Page 4 of 5 FirstFirst 12345 LastLast
Results 46 to 60 of 61

Thread: Good binary code profilers?

  1. #46
    Good luck with both!

    Some of us can wait patiently while life takes it course. Of course, some of us have been around for a long time and are not quite as impatient as some youngins can be.



    Regards,
    JMI

  2. #47
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Thanks for the progress report L. Spiro, sounds great! Really looking forward to that release.

    Oh, and if you'd be interested in sharing the masterpiece that slowed you down (no, I'm not talking about the japanese girl, even though I'd be up for that too if you really insisted ), you'd be very welcome, the previous artwork you have shared with us has been quite breathtaking.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  3. #48
    This is what slowed me down: http://l-spiro.deviantart.com/art/Japanese-Model-WIP-1-82010882
    It is not done but I need a break from it which is why I went back to MHS.


    L. Spiro
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #49
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    That's completely insane.

    And for those not familiar with it, that's a DRAWING, not a photograph (read the text below the picture).
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  5. #50
    And it is a drawing which would put many photographs to shame. Great work again L. Spiro. It is always good to see people developing different talents and having the patience to put them to productive use.



    Regards,
    JMI

  6. #51
    astonishing stuff
    had it not been for dELTA's comment i would not have realized it was a drawing and not a photo
    Fascinating work L. Spiro!
    i absolutely love portraits.

    i did check out some more portraits and the following three are just mind blowing
    http://shimoda7.deviantart.com/art/Audrey-Tautou-69472755
    http://coffee-lin.deviantart.com/art/SEVEN-Mika-Nakashima-22571871
    http://signalbox.deviantart.com/art/Window-To-The-Soul-1868888
    Found in the OpenGL header file for Visual C++ 6: 'typedef GLint int '. AAAARRRRGGGHHHH!!! [Don't get it? You're not a C programmer.]

    A hacker does for love what others would not do for money.

    Being married to a programmer is like having a cat. You talk to it but you're never really sure if it hears you, much less comprehends what you say.

  7. #52
    Thank you everyone.


    Here is a teaser for my upcoming release:

    Obviously here I have just done the same Minesweeper example as in the video posted earlier. I found the clicking code in 2 minutes and 23 seconds (I wanted to take my time adding the GUI code).

    I just need to add the whistles and bells and expect it to be released this week or next week.


    L. Spiro
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  8. #53
    This looks really neat! Reminds me of pStalker... Looking foward for the release!

  9. #54
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    That's so cool, it's like pStalker but better, not malfunctioning every other time, and not depending on any Python crap, excellent! I'm so looking forward to this!
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  10. #55
    It is released.
    It sometimes crashes the target process but actually I am not sure if anything can be done about this. I will add options however to reduce the risk and improve the feature altogether.


    L. Spiro
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  11. #56

    Talking

    Nice, but I like this one better...
    http://www.100paperclips.com/pcfhacker.html

    I think that since you tried to put all of that anti cheat detection crap in MHS, things have gone downhill with it significantly. It is obviously cat and mouse game since MHS is public (I warned you of this long ago) and you have wasted a lot of time and gotten off track of the original goal of MHS and to what avail? I see half of the posts now are complaints by nubs and script kiddies alike that x game detects MSH and when will it be "fixed"? It is obvious that all the complaints (plus the complaints with the new stability issues) have worn on you.

    I think that the purpose of a software like this should be to help individuals find the proper things in memory to create hacks themselves with. If they don't want to learn how to program, there are plenty of trainer makers around. Why learn a script language and API that only works for making game hacks which eventually get detected anyway? If someone is going to learn to program, don't you think they should be using their time to do something useful in the real world too? Last time I checked, if you can't put L.Spiro script on your resume. People can learn on non-protected games to start, and after they get some experience, they can tackle the AC's themselves with their private hacks. that was my route, and it was the best route. I am now a well paid reverser/programmer. If I had only used MHS for everything, I would still be flipping burgers today. (where would you be?)

    It's more than that though. You try to do too much, your focus is too broad IMO. You should specialize on less things and plan to be the best at them. I use several tools whose functionality also exist in MHS, they are all better at what they do than MHS, because they each were created with a specific function and focus. I have never seen a software that tried to "do-it-all" succeed at being the best or preferred product.

    Features like this profiler are in the vein of the original intent of MHS. I applaud it's addition, and I hope that you forget all of this AC crap and get back to creating new, useful and innovating features (or at least making attempts at it).

  12. #57
    I appreciate your input but a few points should probably be taken in a different light.


    Quote Originally Posted by goggles99 View Post
    Why learn a script language and API that only works for making game hacks
    This is quite a large misconception.
    #1: The language is C with a few additions, so no one needs to learn anything new at all. I made it like C for that exact reason.
    #2: While it has features that make it easy to hack games, actually the language could be used for anything. We use it at work for all kinds of automation, such as typing headers into new code files or adding JavaDOC headers to classes and functions. We use it to convert binary files to formats we use in our Nintendo DS and other games. We use it for all kinds of odd-jobs such as sorting files of text by our own custom criteria. My coworker made a script that copies and pastes a sprite in Photoshop in a perfect circular fashion to make a mathematically correct animated path for the enemy to follow in the game.
    #3: The API has a few MHS-only features but is mostly the exact Windows API. Most code you write in L. Spiro Script can be copied into a new Windows project. This includes networking features, allowing MHS to help you automate the downloading of files or, in my case, checking from home to see if someone turned off BitComet on my work computer so that I can send a message to MHS on my work computer to tell it to restart BitComet.
    Quote Originally Posted by goggles99 View Post
    someone is going to learn to program, don't you think they should be using their time to do something useful in the real world too? Last time I checked, if you can't put L.Spiro script on your resume.
    #4: Plenty of people have gotten into programming simply because of my language. It removes a lot of headaches, such as finding an IDE, linking issues, libraries/header files, and a few other things that confuse beginners, and there is a place where they know they can always get support. But the best selling point to them is that what they learn in L. Spiro Script can be used in real applications later. The syntax matches C.
    #5: Not everyone is thinking about a packed résumé just because they want to get into programming or want to make a few hacks.
    Quote Originally Posted by goggles99 View Post
    which eventually get detected anyway?
    #5: They currently work and always will work on all non-protected games (and even some that are protected), and that covers a much larger scope than you realize. For example, every emulated game in the world. And, considering that http://tasvideos.org/ considers my tool a must-have for their emulated needs, and esco is making a highly anticipated mod for Castlevania: Symphony of the Night using nothing but MHS and L. Spiro Script, there seems to be a much larger market for emulated exploration than you realize.
    Actually, to be quite honest, I primarily hack emulated games as well (Perfect Dark/GoldenEye 007) and the results of my hacking proved a big help to the famous GoldenEye Source mod—using MHS and L. Spiro Script I hacked the maps from GoldenEye 007.



    Quote Originally Posted by goggles99 View Post
    I use several tools whose functionality also exist in MHS, they are all better at what they do than MHS, because they each were created with a specific function and focus.
    On the contrary. MHS’s strongest selling point is the fact that it brings together all these features into one package, and, to be blunt, 90% of the time you don’t have to be the best to still get the job done. Getting the job done while not having to switch between applications all the time is more than enough to make up the differences.
    On this point, there is no question of how many people would agree. The #1 praise MHS gets in this site alone is about the fact that it is a handy “Swiss army knife”.

    Furthermore, some of the features in MHS are the best available. The searcher is the fastest by a noticeable gap and offers the largest set of options. I have not yet seen a better DLL Injector—one that manages the injected DLL for you and allows you to call any of its functions with any number of parameters. Not to mention that the parameters can be typed as any kind of valid C/C++ mathematical expression.



    Quote Originally Posted by goggles99 View Post
    Features like this profiler are in the vein of the original intent of MHS. I applaud it's addition, and I hope that you forget all of this AC crap and get back to creating new, useful and innovating features (or at least making attempts at it).
    You can expect a lot more. The Code Filter is only 50% done, and I am disappointed at the software in your link because I was already planning all of those features and now it will seem as if I just copied from them. Luckily I have more features than those in mind as well, giving my Code Filter a chance at being the best at what it does.

    I intend to give MHS the ability to load OllyDbg plug-ins and to perform all of OllyDbg’s tasks as well, giving people a reasonable alternative.
    Ambitious, but fun. And that is really all that matters to me.


    In the meantime, you may want to take a second look at those scripts. To be honest, hacking was one of my intentions, but my real goal was to give myself a convenient way to execute all kinds of odd-job tasks without having to start a whole new Visual Studio project each time or mess with makefiles.


    L. Spiro
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  13. #58
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Cool! I'm really gonna have some fun with this as soon as I get a free minute! And it sounds extremely interesting with the upcoming code filter features too, really looking forward to them!

    Oh, I'm a little curious about why you are "not sure if anything can be done" about the target crashes you mention? Is it because you have to statically analyze the code in order to inject breakpoints at all basic blocks, and thus that the code analysis is sometimes not correct, or is it something else? Maybe someone here has good ideas if you just tell us a bit more about the details?

    And keep all the other features coming too, it's just nice (as long as program stability isn't affected all too much ), I know exactly what you mean in your explanation above L. Spiro, I'm just like that too.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

  14. #59
    I am not sure if the problems can be helped partly because I am not sure what the problem really is.
    It seems to be a problem with Windows in how it handles the breakpoints. The high load of breakpoints suddenly being hit in the target process causes a hiccup and sometimes it can not recover, usually it can.

    The other crashes are caused by code analysis, but I added options to reduce the risk of this. I recently uploaded a new version and I believe it has a Settings menu option which allows to turn off various sets of functions. Guessed functions can be risky, but Good Guesses are rarely risky.

    Exported functions are actually the causes of most crashes. If you include a DLL which exports a global data value rather than a function (such as NtOsKrnl.exe does) the analyzer would have to be very advanced to tell the difference. For now, it would end up breakpointing the data, causing who-knows-what madness to happen afterwards.


    L. Spiro
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  15. #60
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Quote Originally Posted by L. Spiro View Post
    I am not sure if the problems can be helped partly because I am not sure what the problem really is.
    It seems to be a problem with Windows in how it handles the breakpoints. The high load of breakpoints suddenly being hit in the target process causes a hiccup and sometimes it can not recover, usually it can.
    Ok, I see. It would seem quite strange though if Windows itself had such breakpoint synchronization problems itself I think, since many tracers etc have been built before, out of which many depend on massive breakpointing. For example, during the development/testing of the Conditional Branch Logger Olly plugin (http://www.woodmann.com/collaborative/tools/index.php/Conditional_Branch_Logger), we never experienced anything like this as far as I know (even though I guess that breakpoints can be hit at a little higher rate than in that plugin, since Olly's code is in between in that case too). Still, it would be very strange if Windows itself was fully to blame.


    Quote Originally Posted by L. Spiro View Post
    The other crashes are caused by code analysis, but I added options to reduce the risk of this. I recently uploaded a new version and I believe it has a Settings menu option which allows to turn off various sets of functions. Guessed functions can be risky, but Good Guesses are rarely risky.

    Exported functions are actually the causes of most crashes. If you include a DLL which exports a global data value rather than a function (such as NtOsKrnl.exe does) the analyzer would have to be very advanced to tell the difference. For now, it would end up breakpointing the data, causing who-knows-what madness to happen afterwards.
    If I don't remember incorrectly, pStalker has the ability to import IDA databases (or rather some kind of data file derived from an IDA database, called pIDA files or something like that I think), which gives it a lot more useful information about the target when profiling it like this. Adding something similar to MHS would be a great addition I think, since it would both make it possible to specify at a much higher level of detail which areas should be profiled and not (by e.g. selecting between all functions defined in IDA, by their names), and it would also make all information about exported data vs exported functions available from IDA, i.e. making errors and crashes caused by this much easier to avoid. You would have much of the power of IDA directly at your hands!

    And this doesn't have to be as hard as having to parse the IDA databases yourself either, but rather, you can base it on simple MAP files etc exported directly from IDA, or in a somewhat more complex and powerful case, some kind of files created from IDA inside IDA by a custom IDC script or plugin that you provide. That would be some seriously powerful stuff, and might very well be one of those unique features that would push MHS a large step closer to that "undisputed best tool" position that you're mentioning above.
    "Give a man a quote from the FAQ, and he'll ignore it. Print the FAQ, shove it up his ass, kick him in the balls, DDoS his ass and kick/ban him, and the point usually gets through eventually."

Similar Threads

  1. Can't Dump a w32 binary (malware)?
    By digdugg in forum Malware Analysis and Unpacking Forum
    Replies: 5
    Last Post: January 17th, 2011, 15:14
  2. Good Laugh
    By NoLoader in forum Off Topic
    Replies: 3
    Last Post: August 30th, 2007, 05:12
  3. REQ: binary calculator
    By yaa in forum Tools of Our Trade (TOT) Messageboard
    Replies: 10
    Last Post: May 3rd, 2004, 04:33
  4. reversing the binary code of .exe and .dll
    By Alawi in forum Advanced Reversing and Programming
    Replies: 4
    Last Post: December 21st, 2001, 14:35
  5. Good time to get into cracking?
    By Unregistered in forum Malware Analysis and Unpacking Forum
    Replies: 3
    Last Post: November 11th, 2001, 13:16

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •