Memory Hacking Software

[L. Spiro]

A few days is a long time for me not to release anything.

The next few releases will be minor, because I have begun rewriting the debugger/disassembler from scratch.

I have been using OllyDbg’s disassembler, however it has several problems.

Firstly, it simply isn’t stable.
It uses macros to define string lengths to avoid buffer overruns. This means you can create large buffers that most likely won’t get overrun, but at the same time you create huge stack frames.
Also, it turned out when I added to the functionality of the disassembler later (to show DLL function names), the buffer could still get overrun anyway, even past 600 characters, which is one reason the disassembler is the last unstable part of Memory Hacking Software.

Secondly, it is by no means thread-safe.
Instead of storing things (settings, current parser states, etc.) in structures and passing a pointer to the structure to each of the service functions, it stores everything to globals, and each service function uses those. So if you start a second parse while the first is still working, the globals for the first will be overwritten and the first parse will be thoroughly messed.

Thirdly, there is only one available instance of the parser. It is not object-oriented/class-based.

Fourthly, it is GNU, which is always a problem.



So my rewrite is more than welcome.
It will fix the above problems and expand on the existing features.
It will include help tabs that explain what each instruction is doing, with interactivity available.

It will include all existing features, most features from OllyDbg, and then some from IDA and others, possibly including graphing (interactive).

The interface will be much more dynamic/intuitive.



The debugger will then be rewritten, upgraded to include all existing features and more features added.
It will also be made faster, and it will be combined with the disassembler into one window.




But all of this takes time, and right now I am working on the disassembler from scratch.
The next few releases will be minor fixes here and there while the disassembler is being built behind the scenes.


L. Spiro

[L. Spiro]

I spent the weekend coding the base classes for the disassembler, and here is what I have:

• Multiple methods of data analysis.
  
  • Non-analyzed disassembly.
  • Basic analysis—globals shown.
  • Full analysis—code is followed, references are tracked, etc.
• Collapsing.
  
  • Collapse functions out of view.
  • Possibly collapse if/while/for segments.
• Interactive output.
  
  • Extra information shown when mouse over parts of text.
  • Clickable links in addresses (references, JMP, CAL, etc.)
  • Dynamic highlighting (key words, important bits, etc.)
• Multi-line hidable comments.
• Multiple views.
  
  • Standard linear OllyDbg view.
  • Linear IDA view with multi-line comments.
  • IDA interactive graph view.

L. Spiro

[L. Spiro]

Well the Debugger and Disassembler are so old I had forgotten how poorly designed they were.

As proof that I too can code like shit, I coded the old Debugger and Disassembler in such a way as to connect very strictly to the core of Memory Hacking Software, which in itself was some of the first coding I had done in C++, and of course very poor, using tons of globals and bad design (though it manages to work correctly).


As a result, while rewriting the Disassembler, I make it a point not to use any old code at all or reference any of the globals from the bad-code days (this is the style I have used starting from the rewrite of the searches, meaning the searches, hex editor, code injector, hotkeys, and script are all professionally coded and modular while everything else is crap).

However, I found while rewriting the service functions for the Disassembler that the only way to avoid using the old globals and create a modular design is to actually rewrite the very core of Memory Hacking Software.


This comes with good news and bad news.

The bad news is that this means the next update is a long way off.
It is no longer just a matter of updating the Disassembler and Debugger, but now a matter of essentially gutting all of the old code completely, making an entirely new foundation for Memory Hacking Software.


The good news is that the rewrite will give me much cleaner and more organized code with which to work.
That seems to be good news only for me, but what is good for me is good for everyone using my software.
After the old core is completely gutted, stability of the software can be ensured in all aspects.
It will consume much less RAM and run more quickly.
New features will be much easier to add.
And it will finally allow me to show the source code to potential employers in the future.


The other good news is that the foundation of the Disassembler is done and producing visible disassembly output.
In order to add all the service functions that produce additional in-depth information (following function calls, showing function names and parameters, etc.) I have to rewrite the core, so the Disassembler stops here for a while.


L. Spiro

[KarmaPixel]

Keep up the good work.

[L. Spiro]

I have finally lost my mind enough to restart the whole project.


A new project file has been created, and Memory Hacking Software now consists of only the ability to show the main window (with no controls inside it) and to show the new-and-improved process-open dialog (though the selected process can not actually be opened).


What does this mean?

The Bad:

• Templates will no longer be supported at (but will be added in a new form later).
• The profile system will be changed and the profile settings will be lost. Windows and dialogs will forget their positions and settings one time.
• Saved injections will be lost.

The Good:

• New system of organization offers any kind of addition/upgrade imaginable for the future, including even going DirectX (not that I would do this).
• More compact file size.
• Faster and more efficient.
• Less RAM consumption (by far).
• Better layout/design.
• No memory/resource leaks of any kind.
• 100% stable.
• Organization inside and out: The new file system improves performance, increases stability/reliability, reduces RAM consumption, and allows you the user to know easily why each file is there/how it is used.
• And the best part: It won’t even take that long to make.
  
  • Acceptable code from the original project is reused in the new project. This means any code I wrote after the search rewrite last year. It’s actually a lot of code, saving me a ton of rewriting.
  • Only small parts of existing code need to be rewritten to work with my new organization system.
  • Not much “old” code remained in the old project, and even less of it is actually used. On top of this, I am at least 3 times faster at programming than I was back then, and can easily rewrite any function of the old code in minutes or less.

It will take some time, but not as much as most of you are expecting.
I can still use the existing code from the searches, scripts, hex editor, converter, GameHack converter, injections, hotkeys, tools, dockable windows, splitter controls, and kernel.
Plus the new Disassembler is already up and running.

That’s almost the whole project right there.
Well, at least that’s what I told myself to convince myself to start over…


L. Spiro

[IcameIsawIcheated]

The way you were thumping out an update to it every 2-3days was OTP I think and I don't mind waiting a monh to get the update you just described. Sounds really good!

[L. Spiro]

A taste of things to come in the next release.



Now more compact and stable (the old one had a resource leak).
The lists can be sorted by name or process ID.



The Data Type, Evaluation Type, Value to Find:, To:, From:, and To: boxes remember not just the last values you entered into them, but every value you ever enter into them, even after restarting.


L. Spiro

[WhiteHat]

Sharp n very nice interface design !
IMO, they look much much better...

Keep up the good work, L.

[L. Spiro]

Mother-fucking Visual Studio 2005 crashed during a find/replace, then on restart had to “recover” some of my project files.

It recompiled a few times after, but in 15 short minutes MoveWindow() decided to randomly throw access violations reading areas of RAM it shouldn’t be trying to read in the first place.

It works on some things but not on others, when it used to work on everything.
Not only that, but it says I have missing DLL’s when I run in debug mode.


Thanks for wasting my life, Visual Studio 2005.


L. Spiro

[high6]

Mother-fucking Visual Studio 2005 crashed during a find/replace, then on restart had to “recover” some of my project files.

It recompiled a few times after, but in 15 short minutes MoveWindow() decided to randomly throw access violations reading areas of RAM it shouldn’t be trying to read in the first place.

It works on some things but not on others, when it used to work on everything.
Not only that, but it says I have missing DLL’s when I run in debug mode.


Thanks for wasting my life, Visual Studio 2005.


L. Spiro

u making this in vb.net2005?

[L. Spiro]

I am making it in C++, native Win32 API.

No MFC, no wrappers, no extensions.

It means every special control you see there is the work of me alone (except the Scintilla control).
I manually put together the splitters, the dockable windows, the treeboxes, etc.

That is why my layout sucked (past tense) so much.
Because, firstly, the original design (main window) was some of the first Windows programming I ever did, and, secondly, because I get no help from wrappers, MFC, or .NET.


I had considered making a .NET version where only the interface would be C# while the actual functionality of the program would be C++ to retain all its speed, but using .NET decreases the potential user base, so I don’t do it (although there may be a .NET version along with the normal version later).


L. Spiro

[L. Spiro]

This interface design is only partially complete, and a bit misleading.
The next release is intended to be full of suprises, but I will mention a few of the planned changes here.


There will be a Hex Editor on the main window, dockable.
The small toolbar buttons shown above the main address list are address-list specific, and there will be a main toolbar with larger buttons.

There are now buttons in the Found Address list also.

Button functionality:

• Found Address
  
  • Search
  • Sub Search
  • Remove Selected
  • Add Selected
  • Add All
  • Set All To… (Select Value)
• Main Address List
  
  • Insert Address
  • Open Address List
  • Save Address List
  • Delete Selected Addresses
  • Delete All Addresses
  • Lock Selected Addresses
  • Unlock Selected Addresses

The next release will be full of surprises, even including new search types, in addition to the new Disassembler/Debugger, on top of many more additions yet to come on the main panel shown above.


L. Spiro

[IcameIsawIcheated]

Looking forward to it.