Memory Hacking Software

[chaos_zero]

hello and thank you for creating this wonderful tool!

I have started using your program and found its kind of fun to try and find what means what in memory code and so on. i have programmed before so its not completely new to me...

anyway this may sound like a noobish question, but here goes:

suppose in your game or program theirs a button, and when you press the button their is an exact percentage that the result will either be one thing or another... suppose 10% "success" (or maybe "1" in the code?) and 90% "failure" (or "0" in the code?) perhaps i would like to change this chance to be either 100% or 0%. how can i know what address the percentage is in if i cannot directly change it?

thanks.

[L. Spiro]

Hook rand() (find it in the list of imported functions in the Disassembler) and press the button.
When it breaks it, leave that function and go to the function that called it.
Modify that code to change the chance.


L. Spiro

[chaos_zero]

thank you for your reply.

i found the function "rand" inside one of the DLLs under the process. however i do not understand what you mean by "hook" as i am still a noob. when you click the "hook function" it needs some other data.

i understand we are trying to find the original function that called the rand, but im not quite sure what to put in the second part of the "hook" box.

thanks.

[L. Spiro]

Put a breakpoint on it so you can see what calls it when you click the button.


L. Spiro

[chaos_zero]

ok, bear with me here.

i found the new address and opened it with auto assemble. this is what comes out in the "overwritten code" section.

retn
mov edi, edi
nop
nop

I not have not really learned this coding language, but im guessing the important part is the "mov edi,edi". does this correspond to any number value?

[g3nuin3]

Hi,
Are you setting a BREAKPOINT on the rand() function? If so does it FREEZE your program when you try to press this mystical button? If so, in your disassembler, you can look into the STACK and find the RETURNING address, this is where the function will return to.. 99% of the time it is the same function that CALLED that function rand(), this is where you need to start your work!

regards

[chaos_zero]

ok, steps:

-open program and MHS and open the programs process
-open the disassembler from the MHS tools menu
-in the "helper" window to the side, go to the "imports" tab
(there are a crapload of Dlls listed, as well as the name of my process.exe)
-expand myprocess.exe
-expend the .DLL with the rand in it. (i had to search through all of them to find it)
-right click rand, click add breakpoint to function.
-click yes on attach the debugger

at this point it appears to "find" something in the bigger disassembler window before i even go into the program and click the button. perhaps something else is calling the RAND function?

at this point i am stuck. even with the debugger attached if i click the button in the program the results on screen do not change. The code listed above is the code in the function that the debugger finds right away after attaching the debugger. maybe if i can disable this code, i can find whats accessing the RAND function that i actually want?

or maybe if i can get a full log of whats going on with this function, i can search through it to find what i want. can this program generate a realtime log?

[chaos_zero]

i am still refreshing this page everyday attempting to figure it out. -__-

[g3nuin3]

There could just be an implemented method by the game itself..So since youve found out that rand() isnt being called (or isnt breaking correctly for some reason) You should go into your next method, which youve already given yourself a hint on..You say the program has a button to press that initiates this randomizer right? Well now your option is to find out how u can break on the Caller function after this button is pressed..You could take several angles at this..You could try and use the mouse clicking functions in order to break when the mouse button is clicked..it will more than likely lead you to the location, then the actual button being pressed, which will then lead to the event being called..this is of course going to put u way in front of the actual place you need to be, but whats fun without the run. There could be other approaches like finding out the actual Identifer of the mentioned 'button' and go from there..lots of approaches man, you just have to use what you do know and go from there.