Results 1 to 5 of 5

Thread: Geforce -> Quadro modification in software?

  1. #1
    sebbe_sabb
    Guest

    Geforce -> Quadro modification in software?

    Hello all.
    If you did not know, it is possible to modify the GeForce cards to Quadro versions by moving two 10kohm resistors. (http://members.sidegadgets.com/tnaw_xtennis/board.html)
    As my Asus v7700 Deluxe has an video-in function, that very same function will not work if I resolder the resistors.
    I really want to have both video-in and Quadro-functions on my graphics card.
    I have disassembled the Asus Live software (video-in program) and see several references to:

    * Possible Reference to String Resource ID=00001: "No ASUS Card is found...."
    |
    :004011F6 B801000000 mov eax, 00000001
    :004011FB E979060000 jmp 00401879

    Could someone who understands disassembler more than I, please help me out?

    /Sebbe_sabb
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    goatass
    Guest
    Hey, the code snippet you pasted is VERY limited it, but what it could be is that the: mov eax, 01 is a flag and then when you jump on the next instruction that flag in eax will be checked and an action will be taken accordinlly. Try to find a JZ or JNZ that will lead you to this place in the code and then see what happens if the program jumps or doesn't jump.

    goatass
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    sebbe_sabb
    Guest
    Thanks for the reply.
    I actually let the program continue to "do its stuff", and later it loaded a dll-file called i2c.dll.
    Inside this dll I got the following:

    Program Entry Point = 10002039 (I2C.DLL File Offset:00007039)



    * Reference To: KERNEL32.GetVersion, Ord:0174h
    |
    :10001000 FF1508500010 Call dword ptr [10005008]
    :10001006 8B4C2408 mov ecx, dword ptr [esp+08]
    :1000100A 3D00000080 cmp eax, 80000000
    :1000100F 1BC0 sbb eax, eax
    :10001011 F7D8 neg eax
    :10001013 83E900 sub ecx, 00000000
    :10001016 A340660010 mov dword ptr [10006640], eax
    :1000101B 7478 je 10001095
    :1000101D 49 dec ecx
    :1000101E 0F8585000000 jne 100010A9
    :10001024 85C0 test eax, eax
    :10001026 7444 je 1000106C
    :10001028 6A00 push 00000000
    :1000102A 6880000000 push 00000080
    :1000102F 6A03 push 00000003
    :10001031 6A00 push 00000000
    :10001033 6A03 push 00000003
    :10001035 68000000C0 push C0000000

    * Possible StringData Ref from Data Obj ->"\\.\ai2cnt"
    |
    :1000103A 68F0600010 push 100060F0

    * Reference To: KERNEL32.CreateFileA, Ord:0034h
    |
    :1000103F FF1504500010 Call dword ptr [10005004]
    :10001045 85C0 test eax, eax
    :10001047 A330600010 mov dword ptr [10006030], eax
    :1000104C 7405 je 10001053
    :1000104E 83F8FF cmp eax, FFFFFFFF
    :10001051 7556 jne 100010A9

    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:1000104C(C)
    |
    :10001053 6A30 push 00000030

    * Possible StringData Ref from Data Obj ->"Waring"
    |
    :10001055 68E8600010 push 100060E8

    * Possible StringData Ref from Data Obj ->"Your display card is not ASUS "
    ->"series display card"
    |
    :1000105A 687C600010 push 1000607C
    :1000105F 6A00 push 00000000

    * Reference To: USER32.MessageBoxA, Ord:01BEh
    |
    :10001061 FF15C0500010 Call dword ptr [100050C0]
    :10001067 33C0 xor eax, eax
    :10001069 C20C00 ret 000C



    * Referenced by a (U)nconditional or (C)onditional Jump at Address:
    |:10001026(C)
    |
    :1000106C E8BF0A0000 call 10001B30
    :10001071 85C0 test eax, eax
    :10001073 7513 jne 10001088
    :10001075 6A30 push 00000030

    * Possible StringData Ref from Data Obj ->"Waring"
    |
    :10001077 68E8600010 push 100060E8

    * Possible StringData Ref from Data Obj ->"Your display card is not ASUS "
    ->"series display card"
    |
    :1000107C 6834600010 push 10006034
    :10001081 50 push eax


    I put a breakpoint on some jne statements, and it seems that just before the application starts, the process halts at this statement. Could you help me interpret the assembly listing?
    Lets assume I want to change jne to something else, how do I edit the i2c.dll?


    /sebbe_sabb
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    ground
    Guest
    goatass (10-31-2000 06:21 a.m.):
    Hey, the code snippet you pasted is VERY limited it, but what it could be is that the: mov eax, 01 is a flag and then when you jump on the next instruction that flag in eax will be checked and an action will be taken accordinlly. Try to find a JZ or JNZ that will lead you to this place in the code and then see what happens if the program jumps or doesn't jump.

    goatass
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  5. #5
    sebbe_sabb
    Guest
    10001000 model flat
    10001000
    10001000 ; ---------------------------------------------------------------------------
    10001000
    10001000 ; Segment type: Pure code
    10001000 _text segment para public 'CODE' use32
    10001000 assume cs:_text
    10001000 ;org 10001000h
    10001000 assume es:nothing, ss:nothing, ds:_data, fs:nothing, gs:nothing
    10001000
    10001000 ; S U B R O U T I N E
    10001000
    10001000
    10001000 _DllMain@12 proc near ; CODE XREF: start+4Bp
    10001000
    10001000 arg_4 = dword ptr 8
    10001000
    10001000 call ds:GetVersion ; Get current version number of Windows
    10001000 ; and information about the operating system platform
    10001006 mov ecx, [esp+arg_4]
    1000100A cmp eax, 80000000h
    1000100F sbb eax, eax
    10001011 neg eax
    10001013 sub ecx, 0
    10001016 mov dword_10006640, eax
    1000101B jz short loc_10001095
    1000101D dec ecx
    1000101E jnz loc_100010A9
    10001024 test eax, eax
    10001026 jz short loc_1000106C
    10001028 push 0
    1000102A push 80h
    1000102F push 3
    10001031 push 0
    10001033 push 3
    10001035 push 0C0000000h
    1000103A push offset a_Ai2cnt ; "\\\\.\\ai2cnt"
    1000103F call ds:CreateFileA
    10001045 test eax, eax
    10001047 mov dword_10006030, eax
    1000104C jz short loc_10001053
    1000104E cmp eax, 0FFFFFFFFh
    10001051 jz short loc_100010A9
    10001053
    10001053 loc_10001053: ; CODE XREF: _DllMain@12+4Cj
    10001053 push 30h
    10001055 push offset aWaring ; "Waring"
    1000105A push offset aYourDisplayCar ; "Your display card is not ASUS series di"...
    1000105F push 0
    10001061 call ds:MessageBoxA
    10001067 xor eax, eax
    10001069 retn 0Ch
    1000106C ; ---------------------------------------------------------------------------
    1000106C
    1000106C loc_1000106C: ; CODE XREF: _DllMain@12+26j
    1000106C call sub_10001B30
    10001071 test eax, eax
    10001073 jnz short loc_10001088
    10001075 push 30h
    10001077 push offset aWaring ; "Waring"
    1000107C push offset aYourDisplayC_0 ; "Your display card is not ASUS series di"...
    10001081 push eax
    10001082 call ds:MessageBoxA
    10001088
    10001088 loc_10001088: ; CODE XREF: _DllMain@12+73j
    10001088 call sub_10001F30
    1000108D mov eax, 1
    10001092 retn 0Ch
    10001095 ; ---------------------------------------------------------------------------
    10001095
    10001095 loc_10001095: ; CODE XREF: _DllMain@12+1Bj
    10001095 test eax, eax
    10001097 jz short loc_100010A9
    10001099 mov eax, dword_10006030
    1000109E test eax, eax
    100010A0 jz short loc_100010A9
    100010A2 push eax
    100010A3 call ds:CloseHandle
    100010A9
    100010A9 loc_100010A9: ; CODE XREF: _DllMain@12+1Ej
    100010A9 ; _DllMain@12+51j ...
    100010A9 mov eax, 1
    100010AE retn 0Ch
    100010AE _DllMain@12 endp
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. IDA script modification request
    By joyung in forum The Newbie Forum
    Replies: 1
    Last Post: April 2nd, 2013, 09:23
  2. What's the software being used here?
    By Aimless in forum Off Topic
    Replies: 11
    Last Post: April 21st, 2011, 09:11
  3. what software can i use?
    By DENiSON in forum Tools of Our Trade (TOT) Messageboard
    Replies: 9
    Last Post: July 23rd, 2009, 19:52
  4. DLL modification
    By chemist in forum The Newbie Forum
    Replies: 3
    Last Post: March 26th, 2005, 21:59
  5. Geforce / w2k & softICE
    By c01d in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: December 2nd, 2001, 09:41

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •