (i could even write the address to a file or somethin&#39; uber simpe)..

what i mean by "staticpointer->dynamicpointer->target" is simply that one fixed memory location( a static pointer) will point to a variable memory location(dynamic pointer) wich holds another pointer to the target...
For some *** forsaken reason i cant seem to find any references to this area .. &#33;&#33;&#33;weird&#33;&#33;&#33;
( and to top it off hidedebug plugin has stopped working on my box ... suspecting zonealarm, even though its shut down..)
abitofboth is offline  
Old 12/27/2005, 11:44   #6
 
elite*gold: 0
Join Date: Jul 2004
Posts: 981
Received Thanks: 46
Quote:
Originally posted by abitofboth@Dec 27 2005, 01:26
Ultima -> Yes, thats next line of defence .. however i havent messed with code/dll injection before, so i have to wrap my head around that first (i could even write the address to a file or somethin&#39; uber simpe)..

what i mean by "staticpointer->dynamicpointer->target" is simply that one fixed memory location( a static pointer) will point to a variable memory location(dynamic pointer) wich holds another pointer to the target...
For some *** forsaken reason i cant seem to find any references to this area .. &#33;&#33;&#33;weird&#33;&#33;&#33;
( and to top it off hidedebug plugin has stopped working on my box ... suspecting zonealarm, even though its shut down..)
code injection is very easy

you can do it with TSearch to try it

i wish i could find the video tutorial...

ill search and post if i find it
Ultima is offline  
Old 01/04/2006, 12:22   #7
 
elite*gold: 0
Join Date: Nov 2005
Posts: 8
Received Thanks: 0
It&#39;s probably a struct, and program access data using an offset + delta.

struct character ----&#62; offset
{
int id;
char *name; + +4
.....
struct inventoryslots; + fff
}

try to find the nearest reference (smaller) of your dynamic data in static pointers and try to see if delta is always the same each time you run the app.

I hope it&#39;s help.
hal is offline  
Old 01/04/2006, 16:06   #8
 
elite*gold: 209
The Black Market: 135/1/0
Join Date: Jul 2003
Posts: 16,603
Received Thanks: 17,608
Quote:
Originally posted by Ultima@Dec 27 2005, 11:44
code injection is very easy

you can do it with TSearch to try it

i wish i could find the video tutorial...

ill search and post if i find it
?
Lowfyr is offline  
Old 01/04/2006, 17:25   #9
 
elite*gold: 0
Join Date: Jul 2004
Posts: 981
Received Thanks: 46
Quote:
Originally posted by Lowfyr+Jan 4 2006, 16:06--></span><table border='0' align='center' width='95%' cellpadding='3' cellspacing='1'><tr><td>QUOTE (Lowfyr @ Jan 4 2006, 16:06)</td></tr><tr><td id='QUOTE'> <!--QuoteBegin--Ultima@Dec 27 2005, 11:44
code injection is very easy

you can do it with TSearch to try it

i wish i could find the video tutorial...

ill search and post if i find it
? [/b][/quote]
danke hatte noch überlegt ob ich dich drum bitten soll^^
Ultima is offline  
Old 01/18/2006, 15:52   #10
 
elite*gold: 0
Join Date: Oct 2005
Posts: 20
Received Thanks: 0
Thanks ..
(but i have a strict, dont download&#39;n execute, policy when it comes to online communities )

hal -> Indeed, good suggestion... i&#39;ll find the nearest reference and see of offset is constant... good idea
abitofboth is offline  
Old 01/18/2006, 16:18   #11
 
elite*gold: 0
Join Date: Jul 2004
Posts: 981
Received Thanks: 46
Quote:
Originally posted by abitofboth@Jan 18 2006, 15:52
Thanks ..
(but i have a strict, dont download&#39;n execute, policy when it comes to online communities )

hal -> Indeed, good suggestion... i&#39;ll find the nearest reference and see of offset is constant... good idea
^^ its safe its an external link but you can also search for it
just google and youll find that link if you can risk it you should watch the movie its worth it

Here google
Ultima is offline  
Old 01/19/2006, 08:32   #12
 
elite*gold: 0
Join Date: Oct 2005
Posts: 20
Received Thanks: 0
in fact, i have a ownable vmware for just those kinda defcon-2 kinda apps (like keygens and such ) .. ill give it a run then, thx.

If we&#39;re taling about toolbased memory injection, have you guys messed with memoryhackingtool ? Havent messed with the inject function yet, but that tool ******* rocks... (cant believe its still free, lspiro should get rich on that one someday&#33


abitofboth is offline  
Reply



« Help understanding some ASM | HELP!!!!!!!!!!! »

Similar Threads
Debugging
07/16/2010 - Grand Chase - 0 Replies
D quote above is quoted from 745896321. As stated, it is possible to run d GCHAX (by makim) on a 64bit-running OS ... but does any1 care to explain how ?
[VB]Fehler bei Debugging
06/21/2010 - .NET Languages - 22 Replies
Moin Coders, also ich hab jetzt versucht mir Hotkeys in meinen Bot einzubauen. Bestimmte Hotkeys sollen einen bestimmtem Timer starten und stoppen. Wie die Befehle lauten weis ich auch, ist alles kein Problem. Aber sobald ich den Bot Debuggen will um zu Testen ob es funktioniert bekommt ich diese Fehlernachricht. http://i47.tinypic.com/28hectg.jpg
debugging
01/28/2010 - Last Chaos - 4 Replies
hi.. hab probleme mit ollydbg und last chaos also: was ich bisher mache .. lc starten, einloggen, olly starten, attachen nach dem attachen funktioniert manchmal alles, meistens jedoch bleibt olly bei einer exception hängen und das spiel stürzt ab. hat LC eine anti debug methode, oder mache ich etwas anderes falsch^^? wenn ja: wie kann ich die bypassen =) ? mfg d0m
Debugging Aion
09/19/2009 - Aion Main - Discussions / Questions - 8 Replies
I am trying desperatly to debug/hook functions in Aion. I have run the GG Killer, and that lets me get very close, but as soon as I set a breakpoint in CE or olly, it terminates. Guessing there is a seperate thread that is constantly checking for breakpoints? Any suggestions on how to proceed. I dont want a tutorial or somebody to do it for me, just some pointers so I can try to do it myself.
Debugging engine.exe on Int
09/03/2009 - Kal Online - 9 Replies
The disassembled code from engine.exe is undreadable (OllyDBG, IDA etc.), its packed. I've used PeId to detect what packer is used, but I did not found unpacker. BTW. Its some kind of Armadillo



All times are GMT +1. The time now is 20:36.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2018 elitepvpers All Rights Reserved.