Jump to content
Sign in to follow this  
eximus

Read a value from a variable of asm

Recommended Posts

eximus

I have to read the value of a variable in the game code (asm).

Precisely I have to read the value of ecx at the address 004EB134 in the function: "mov [ecx+3dc],eax"

What function can I use?

Thx to everyone.

Share this post


Link to post
Share on other sites
eximus

Yes, no results. Google too.

Share this post


Link to post
Share on other sites
eximus

No ideas?

Share this post


Link to post
Share on other sites
Manko

You have to use debugging techniques to accomplish this... external or internal, depends on target...

A lot of learning and research would have to be undertaken to get even close to results...

Besides... Target might have anti-measures...

Game crack??

/Manko


Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...

Share this post


Link to post
Share on other sites
eximus

Yes game crack. But how can I know internal/external?

And then..what function have I to use? Dll calls?

Share this post


Link to post
Share on other sites
Manko

Hi! Sorry to leave you hanging!

If target was not protected, I'd like to allocate some memory in target app, direct the mentioned address, by patching in a jmp to that memory which I have filled with a routine that puts ecx to a memory address which I can read, when I choose, do the same as the bytes i patched in original and jmp back to next original instruction... Maybe suspend process while writing to it...

Useful API:s

suspend process/threads APIs... (They are in source of my app, Proddler... in sig, below...)

OpenProcess

VirtualProtectEx (If you need to change permissions(Read/write/execute)

ReadProcessMemory

WriteProcessMemory

(Createthreadex (If you wish to execute code in target process, rather than redirecting present execution, for some reason...))

Otherwise... building a small debugger would not be so hard... I've not done that in autoit, only masm32... And it was a long time ago... I'd go for a harwarebreakpoint and edit the processisdebugedflag... (flag resides in PEB which is easy to get. Google!)

CreateProcess

For HWbreakpoints, read up on dr0 - dr7 registers...

WaitForDebugEvent

GetThreadContext

ContinueDebugEvent

There are ofcourse more ways, more APIS and more countermeasures... But you can google... And if you start down the path of the cracker, .... there is LOTS to learn....

/Manko


Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually...

Share this post


Link to post
Share on other sites
Guest
This topic is now closed to further replies.
Sign in to follow this  

×