Page 1 of 2 12 LastLast
Results 1 to 15 of 27

Thread: checking my ASM

  1. #1

    checking my ASM

    The task: make a trainer for the included Minesweeper game with Windows to stop the timer from advancing. I found the code address, and I made this program. However, it doesn't work .

    Am I allowed to ask someone to look over my code and tell me what's wrong? In case I am (:-D):

    Using Hutch's Masm32 8.2. The problem is that when I press the 'u' key, the program crashes. And SoftIce doesn't pop up, which is rather annoying. Keep in mind when you're reading this that I am really new at this, and this is my first attempt at a serious one of these type things. Don't make too much fun of me .
    Code:
    .386
    .model flat,stdcall
    option casemap:none
    include \masm32\include\windows.inc
    include \masm32\include\user32.inc
    include \masm32\include\kernel32.inc
    include \masm32\include\gdi32.inc
    includelib \masm32\lib\user32.lib
    includelib \masm32\lib\gdi32.lib
    includelib \masm32\lib\kernel32.lib
    
    WinMain proto :DWORD,:DWORD,:DWORD,:DWORD
    
    .DATA
    ClassName db "SimpleWinClass",0
    AppName db "Window Name",0
    char WPARAM 20h
    winName db "Minesweeper",0 ; the name of the window
    toWrite QWORD 909090909090h ; the bytes to write; 6 NOPs
    
    .DATA?
    hInstance HINSTANCE ?
    CommandLine LPSTR ?
    IDProcess DWORD ? 	; the ID of the process
    tempHWnd HWND ?		; the window handle of the process
    hProcess HANDLE ?  	; eventually, the process to write to
    
    .CODE
    start:
    invoke GetModuleHandle, NULL
    mov hInstance, eax
    invoke GetCommandLine
    mov CommandLine, eax
    
    invoke WinMain,hInstance,NULL,CommandLine,SW_SHOWDEFAULT
    invoke ExitProcess, eax
    
    WinMain proc hInst:HINSTANCE,hPrevInst:HINSTANCE,CmdLine:LPSTR,CmdShow:DWORD
        LOCAL wc:WNDCLASSEX
        LOCAL msg:MSG
        LOCAL hwnd:HWND
    
        mov wc.cbSize, SIZEOF WNDCLASSEX
        mov wc.style, CS_HREDRAW or CS_VREDRAW
        mov wc.lpfnWndProc, OFFSET WndProc
        mov wc.cbClsExtra, NULL
        mov wc.cbWndExtra, NULL
        push hInstance
        pop wc.hInstance
        mov wc.hbrBackground, COLOR_WINDOW+1
        mov wc.lpszMenuName, NULL
        mov wc.lpszClassName, OFFSET ClassName
        invoke LoadIcon, NULL, IDI_APPLICATION
        mov wc.hIcon, eax
        mov wc.hIconSm, eax
        invoke LoadCursor, NULL, IDC_ARROW
        mov wc.hCursor, eax
        invoke RegisterClassEx, addr wc
        invoke CreateWindowEx, NULL,\
            ADDR ClassName,\
            ADDR AppName,\
            WS_OVERLAPPEDWINDOW,\
            CW_USEDEFAULT,\
            CW_USEDEFAULT,\
            200,\
            200,\
            NULL,\
            NULL,\
            hInst,\
            NULL
        mov hwnd, eax
        invoke ShowWindow, hwnd, CmdShow
        invoke UpdateWindow, hwnd
    
        .WHILE TRUE
            invoke GetMessage, ADDR msg, NULL, 0, 0
            .BREAK .IF (!eax)
            invoke TranslateMessage, ADDR msg
            invoke DispatchMessage, ADDR msg
        .ENDW
        mov eax, msg.wParam
        ret
    WinMain endp
    
    WndProc proc hWnd:HWND, uMsg:UINT, wParam:WPARAM, lParam:LPARAM
        LOCAL hdc:HDC
        LOCAL ps:PAINTSTRUCT
        
        .IF uMsg == WM_DESTROY
            invoke PostQuitMessage, NULL
        .ELSEIF uMsg == WM_CHAR
            push wParam
            pop char
    	.IF char == 75h ;u
    		mov char,25h ;%
            	invoke InvalidateRect, hWnd, NULL, TRUE
    		call StopTime
    	.ELSE
    		invoke InvalidateRect, hWnd, NULL, TRUE
    	.ENDIF
        .ELSEIF uMsg==WM_PAINT
            invoke BeginPaint, hWnd, ADDR ps
            mov hdc,eax
            invoke TextOut, hdc, 90,70, ADDR char, 1
            invoke EndPaint, hWnd, ADDR ps
        .ELSE
            invoke DefWindowProc,hWnd, uMsg, wParam, lParam
            ret
        .ENDIF
        xor eax,eax
        ret
    WndProc endp
    
    StopTime proc
    	invoke FindWindowA, NULL, ADDR winName					;get hWnd for Minesweeper
    	mov tempHWnd, eax 							;put it into tempHWnd
    	invoke GetWindowThreadProcessId, tempHWnd, IDProcess 			;get the process ID
    	invoke OpenProcess, PROCESS_ALL_ACCESS, FALSE, IDProcess		;open the process
    	mov hProcess, eax							;load the process handle into hProcess
    	invoke WriteProcessMemory, hProcess, 01002FF5h, ADDR toWrite, 6, NULL	;write the stuff
    	invoke CloseHandle, hProcess
    StopTime endp
    end start
    Thanks.
    Last edited by tdennist; November 18th, 2004 at 20:19.
    When the going gets tough...the tough get going.

    Roar.

  2. #2
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,146
    Blog Entries
    5
    Hiya,

    Just like the other procs, your StopTime proc needs a 'ret', that should fix 'er up.

    Cheers

  3. #3
    Thank you, that did indeed stop it from crashing.

    Now, however, it just plain doesn't work. Do you see any other glaring mistakes? I don't even know if I used the proper procedure for getting the window handle, process ID, etc. Remember, this is my first ever attempt at this .

    Also, the way I specified the bytes to write to the process seems stupid. Is a quad word the largest amount of bytes I can replace in the file at once? If there were more, would I have to save them in separate quad word variables? (And actually, I don't even know if I did it the right way. Help? )

    Thanks.

    edit: Also, forum mods and other gurus: tell me if I should edit my original post to not specify the game's name outright. I recall one of the forum rules being something about that....
    Last edited by tdennist; November 18th, 2004 at 22:48.
    When the going gets tough...the tough get going.

    Roar.

  4. #4
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,146
    Blog Entries
    5
    Quote Originally Posted by tdennist
    edit: Also, forum mods and other gurus: tell me if I should edit my original post to not specify the game's name outright. I recall one of the forum rules being something about that....
    Don't worry about Minesweeper! We can handle any MS goons that might complain

    Because of a recent hand injury I can't type more than a few words here, so I'll leave the other questions to the ablebodied...

    btw, you may want to read Zairon's reversing of Minesweeper at the main archive site,
    http://woodmann.net/fravia/what_new.htm

  5. #5
    son of Bungo & Belladonna bilbo's Avatar
    Join Date
    Mar 2004
    Location
    Rivendell
    Posts
    310
    tdennist:
    (1) first, be sure that the version you have of WINMINE.EXE really brings at address 0x1002FF5 the instruction you want to comment-out (you can check this with a debugger). This condition holds for windows XP version:
    Code:
    01002FF5    FF 05 9C 57 00 01    inc dword ptr ds:[100579Ch]
    (2) second, check the name of Minesweeper window; in Windows 2000/XP the name is not Minesweeper, but it depends on the language of your installation, Correct it at winName location of your code

    (3) finally, correct an error you made invoking GetWindowThreadProcessId.
    The correct syntax is
    Code:
    invoke GetWindowThreadProcessId, tempHWnd, ADDR IDProcess
    After these three steps, you can digit 'u' in your window and the timer will magically stop!

    Quote Originally Posted by tdennist
    Is a quad word the largest amount of bytes I can replace in the file at once? If there were more, would I have to save them in separate quad word variables?
    Not at all! You can declare them in plain bytes... Try to replace
    Code:
    toWrite QWORD 909090909090h
    with
    Code:
    toWrite db 90h,90h,90h,90h,90h,90h
    and the effects will not change.

    Quote Originally Posted by Kayaker
    you may want to read Zairon's reversing of Minesweeper at the main archive site
    LOL, he didn't make a deep reversing, since he misses the fact that the same effect could be reached with the XYZZY trick (google to find it) - joking... that's an instructive reading!

    Kayaker:
    Sorry for your wound... I hope you will be healthy again, and your brilliant brain has not suffered too

    Regards, bilbo
    Non quia difficilia sunt, non audemus, sed quia non audemus, difficilia sunt.[Seneca, Epistulae Morales 104, 26]

  6. #6
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Hi bilbo,
    he didn't make a deep reversing, since he misses the fact that the same effect could be reached with the XYZZY trick
    Hmmm, you didn't read the initial minesweeper project in the mini project area

    Best regards,
    Zai

  7. #7
    son of Bungo & Belladonna bilbo's Avatar
    Join Date
    Mar 2004
    Location
    Rivendell
    Posts
    310
    Please, forgive me ZaiRoN, please...
    After I got rid of the Ring, I have become more and more forgetful!
    bilbo
    Non quia difficilia sunt, non audemus, sed quia non audemus, difficilia sunt.[Seneca, Epistulae Morales 104, 26]

  8. #8
    Red wine, not vodka! ZaiRoN's Avatar
    Join Date
    Oct 2001
    Location
    Italy
    Posts
    922
    Blog Entries
    17
    Quote Originally Posted by bilbo
    Please, forgive me ZaiRoN, please...
    Oh my good old hobbit, you are forgiven this time :P

  9. #9
    Since surrendering the "One Ring" eventually saved Middle Earth, we can forgive an occasional failure of memory among the elder folk. That way I might also get away with a memory failure or three... uh ... what were we talking about?

    Regards,
    JMI

  10. #10
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,146
    Blog Entries
    5
    Quote Originally Posted by bilbo
    Kayaker:
    Sorry for your wound... I hope you will be healthy again, and your brilliant brain has not suffered too
    Thank you, though I can't say I feel too f*ing brilliant today! ;-)
    A few slowly typed cautionary observations about those Olfa "exacto" utility knives with the snap-off blades -

    The blades can snap off at the most inopportune time.
    They are *very* effective at filleting human flesh, quite reminiscent of cleaning a freshly caught fish actually...
    They also sell stronger blades which don't snap off as easily. Now I know why.

    Standard knife safety includes protecting ones exposed body parts to the consequences of an "expected" slip (taking into account such things as direction of push, possible angles of deflection, length of blade, how much you value the exposed body part(s), etc.)
    Enhanced knife safety should include, where applicable, the consequences of a sudden shortening of blade length while remaining razor sharp.

    If the thought "Maybe I shouldn't be doing this" ever crosses your mind while working with a knife, stop immediately and don't dismiss it.
    'Close calls' are good to have every once in a while to make one appreciate how wonderful life is.
    The realization that "it could have been a lot worse" is a wonderful thing.
    Stitches(7) are a wonderful thing. So are flesh wounds that don't cut through tendons or major nerves.
    Female doctors are especially attractive when stitching you up

    Take care out there.

    Cheers,
    Kayaker

  11. #11
    Kayaker:

    Glad to hear you are healing up. Just wanted to know if the lady doc asked you to cough? And if so, were her hands cold?

    Regards,
    JMI

  12. #12
    Teach, Not Flame Kayaker's Avatar
    Join Date
    Oct 2000
    Posts
    4,146
    Blog Entries
    5
    No, I was in an awkward position when working with the knife, not the doctor

  13. #13
    *cough* back on topic....;-).

    Quote Originally Posted by bilbo
    (2) second, check the name of Minesweeper window; in Windows 2000/XP the name is not Minesweeper, but it depends on the language of your installation, Correct it at winName location of your code
    Ok, here's where I feel stupid. Is the name of the windows the text in the title bar? Because if it is, Minesweeper is the right name....

    Thanks.

    (edit: I swear, once I learn this stuff, I'm writing a bunch of well written tutorials, explaining step by step and skipping nothing on how to do simple things. Like make a trainer for Minesweeper.)
    Last edited by tdennist; November 19th, 2004 at 20:22.
    When the going gets tough...the tough get going.

    Roar.

  14. #14
    tdennist, easiest way to check window and window class names (there is a difference) is by using the spy++ tool that Microsoft ship with Visual Studio (and I think it's on their site for freedownload, and in Resource Kit's etc).
    Still here...

  15. #15
    ...or use windowjuggler plugin for olly.
    Regards,

Similar Threads

  1. Integrity checking.
    By Zumo in forum The Newbie Forum
    Replies: 2
    Last Post: April 9th, 2012, 00:05
  2. Packed and probably self-checking. Help needed
    By rokafeller in forum The Newbie Forum
    Replies: 3
    Last Post: November 16th, 2005, 01:07
  3. checking correctness of flexlm license
    By ferg_jl in forum Advanced Reversing and Programming
    Replies: 2
    Last Post: October 13th, 2002, 20:25

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •