Memory Hacking Software

[robrave]

1) for the hex editor,
is it possible that I can view the data prior to the starting view? usually when I select an address from the results of the search I view it with the hex editor and I wanted to also look at the values of the data before the address I viewed.... like I search for HP value, but I wanted to see if Char Name is also located before the value of HP.. etc

2) for the injection manager,
I use auto generate of code cave, how can I use an address that is in offset to my code cave address.. for example my code cave is 0xABC and i use MOVE DWORD PTR[CODECAVE+0x50],eax something like that
or,
suggest a location where I can put my static pointer


3) for the list of addresses,
Can I reorder the list of address that I added during my searches? I want to organize them, like, MP value here, HP value there, I put Monster name here, etc etc.. a feature like Move Up and Move Down, also, addresses sorting.

4) Using Windows XP, under REgional and Language Options, if Language for non-Unicode programs is set to other than English, like for example, Japanese
- when doing string searches, unicode, when I type Vile Bark, in the preview below the dialog it shows as japanese char\0\i\0\l\0e etc... I can't do proper string searches.. but to change my regional to english.. and back it again to Japanese during work. I'm working on a Japanese firm.

5) on the Insert address can I select String?? also an option for automatic view it as Ascii string when it was Unicode... lots of \0 in the string makes it a total crap >.>

I'll post more when I encounter some difficulties Pardon for my grammar I'm not that good in english

Keep up the good work!! I love your software!! It's fast and easy to use

[L. Spiro]

Pardon for my grammar I'm not that good in english

だいじょうぶです。　あなたのえいごよりぼくのにほんごじょうずです。 たぶん。
Though questions and answers should always be asked and given in English as per the benefit of others.

1) for the hex editor,

View Hex Editor - Helper/Navigation in the help file. You can go to any address from here. After you go to your target address, just modify the Start to point X addresses before that.

2) for the injection manager,

At the end of code segments, there are usually tons of trailing 0’s up to the next chunk boundary. This is where you can put both your code and static addresses. This works if the chunk has execute, read, and write properties set (I need to add something to check these properties; the old versions had something).

A way that typically requires no inconvenient checks is to open the Hex Editor and view the current process. Helper/Info. It lists the chunks and indents the ones that are part of modules (static).
The last chunk (listed as 0043A000 here) is usually the data chunk and will have read/write properties set. At the end of this chunk is usually another set of buffer 0’s. You can use this for the target address of your static value.

If there is no noticable buffer, you can look around inside this chunk for text strings used to report errors. For example, “Failed to allocate memory for blah blah blah.” You can safely use this space for your personal data for 2 reasons:
#1: These strings are virtually never seen during the use of the program. This data is likely never to be used by the target process.
#2: Even if it did use the data, the worst possible result is that the error message does not display properly.

3) for the list of addresses,

You can reorder the main address list by clicking one of the header tabs.
This automatically orders them by whatever header you click.
There is currently no feature to manually organize them however you can take advantage of the automatic feature by using character symbols at the front of the descriptions. Sort by description and they will be in the order you want. The only downside is that this can be a bit tacky.

4) Using Windows XP

This is not an easy fix for me since I do not use the regional codepage in the first place. The data you enter into those boxes is treated as raw binary data. The regional translation occurs at a lower level inside Windows, or inside the edit control itself before being passed to my program to be used.
Alternatively, if the edit control is not mangling your input, it could be just the preview that is being mangled, while the search itself would work normally otherwise.

If you are sure the mangling happens on the input level, you could try typing it as a hex string (use the Converter) or a regular ASCII string with escape sequences. That is, searching for Unicode string “Vile Bark” is exactly the same as searching for ASCII string “V\0i\0l\0e\0 \0B\0a\0r\0k\0”.
Or Hex string “56 00 69 00 6C 00 65 00 20 00 42 00 61 00 72 00 6B 00”.

Are you using MHS for business purposes (just curious; I use it at work quite a lot)?

5) on the Insert address can I select String??

Not yet.

also an option for automatic view it as Ascii string when it was Unicode

Planned for the next release.


エル　スパイロ

[L. Spiro]

on the Insert address can I select String?? also an option for automatic view it as Ascii string when it was Unicode... lots of \0 in the string makes it a total crap >.>

Both options now available in release 4.0.0.2 on the download page.

To show Unicode strings, double-click the item in the main list to modify it and hit the Display as Unicode check. This is documented in the help file.


L. Spiro