Page 1 of 2 12 LastLast
Results 1 to 15 of 27

Thread: checking my ASM

Hybrid View

  1. #1

    checking my ASM

    The task: make a trainer for the included Minesweeper game with Windows to stop the timer from advancing. I found the code address, and I made this program. However, it doesn't work .

    Am I allowed to ask someone to look over my code and tell me what's wrong? In case I am (:-D):

    Using Hutch's Masm32 8.2. The problem is that when I press the 'u' key, the program crashes. And SoftIce doesn't pop up, which is rather annoying. Keep in mind when you're reading this that I am really new at this, and this is my first attempt at a serious one of these type things. Don't make too much fun of me .
    Code:
    .386
    .model flat,stdcall
    option casemap:none
    include \masm32\include\windows.inc
    include \masm32\include\user32.inc
    include \masm32\include\kernel32.inc
    include \masm32\include\gdi32.inc
    includelib \masm32\lib\user32.lib
    includelib \masm32\lib\gdi32.lib
    includelib \masm32\lib\kernel32.lib
    
    WinMain proto :DWORD,:DWORD,:DWORD,:DWORD
    
    .DATA
    ClassName db "SimpleWinClass",0
    AppName db "Window Name",0
    char WPARAM 20h
    winName db "Minesweeper",0 ; the name of the window
    toWrite QWORD 909090909090h ; the bytes to write; 6 NOPs
    
    .DATA?
    hInstance HINSTANCE ?
    CommandLine LPSTR ?
    IDProcess DWORD ? 	; the ID of the process
    tempHWnd HWND ?		; the window handle of the process
    hProcess HANDLE ?  	; eventually, the process to write to
    
    .CODE
    start:
    invoke GetModuleHandle, NULL
    mov hInstance, eax
    invoke GetCommandLine
    mov CommandLine, eax
    
    invoke WinMain,hInstance,NULL,CommandLine,SW_SHOWDEFAULT
    invoke ExitProcess, eax
    
    WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
        LOCAL wc:WNDCLASSEX
        LOCAL msg:MSG
        LOCAL hwnd:HWND
    
        mov wc.cbSize, SIZEOF WNDCLASSEX
        mov wc.style, CS_HREDRAW or CS_VREDRAW
        mov wc.lpfnWndProc, OFFSET WndProc
        mov wc.cbClsExtra, NULL
        mov wc.cbWndExtra, NULL
        push hInstance
        pop wc.hInstance
        mov wc.hbrBackground, COLOR_WINDOW+1
        mov wc.lpszMenuName, NULL
        mov wc.lpszClassName, OFFSET ClassName
        invoke LoadIcon, NULL, IDI_APPLICATION
        mov wc.hIcon, eax
        mov wc.hIconSm, eax
        invoke LoadCursor, NULL, IDC_ARROW
        mov wc.hCursor, eax
        invoke RegisterClassEx, addr wc
        invoke CreateWindowEx, NULL,\
            ADDR ClassName,\
            ADDR AppName,\
            WS_OVERLAPPEDWINDOW,\
            CW_USEDEFAULT,\
            CW_USEDEFAULT,\
            200,\
            200,\
            NULL,\
            NULL,\
            hInst,\
            NULL
        mov hwnd, eax
        invoke ShowWindow, hwnd, CmdShow
        invoke UpdateWindow, hwnd
    
        .WHILE TRUE
            invoke GetMessage, ADDR msg, NULL, 0, 0
            .BREAK .IF (!eax)
            invoke TranslateMessage, ADDR msg
            invoke DispatchMessage, ADDR msg
        .ENDW
        mov eax, msg.wParam
        ret
    WinMain endp
    
    WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
        LOCAL hdc:HDC
        LOCAL ps:PAINTSTRUCT
        
        .IF uMsg == WM_DESTROY
            invoke PostQuitMessage, NULL
        .ELSEIF uMsg == WM_CHAR
            push wParam
            pop char
    	.IF char == 75h ;u
    		mov char,25h ;%
            	invoke InvalidateRect, hWnd, NULL, TRUE
    		call StopTime
    	.ELSE
    		invoke InvalidateRect, hWnd, NULL, TRUE
    	.ENDIF
        .ELSEIF uMsg==WM_PAINT
            invoke BeginPaint, hWnd, ADDR ps
            mov hdc,eax
            invoke TextOut, hdc, 90,70, ADDR char, 1
            invoke EndPaint, hWnd, ADDR ps
        .ELSE
            invoke DefWindowProc,hWnd, uMsg, wParam, lParam
            ret
        .ENDIF
        xor eax,eax
        ret
    WndProc endp
    
    StopTime proc
    	invoke FindWindowA, NULL, ADDR winName					;get hWnd for Minesweeper
    	mov tempHWnd, eax 							;put it into tempHWnd
    	invoke GetWindowThreadProcessId, tempHWnd, IDProcess 			;get the process ID
    	invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, IDProcess		;open the process
    	mov hProcess, eax							;load the process handle into hProcess
    	invoke WriteProcessMemory, hProcess, 01002FF5h, ADDR toWrite, 6, NULL	;write the stuff
    	invoke CloseHandle, hProcess
    StopTime endp
    end start
    Thanks.
    Last edited by tdennist; November 18th, 2004 at 20:19.
    When the going gets tough...the tough get going.

    Roar.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,127
    Blog Entries
    5
    Hiya,

    Just like the other procs, your StopTime proc needs a 'ret', that should fix 'er up.

    Cheers

  3. #3
    Thank you, that did indeed stop it from crashing.

    Now, however, it just plain doesn't work. Do you see any other glaring mistakes? I don't even know if I used the proper procedure for getting the window handle, process ID, etc. Remember, this is my first ever attempt at this .

    Also, the way I specified the bytes to write to the process seems stupid. Is a quad word the largest amount of bytes I can replace in the file at once? If there were more, would I have to save them in separate quad word variables? (And actually, I don't even know if I did it the right way. Help? )

    Thanks.

    edit: Also, forum mods and other gurus: tell me if I should edit my original post to not specify the game's name outright. I recall one of the forum rules being something about that....
    Last edited by tdennist; November 18th, 2004 at 22:48.
    When the going gets tough...the tough get going.

    Roar.

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,127
    Blog Entries
    5
    Quote Originally Posted by tdennist
    edit: Also, forum mods and other gurus: tell me if I should edit my original post to not specify the game's name outright. I recall one of the forum rules being something about that....
    Don't worry about Minesweeper! We can handle any MS goons that might complain

    Because of a recent hand injury I can't type more than a few words here, so I'll leave the other questions to the ablebodied...

    btw, you may want to read Zairon's reversing of Minesweeper at the main archive site,
    http://woodmann.net/fravia/what_new.htm

  5. #5
    son of Bungo & Belladonna bilbo's Avatar
    Join Date
    Mar 2004
    Location
    Rivendell
    Posts
    310
    tdennist:
    (1) first, be sure that the version you have of WINMINE.EXE really brings at address 0x1002FF5 the instruction you want to comment-out (you can check this with a debugger). This condition holds for windows XP version:
    Code:
    01002FF5    FF 05 9C 57 00 01    inc dword ptr ds:[100579Ch]
    (2) second, check the name of Minesweeper window; in Windows 2000/XP the name is not Minesweeper, but it depends on the language of your installation, Correct it at winName location of your code

    (3) finally, correct an error you made invoking GetWindowThreadProcessId.
    The correct syntax is
    Code:
    invoke GetWindowThreadProcessId, tempHWnd, ADDR IDProcess
    After these three steps, you can digit 'u' in your window and the timer will magically stop!

    Quote Originally Posted by tdennist
    Is a quad word the largest amount of bytes I can replace in the file at once? If there were more, would I have to save them in separate quad word variables?
    Not at all! You can declare them in plain bytes... Try to replace
    Code:
    toWrite QWORD 909090909090h
    with
    Code:
    toWrite db 90h,90h,90h,90h,90h,90h
    and the effects will not change.

    Quote Originally Posted by Kayaker
    you may want to read Zairon's reversing of Minesweeper at the main archive site
    LOL, he didn't make a deep reversing, since he misses the fact that the same effect could be reached with the XYZZY trick (google to find it) - joking... that's an instructive reading!

    Kayaker:
    Sorry for your wound... I hope you will be healthy again, and your brilliant brain has not suffered too

    Regards, bilbo
    Non quia difficilia sunt, non audemus, sed quia non audemus, difficilia sunt.[Seneca, Epistulae Morales 104, 26]

  6. #6
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Hi bilbo,
    he didn't make a deep reversing, since he misses the fact that the same effect could be reached with the XYZZY trick
    Hmmm, you didn't read the initial minesweeper project in the mini project area

    Best regards,
    Zai

  7. #7
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,127
    Blog Entries
    5
    Quote Originally Posted by bilbo
    Kayaker:
    Sorry for your wound... I hope you will be healthy again, and your brilliant brain has not suffered too
    Thank you, though I can't say I feel too f*ing brilliant today! ;-)
    A few slowly typed cautionary observations about those Olfa "exacto" utility knives with the snap-off blades -

    The blades can snap off at the most inopportune time.
    They are *very* effective at filleting human flesh, quite reminiscent of cleaning a freshly caught fish actually...
    They also sell stronger blades which don't snap off as easily. Now I know why.

    Standard knife safety includes protecting ones exposed body parts to the consequences of an "expected" slip (taking into account such things as direction of push, possible angles of deflection, length of blade, how much you value the exposed body part(s), etc.)
    Enhanced knife safety should include, where applicable, the consequences of a sudden shortening of blade length while remaining razor sharp.

    If the thought "Maybe I shouldn't be doing this" ever crosses your mind while working with a knife, stop immediately and don't dismiss it.
    'Close calls' are good to have every once in a while to make one appreciate how wonderful life is.
    The realization that "it could have been a lot worse" is a wonderful thing.
    Stitches(7) are a wonderful thing. So are flesh wounds that don't cut through tendons or major nerves.
    Female doctors are especially attractive when stitching you up

    Take care out there.

    Cheers,
    Kayaker

  8. #8
    *cough* back on topic....;-).

    Quote Originally Posted by bilbo
    (2) second, check the name of Minesweeper window; in Windows 2000/XP the name is not Minesweeper, but it depends on the language of your installation, Correct it at winName location of your code
    Ok, here's where I feel stupid. Is the name of the windows the text in the title bar? Because if it is, Minesweeper is the right name....

    Thanks.

    (edit: I swear, once I learn this stuff, I'm writing a bunch of well written tutorials, explaining step by step and skipping nothing on how to do simple things. Like make a trainer for Minesweeper.)
    Last edited by tdennist; November 19th, 2004 at 20:22.
    When the going gets tough...the tough get going.

    Roar.

  9. #9
    tdennist, easiest way to check window and window class names (there is a difference) is by using the spy++ tool that Microsoft ship with Visual Studio (and I think it's on their site for freedownload, and in Resource Kit's etc).
    Still here...

  10. #10
    ...or use windowjuggler plugin for olly.
    Regards,

  11. #11
    Yay! Thanks, guys. It works now! Now, my next question is, how should I start going about changing it so that I don't have to press 'u' inside my application window? I.e. a hotkey that will work from any application.
    When the going gets tough...the tough get going.

    Roar.

  12. #12
    Administrator dELTA's Avatar
    Join Date
    Oct 2000
    Location
    Ring -1
    Posts
    4,206
    Blog Entries
    5
    Look into global hooks in Windows, especially the API function SetWindowsHookEx...

  13. #13
    Well, I read up on that stuff, and then today, while browsing Iczelion's Win32 assembly page I found this site:

    http://spiff.tripnet.se/~iczelion/Win32Api1.htm

    Which explains how to create a hotkey. I put it into my Minesweeper game and it works just dandily. Does this solution work? In other words, is it a crappy workaround and should I look into the Windows hooks? Or should I just be happy with this and keep using it?
    When the going gets tough...the tough get going.

    Roar.

  14. #14
    Did somebody say DirectX?

    What my esteemed colleague dELTA meant when he said "full screen DirectX apps" was actually, "It makes no difference to a keyboard, mouse or any other input device hook if a D3D app is running in windowed or fullscreen mode, however if DirectInput is being used to manage user input a side effect is that any relevant hooks *usually* don't work"

    Basically, D3D is the drawing part of DX, DInput is the input handling part. If you acquire an input device using DInput it's normally handled at a <insert respectful metal-bashing hush here> lower level than normal (ie: direct from device/driver level). There are different ways of acquiring devices, nominally referred to as the "cooperation level" between DInput and the rest of Windows. Depending on a number of factors (including DInput config via the control panel applet and the cooperation level) input hooks usually won't work. There is absolutely no requirement to use DInput to get user input for D3D apps - personally I've coded D3D apps that used normal win32 WM_ for their input, that used WM_ for keyboard and DInput for mouse, and vice versa. So I guess what that rambling is trying to say is, just because an app uses D3D for gfx doesn't mean it uses DInput for input.

    This is an interesting article about a similar issue: http://msdn.microsoft.com/library/default.asp?url=/library/en-us/dninput/html/nodelaydirectinput.asp
    In essence, when you code a DInput app there is an annoying lag in keyboard/mouse input when debugging. It's caused by the same problem.

    I'm such a DX geek
    Still here...

  15. #15
    : Code Injector : nikolatesla20's Avatar
    Join Date
    Apr 2002
    Location
    :ether:
    Posts
    815
    What a nerd

    -nt20

Similar Threads

  1. Integrity checking.
    By Zumo in forum The Newbie Forum
    Replies: 2
    Last Post: April 9th, 2012, 00:05
  2. Packed and probably self-checking. Help needed
    By rokafeller in forum The Newbie Forum
    Replies: 3
    Last Post: November 16th, 2005, 01:07
  3. checking correctness of flexlm license
    By ferg_jl in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: October 13th, 2002, 20:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •