Page 1 of 1
Problem with injecting the code in pointer register
Posted: Mon Jul 09, 2018 8:43 am
by marek1957
Hello People, I need once again help.
I was watching a tutorial from[B] SneakyMofo[/B] about finding REAL value by using Visual Value --> [MEDIA=youtube]06t_hoWGa5c[/MEDIA]
I found that ECX and EBX registers has a real (not visual) value stored - but I am stuck on this part of the code:
[img]https://i.imgur.com/RJl42lE.png[/img]
[img]https://i.imgur.com/bGYTM72.png[/img]
mov eax,[edx+34] is the last place where the ECX register has a REAL value in it, but in one place above ECX is not having real value but totally different value.
I don't know how to inject a code in place: mov eax,[edx+34] to change value in ECX register.
If I change code to mov ecx,#4 for example, it is crashing a game totally.
Thank you for your support to someone like me and helping me all the time.
Marek.
Problem with injecting the code in pointer register
Posted: Mon Jul 09, 2018 5:17 pm
by koderkrazy
I think you are injecting at wrong point. This [ICODE]Asphalt8.exe+95A48D addss xmm0, xmm1[/ICODE] does real manipulation to the data.
In your break and trace see what values are there in xmm0 and xmm1 registers.
Do aob inject on Asphalt8.exe+95A48D and manipulate xmm0xmm1 registers in your code.
[edx+30] holds encrypted offset to get value you are looking for. [edx+34 + 2*4] is location of your encrypted value.
Do dissect data structur on pointer [edx] to understand more.
This is how data is encrypted:
(lets say visual data is in eax and we want to store it at edx+34)
Code: Select all
xor eax, [Asphalt8.exe+1b9d5] // Asphalt8.exe+1b9d5 is static address holds encryption constant.
lea ecx, [edx+34 ] // address of the location where value will be stored.
xor eax, ecx
mov [edx + 34], eax // store encrypted value
This is how it is dycripted:
(here edx+34 holds encrypted value)
Code: Select all
mov eax, [edx+34]
xor eax, [Asphalt8.exe+1b9d5] // xor with constant
lea ecx, [edx+34] //get address of the location where the encrypted value is stored.
xor eax, ecx
// yey now eax holds the visual value
Note: if the code(where you are going to inject) writes multiple addresses then add conditions in your injection, as mentioned in the video.
Problem with injecting the code in pointer register
Posted: Fri Aug 10, 2018 7:37 am
by marek1957
Ok but I forgot how to add conditions xd can you show me any tutorial for that?
Problem with injecting the code in pointer register
Posted: Fri Aug 10, 2018 8:27 am
by TimFun13
[QUOTE="marek1957, post: 54527, member: 11389"]Ok but I forgot how to add conditions xd can you show me any tutorial for that?[/QUOTE]
Memory and retention, are pretty important when it comes to reversing/hacking. You may want to get a handle on that.
EDIT:
Some recent studies have shown that a lot of "memory" problems are actually storage related, meaning people tend to have problems storing the "memory" and it's not really a problem with retrieving the "memory". So you probably didn't "forget"; but never cared to store it, or you had different brain chemistry when it was stored.
Problem with injecting the code in pointer register
Posted: Fri Aug 10, 2018 10:12 am
by marek1957
show me some tutorials.
Problem with injecting the code in pointer register
Posted: Fri Aug 10, 2018 1:20 pm
by TimFun13
[MEDIA=youtube]egZsHq0b1q8[/MEDIA]