Jump to content
Sign in to follow this  
Nomad

Reading Registers

Recommended Posts

I've seen wOuter's _mem () functions, but I was curious. Is there any way to read a dword value stored in any of the registers, such as eax, ebx, ecx, etc..? (using AutoIt)

If not, then a point in the right direction to accomplish this would be very much appreciated.

Thanks in advance,

Nomad

Share this post


Link to post
Share on other sites

Code injection would be the way to go. Here are the steps:

1. Use a debugger to find the address in the game at which you want to read the register's value.

2. Allocate a chunk of memory (VirtualAllocateEx) and create a JMP from the game's function to your allocated chunk. Be sure to restore any opcodes you overwrite (JMPs are 5 opcodes long, so be sure you're overwriting something like MOV that's at least 5 opcodes in length, and not an ADD or PUSH or something).

3. After restoring the opcodes you overwrote, MOV the register to a static address somewhere in the client, or somewhere in the chunk of memory you allocated. This way, every time you want to get the register's value, you just ReadProcessMemory from the static address to which you wrote the register.

4. JMP back to the regular game routine.

This isn't terribly difficult to do, though it sounds like it. There's a shitload of examples and tutorials floating around and everything that needs to be done can be done with AutoIt. The only slightly difficult part is converting from ASM to the opcodes that need to be written, and even that is pretty easy as there's myriad applications out there that will do it for you.

Edit: here's a link to a thread I wrote about it a while back. You can convert the C++ functions CreateJmp and CreateStaticMov to AutoIt easily enough. http://forum.gamedeception.net/showthread.php?t=8088

Edited by Outshynd

Share this post


Link to post
Share on other sites

Outshynd i find it interesting that you actually calculate the jump"E9 & (jmpAddress - (BaseAddress + 5))" instead of "68 & jmpAddress; C3". (push & ret)

but back OT:

to get hex code i usually just assemble an small exe using masm and then rip the hex code out of that :)

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

×
×
  • Create New...