Results 1 to 4 of 4

Thread: newbie Help!!!!

  1. #1
    nebbursis
    Guest

    newbie Help!!!!

    Hi!
    I know what Im about to ask maybe do not belong in here, but I really need help with this sence there are not really many tutorials in this matter, sure there is a lot of tutorials on noping a value......but were do I go from there? I hope some of u know what Im talking about here.
    Here it goes ..... Im trying to hack starcraft v.1.0. Lets say I want to make a trainer that when I push a button it will add 1000 to the minerals. I search the game with gamehack and I come up with an adress. In my case it was 004EFE0C. So I did an bpmd 004EFE0C w on it and here`s where softice poped up.
    0042205B 8A464C MOV AL, [ESI+4C]
    ----------------------------------------
    0042205E 8A8ECF000000 MOV CL,[ESI+000000CF]
    ----------------------------------------
    00422064 6A00 PUSH 00
    -----------------------------------------
    00422066 8B148508FE4E00 MOV EDX,[EAX*4+004EFE08]
    -------------------------------------
    0042206D 03D1 ADD EDX,ECX
    ------------------------------------
    0042206F 89148508FE4E00 MOV [EAX*4+004EFE08], EDX
    ---------------------------------------
    00422076 33C0 XOR EAX,EAX:THIS LINE IS WHERE SOFTICE POPSUP
    ------------------------------------------
    00422078 8A464C MOV AL,[ESI+4C]
    ------------------------------------------
    0042207B 33D2 XOR EDX,EDX
    -----------------------------------------
    0042207D 8A96CF000000 MOV DL,[ESI+000000CF]
    -----------------------------------------
    00422083 8B0C8598FE4E00 MOV ECX,[EAX*4+004EFE98]
    ----------------------------------------
    0042208A 03CA ADD ECX,EDX
    ----------------------------------------
    0042208C 33D2 XOR EDX,EDX
    -----------------------------------------
    00422095 8A96CF000000 MOV DL,[ESI +000000CF]
    -----------------------------------------

    Now, where do I go from here, I have a basic ide, but I`m a little confused. So if anyone could help me with this I would really be thankful, sence Im stuck at this point. And I feel if I get help with this I will get a hang of it all.
    Thanks in advance
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    nebbursis (11-08-2000 02:07):

    0042205B 8A464C MOV AL, [ESI+4C]
    ----------------------------------------
    0042205E 8A8ECF000000 MOV CL,[ESI+000000CF]
    ----------------------------------------
    00422064 6A00 PUSH 00
    -----------------------------------------
    00422066 8B148508FE4E00 MOV EDX,[EAX*4+004EFE08]
    -------------------------------------
    0042206D 03D1 ADD EDX,ECX
    ------------------------------------
    0042206F 89148508FE4E00 MOV [EAX*4+004EFE08], EDX
    ---------------------------------------
    00422076 33C0 XOR EAX,EAX:THIS LINE IS WHERE SOFTICE POPSUP
    ------------------------------------------
    00422078 8A464C MOV AL,[ESI+4C]
    ------------------------------------------
    0042207B 33D2 XOR EDX,EDX
    -----------------------------------------
    0042207D 8A96CF000000 MOV DL,[ESI+000000CF]
    -----------------------------------------
    00422083 8B0C8598FE4E00 MOV ECX,[EAX*4+004EFE98]
    ----------------------------------------
    0042208A 03CA ADD ECX,EDX
    ----------------------------------------
    0042208C 33D2 XOR EDX,EDX
    -----------------------------------------
    00422095 8A96CF000000 MOV DL,[ESI +000000CF]
    -----------------------------------------
    Well, first of all, you might wanna check that you have the right value. Alter it a bit and see what happens. Then, if it turns out to be the right one, what you might wanna do is create a runtime patcher, that at any given time can add a value to the specific mem location (that is, if you want to be able to add to the value. You could also opt for a patch that would stop the value decreasing. In that case you could just nop out 42206dh). This can be done simple or complex according to needs and wants. Go find some tutors on doing run-time patchers.

    Fake

  3. #3
    NikDH
    Guest
    I dont think the line u have posted refers to changing a mem value ))
    For example: da ya think that
    0042208C 33D2 XOR EDX,EDX
    has something in common with the bp u have put?
    U have to remeber that when u put a bp on memory sice pops AFTER the instruction that modifies the memory
    So set your bp and record the line before the line in which sice pops
    I hope these r the rigth ones
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  4. #4
    NchantA
    Guest
    -----------------------------------------
    00422066 8B148508FE4E00 MOV EDX,[EAX*4+004EFE08]
    -------------------------------------
    0042206D 03D1 ADD EDX,ECX
    ------------------------------------
    0042206F 89148508FE4E00 MOV [EAX*4+004EFE08], EDX
    ---------------------------------------
    00422076 33C0 XOR EAX,EAX:THIS LINE IS WHERE SOFTICE POPSUP
    ------------------------------------------
    00422078 8A464C MOV AL,[ESI+4C]

    ok just with a quick look it looks like the add edx,ecx is the instruction ur looking for, for a superb tutorial on training check tsehp+'s page

    direct link:
    http://www.woodmann.net/fravia/trainer.htm

    otherwise theck whats new tsehp.cjb.net
    I promise that I have read the FAQ and tried to use the Search to answer my question.

Similar Threads

  1. Serious newbie Help..
    By DENiSON in forum The Newbie Forum
    Replies: 1
    Last Post: February 21st, 2010, 22:52
  2. Im a newbie, help me please
    By c0smit0^ in forum The Newbie Forum
    Replies: 7
    Last Post: May 3rd, 2005, 17:06
  3. Help a newbie plz :)
    By Flack in forum Malware Analysis and Unpacking Forum
    Replies: 12
    Last Post: January 9th, 2002, 18:25
  4. another newbie
    By MGJ in forum Mini Project Area
    Replies: 5
    Last Post: November 20th, 2000, 12:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •