eximus Posted April 19, 2009 Share Posted April 19, 2009 I have to read the value of a variable in the game code (asm). Precisely I have to read the value of ecx at the address 004EB134 in the function: "mov [ecx+3dc],eax" What function can I use? Thx to everyone. Link to comment Share on other sites More sharing options...
Developers Jos Posted April 19, 2009 Developers Share Posted April 19, 2009 Have your tried to search before posting? SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
eximus Posted April 19, 2009 Author Share Posted April 19, 2009 Yes, no results. Google too. Link to comment Share on other sites More sharing options...
eximus Posted April 20, 2009 Author Share Posted April 20, 2009 No ideas? Link to comment Share on other sites More sharing options...
Manko Posted April 20, 2009 Share Posted April 20, 2009 You have to use debugging techniques to accomplish this... external or internal, depends on target... A lot of learning and research would have to be undertaken to get even close to results... Besides... Target might have anti-measures... Game crack?? /Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
eximus Posted April 20, 2009 Author Share Posted April 20, 2009 Yes game crack. But how can I know internal/external? And then..what function have I to use? Dll calls? Link to comment Share on other sites More sharing options...
eximus Posted April 23, 2009 Author Share Posted April 23, 2009 up Link to comment Share on other sites More sharing options...
Manko Posted April 23, 2009 Share Posted April 23, 2009 Hi! Sorry to leave you hanging! If target was not protected, I'd like to allocate some memory in target app, direct the mentioned address, by patching in a jmp to that memory which I have filled with a routine that puts ecx to a memory address which I can read, when I choose, do the same as the bytes i patched in original and jmp back to next original instruction... Maybe suspend process while writing to it... Useful API:s suspend process/threads APIs... (They are in source of my app, Proddler... in sig, below...) OpenProcess VirtualProtectEx (If you need to change permissions(Read/write/execute) ReadProcessMemory WriteProcessMemory (Createthreadex (If you wish to execute code in target process, rather than redirecting present execution, for some reason...)) Otherwise... building a small debugger would not be so hard... I've not done that in autoit, only masm32... And it was a long time ago... I'd go for a harwarebreakpoint and edit the processisdebugedflag... (flag resides in PEB which is easy to get. Google!) CreateProcess For HWbreakpoints, read up on dr0 - dr7 registers... WaitForDebugEvent GetThreadContext ContinueDebugEvent There are ofcourse more ways, more APIS and more countermeasures... But you can google... And if you start down the path of the cracker, .... there is LOTS to learn.... /Manko Yes i rush things! (I sorta do small bursts inbetween doing nothing.) Things I have rushed and reRushed:* ProDLLer - Process manager - Unload viri modules (dll) and moore...* _WinAPI_ProcessListOWNER_WTS() - Get Processes owner list...* _WinAPI_GetCommandLineFromPID() - Get commandline of target process...* _WinAPI_ThreadsnProcesses() Much info if expanded - optional Indented "Parent/Child"-style Processlist. Moore to come... eventually... Link to comment Share on other sites More sharing options...
Developers Jos Posted April 23, 2009 Developers Share Posted April 23, 2009 Don't really see an AutoIt3 Support issue here, just gaming bs... *click* SciTE4AutoIt3 Full installer Download page - Beta files Read before posting How to post scriptsource Forum etiquette Forum Rules Live for the present, Dream of the future, Learn from the past. Link to comment Share on other sites More sharing options...
Recommended Posts