Results 1 to 7 of 7

Thread: hmemcpy

  1. #1


    if im right it lets the program stop when memory is used or accessed

    is there an simulare command in ollydbg ?
    and how to use it on winxp?
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  2. #2
    Naides is Nobody
    Join Date
    Jan 2002
    Planet Earth
    Quote Originally Posted by jeremy
    if im right it lets the program stop when memory is used or accessed NO. IT DOES NOT

    is there an simulare command in ollydbg ? NO
    and how to use it on winxp?

    Save yourself a lot of grief.
    Read the FAQ.
    Read up to date tutorials
    Read Sites linked below.

    For History sake
    I am going to respond:

    Hmemcpy was a 16 bit "Native" API, used in win 95 and 98 systems, which were 16-32 hybrid.
    Its original intent was to implement (H)uge (Mem) copy (cpy), taking advantage of native asm instructions used to quickly mass copy big segments of memory using the DMA features introduced into the 286 processor.

    It became popular among crakers of yesteryears, I among them, because it got invoked by most windows API that would capture imput from a buffer in a text window (the serial), and store it into a buffer that was passed to the API as a parameter. . . This was a "Universal" method to track serial and password analysis and validation

    Needless to say, for multiple reasons, this trick is quite outdated, hardly ever works these days.

    Narvaja proposed a method to implement a Hmemcpy-like functionality within ollydbg, which suppossedly works in newer, XP like systems.

    I most confess I have not found it very useful.

    It has been translated to English, You may search for it.
    Last edited by naides; July 10th, 2006 at 06:33.

  3. #3
    I thought it was only possible to use it with win98 ? Anyway you can use it with softice but not olly imo. You can use softice on winxp but you need a special manipulation described in the faq.
    Did you search the web to know more ? There is ton of info.

    EDIT: woop gre-naides was too fast =)
    Please consider donating to help staying online (here is why).
    Any amount greatly appreciated. Thank you.

  4. #4
    in winxp sp2 and with softice you can break on EditWndProc+566 that's the same thing of HMEMCPY, i use that every time and it works for me

  5. #5
    Ollyplugin puntos magicos.He can place BP on VB5-6 and normal program.After activating you can in BP manager (alt+b) found correct bytes sequence.

    concretly is this adress in user32.dll

    77D4CA9E F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[es>
    I promise that I have read the FAQ and tried to use the Search to answer my question.

  6. #6
    reknihT esreveR SiGiNT's Avatar
    Join Date
    Sep 2004
    Wherever I am
    For Delphi apps this does essentially the same thing, (as discussed in another thred here, just searching for HMEMCPY should have found it),

    bp EditWndProc+566

    Unemployed old fart Geek - Self Employed Annoyance
    Team: Noobisco Crackers
    If someone can't do it for you, you'll never learn!

  7. #7
    It is called point-h.It is different in every machine but there are tools that you can find it. I am sure that lena151 have used it too in one of her tutorials.

Similar Threads

  1. hmemcpy
    By Anonymous in forum Plugins (General)
    Replies: 20
    Last Post: September 6th, 2003, 11:17
  2. hmemcpy
    By Anonymous in forum OllyDbg Support Forums
    Replies: 2
    Last Post: August 22nd, 2003, 13:20
  3. How to bp hmemcpy
    By look46 in forum OllyDbg Support Forums
    Replies: 17
    Last Post: July 7th, 2003, 00:00
  4. hmemcpy
    By dipsy in forum Malware Analysis and Unpacking Forum
    Replies: 11
    Last Post: February 9th, 2001, 22:39
  5. hmemcpy
    By nu in forum Tools of Our Trade (TOT) Messageboard
    Replies: 1
    Last Post: November 2nd, 2000, 18:51


Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts