Results 1 to 2 of 2

Thread: Changing the argument

  1. #1
    maslo
    Guest

    Changing the argument

    Hi, I am having a little problem with Ollydbg as I have no idea of how to change "Arg2" to specific string.
    There is "Arg1" and "Arg2". Arg1 is the name in the windows registry and Arg2 is the data. Arg2 is somehow produced and is being checked if it's right at every app launch. Therefore if I change manually these 2 values in windows registry and start application then these values will change back.
    Could you provide with some help or a hint of how to change Arg2 to a desired string, or how to 'hack' 'Arg2 value generating system' ?

    Regards







    This is what I get if I Step Into: PUSH ECX "Arg2" :



    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Location
    Planet Earth
    Posts
    1,647
    This would be a quick and dirty.

    Somwhere in the executable, find a 00 filled cave, write there the string you want to spoof as arg2. Needs to be null terminated. For extra precaution, make it d-word aligned. Note the address:
    for instance
    01268000: "MyCheatString0x00"

    Now, change your code from

    012639FF: LEA ECX, [ESP+64]
    01263A03 PUSH ECX

    to

    012639FF: MOV ECX, 01268000
    01263A03 PUSH ECX

    Now the program will read your "MYCheatString" instead of the legit generated string, and hopefully swallow it.
    But I would bet there are more checks the you'll have to neutralize. . .

Similar Threads

  1. IDA argument list - c++ program
    By mcensamuel in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: May 5th, 2004, 17:28
  2. Changing EIP
    By homunculus in forum OllyDbg Support Forums
    Replies: 1
    Last Post: February 3rd, 2003, 22:45
  3. IDA & argument propagation
    By tom_324 in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: September 1st, 2002, 21:40
  4. argument name propogation in IDA 4.15
    By mike in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: March 7th, 2001, 04:34
  5. How to get functions argument types in IDA. (ida plugIns programing)
    By Mostek in forum Tools of Our Trade (TOT) Messageboard
    Replies: 2
    Last Post: February 2nd, 2001, 06:28

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •