Page 1 of 1

Changing the argument

Posted: Mon Aug 20, 2012 12:45 pm
by maslo
Hi, I am having a little problem with Ollydbg as I have no idea of how to change "Arg2" to specific string.
There is "Arg1" and "Arg2". Arg1 is the name in the windows registry and Arg2 is the data. Arg2 is somehow produced and is being checked if it's right at every app launch. Therefore if I change manually these 2 values in windows registry and start application then these values will change back.
Could you provide with some help or a hint of how to change Arg2 to a desired string, or how to 'hack' 'Arg2 value generating system' ?

Regards :)


This is what I get if I Step Into: PUSH ECX "Arg2" :


Posted: Mon Aug 20, 2012 2:53 pm
by naides
This would be a quick and dirty.

Somwhere in the executable, find a 00 filled cave, write there the string you want to spoof as arg2. Needs to be null terminated. For extra precaution, make it d-word aligned. Note the address:
for instance
01268000: "MyCheatString0x00"

Now, change your code from

012639FF: LEA ECX, [ESP+64]
01263A03 PUSH ECX


012639FF: MOV ECX, 01268000
01263A03 PUSH ECX

Now the program will read your "MYCheatString" instead of the legit generated string, and hopefully swallow it.
But I would bet there are more checks the you'll have to neutralize. . .