Results 1 to 4 of 4

Thread: Thief 2 but not target specific

  1. #1

    Thief 2 but not target specific

    Since my last post I'm actually still working on Thief 2. Managed to get the thing working without any help from Safedisc dll's, that is, almost working. There's one thing that puzzles me, and since I'm in the middle of exams I haven't had time to work on it much. So I'm hoping somebody might have been thru it, and can give me some peace of mind.

    Problem is, every once in a while, Thief blinks the screen (it's done once when the game is loading into the start menu, and when it has just loaded a mission). When it does this, it (well something anyway) seems to be loading the file into memory again, without reloading the import table. Thus, when the game tries to go on loading, gpf gets in your face. What's getting on my nerve is, that it would seem that the debug breakpoints have been disabled in some fashion, and I don't know how. So, the question is, how would one go about doing something like that? And at the same time reloading the file into memory? Any help would be cool.

    Blue skies

  2. #2
    a) Safedisk API (i think its Thief2 doesnt use it though)

    b) IAT wrong rebuilded, but calls correct so code like:
    mov ebp, [SomeIATaddress]
    call ebp
    jmp bla
    would fuck up as the FF15-calls are fixed to the correct import but the API-calls like the above one stay directed to the wrong api
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  3. #3
    I had similar problems with Safecast. Apart from the "FF 15" calls, there are api calls via different registers, as TC described for ebp and JMPs to api adresses. - I wrote down my experiences and a way to handle this problems and sent it to +Tsehp some days ago, perhaps he will publish it. Otherwise, i could send it to you by mail.
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    Hi again

    Sorry for taking so long to reply, been busy.
    Bout my problem: I took into consideration the way safedisc redirects the API's (with the check for FF 15), and since I checked that the calls were sent to the right places, I'm rather sure that's not the problem.
    I'll try to sum it up again: What happens is, that when I load my version (unpacked and fixed) it runs fine up until a moment when the screen flicks (I'm not entirely sure why it does so, but am guessing it's setting up the display or rather testing it). When the screen is restored (before the Thief 2 menu is loaded) it seems that the program has been reloaded from the HD and put into memory WITHOUT the import table having been processed again. Thus, since I put my iat another place, the original iat is there and points to nothing. What puzzles me is that Softice won't break on a bpm, altho something is clearly being moved around in mem. I fixed the problem first by saving a copy of the memory place i needed, and when it had been altered just moved it back. This worked up till the game had loaded a saved game, or you'd start a new one, when the proggy crashes (due to a GPF I'm pretty sure, tho everything justgrinds to a halt). Now, the question is, why wouldn't softice break, when something in memory was being moved around?

    If anybody has info or similar experiences, would be cool to hear.

    Blues skies

Similar Threads

  1. Dongle studing, where to start for a specific target?
    By schledde in forum The Newbie Forum
    Replies: 1
    Last Post: May 22nd, 2014, 00:14
  2. Is Import Rebuilding OS-specific?
    By TiGa in forum The Newbie Forum
    Replies: 3
    Last Post: August 3rd, 2007, 17:04
  3. How to find specific instruction?
    By CFSworks in forum OllyDbg Support Forums
    Replies: 2
    Last Post: May 7th, 2005, 06:36
  4. How to watch a specific range of memory ?
    By Xtra in forum OllyDbg Support Forums
    Replies: 2
    Last Post: May 1st, 2005, 01:59
  5. How to force data into a specific PE section?
    By Clandestiny in forum Advanced Reversing and Programming
    Replies: 6
    Last Post: April 8th, 2005, 09:32


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts