Problem with injecting the code in pointer register

marek1957 · Post by **marek1957** » Mon Jul 09, 2018 8:43 am

Hello People, I need once again help.

I was watching a tutorial from[B] SneakyMofo[/B] about finding REAL value by using Visual Value --> [MEDIA=youtube]06t_hoWGa5c[/MEDIA]

I found that ECX and EBX registers has a real (not visual) value stored - but I am stuck on this part of the code:

[img]https://i.imgur.com/RJl42lE.png[/img]

[img]https://i.imgur.com/bGYTM72.png[/img]

mov eax,[edx+34] is the last place where the ECX register has a REAL value in it, but in one place above ECX is not having real value but totally different value.

I don't know how to inject a code in place: mov eax,[edx+34] to change value in ECX register.

If I change code to mov ecx,#4 for example, it is crashing a game totally.

Thank you for your support to someone like me and helping me all the time.

Marek.

koderkrazy · Post by **koderkrazy** » Mon Jul 09, 2018 5:17 pm

I think you are injecting at wrong point. This [ICODE]Asphalt8.exe+95A48D addss xmm0, xmm1[/ICODE] does real manipulation to the data.

In your break and trace see what values are there in xmm0 and xmm1 registers.

Do aob inject on Asphalt8.exe+95A48D and manipulate xmm0xmm1 registers in your code.

[edx+30] holds encrypted offset to get value you are looking for. [edx+34 + 2*4] is location of your encrypted value.

Do dissect data structur on pointer [edx] to understand more.

This is how data is encrypted:

(lets say visual data is in eax and we want to store it at edx+34)

Code: Select all

xor  eax, [Asphalt8.exe+1b9d5]     // Asphalt8.exe+1b9d5 is static address holds encryption constant.

lea ecx, [edx+34 ]             // address of the location where value will be stored.

xor  eax,  ecx                    

mov [edx + 34], eax              // store encrypted value

This is how it is dycripted:

(here edx+34 holds encrypted value)

Code: Select all

mov eax, [edx+34]

xor eax, [Asphalt8.exe+1b9d5]      // xor with constant

lea ecx, [edx+34]         //get address of the location where the encrypted value is stored.

xor  eax, ecx

// yey   now eax holds the visual value

Note: if the code(where you are going to inject) writes multiple addresses then add conditions in your injection, as mentioned in the video.

marek1957 · Post by **marek1957** » Fri Aug 10, 2018 7:37 am

Ok but I forgot how to add conditions xd can you show me any tutorial for that?

TimFun13 · Post by **TimFun13** » Fri Aug 10, 2018 8:27 am

[QUOTE="marek1957, post: 54527, member: 11389"]Ok but I forgot how to add conditions xd can you show me any tutorial for that?[/QUOTE]

Memory and retention, are pretty important when it comes to reversing/hacking. You may want to get a handle on that.

EDIT:

Some recent studies have shown that a lot of "memory" problems are actually storage related, meaning people tend to have problems storing the "memory" and it's not really a problem with retrieving the "memory". So you probably didn't "forget"; but never cared to store it, or you had different brain chemistry when it was stored.

marek1957 · Post by **marek1957** » Fri Aug 10, 2018 10:12 am

show me some tutorials.

TimFun13 · Post by **TimFun13** » Fri Aug 10, 2018 1:20 pm

[MEDIA=youtube]egZsHq0b1q8[/MEDIA]

FearLess Cheat Engine