Jump to content

Reading Registers

Nomad
 Share

Recommended Posts

Nomad Universalist

Nomad

Posted
Posted

I've seen wOuter's _mem () functions, but I was curious. Is there any way to read a dword value stored in any of the registers, such as eax, ebx, ecx, etc..? (using AutoIt)

If not, then a point in the right direction to accomplish this would be very much appreciated.

Thanks in advance,

Nomad

Link to comment
Share on other sites
Outshynd Wayfarer

Outshynd

Posted
Posted (edited)

Code injection would be the way to go. Here are the steps:

1. Use a debugger to find the address in the game at which you want to read the register's value.

2. Allocate a chunk of memory (VirtualAllocateEx) and create a JMP from the game's function to your allocated chunk. Be sure to restore any opcodes you overwrite (JMPs are 5 opcodes long, so be sure you're overwriting something like MOV that's at least 5 opcodes in length, and not an ADD or PUSH or something).

3. After restoring the opcodes you overwrote, MOV the register to a static address somewhere in the client, or somewhere in the chunk of memory you allocated. This way, every time you want to get the register's value, you just ReadProcessMemory from the static address to which you wrote the register.

4. JMP back to the regular game routine.

This isn't terribly difficult to do, though it sounds like it. There's a shitload of examples and tutorials floating around and everything that needs to be done can be done with AutoIt. The only slightly difficult part is converting from ASM to the opcodes that need to be written, and even that is pretty easy as there's myriad applications out there that will do it for you.

Edit: here's a link to a thread I wrote about it a while back. You can convert the C++ functions CreateJmp and CreateStaticMov to AutoIt easily enough. http://forum.gamedeception.net/showthread.php?t=8088

Edited by Outshynd
Link to comment
Share on other sites
w0uter Universalist

w0uter

Posted
Posted

Outshynd i find it interesting that you actually calculate the jump"E9 & (jmpAddress - (BaseAddress + 5))" instead of "68 & jmpAddress; C3". (push & ret)

but back OT:

to get hex code i usually just assemble an small exe using masm and then rip the hex code out of that :)

My UDF's:;mem stuff_Mem;ftp stuff_FTP ( OLD );inet stuff_INetGetSource ( OLD )_INetGetImage _INetBrowse ( Collection )_EncodeUrl_NetStat_Google;random stuff_iPixelSearch_DiceRoll

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...