Memory Hacking Software

[robrave]

It will not work if you do not have my source code and debugging information (which are so valuable that all who see them turn to gold).


L. Spiro

oh I have OllyDbg here, we can breakpoint at every msgbox 0 to 8, I think you can figure it out.

so Spiro, you have seen it, you are already gold

[robrave]

Code: Select all

005CD216  |> 8B45 FC        /MOV EAX,DWORD PTR SS:[EBP-4]
005CD219  |. 83E8 01        |SUB EAX,1
005CD21C  |. 8945 FC        |MOV DWORD PTR SS:[EBP-4],EAX
005CD21F  |. 8B4D FC        |MOV ECX,DWORD PTR SS:[EBP-4]
005CD222  |. 3B4D 0C        |CMP ECX,DWORD PTR SS:[EBP+C]
005CD225  |. 7C 1B          |JL SHORT MHS.005CD242
005CD227  |. 8B55 BC        |MOV EDX,DWORD PTR SS:[EBP-44]
005CD22A  |. 8B42 08        |MOV EAX,DWORD PTR DS:[EDX+8]
005CD22D  |. 8B4D BC        |MOV ECX,DWORD PTR SS:[EBP-44]
005CD230  |. 8B51 08        |MOV EDX,DWORD PTR DS:[ECX+8]
005CD233  |. 8B4D FC        |MOV ECX,DWORD PTR SS:[EBP-4]
005CD236  |. 8B75 FC        |MOV ESI,DWORD PTR SS:[EBP-4]
005CD239  |. 8A0430         |MOV AL,BYTE PTR DS:[EAX+ESI]
005CD23C  |. 884411 01      |MOV BYTE PTR DS:[ECX+EDX+1],AL
005CD240  |.^EB D4          \JMP SHORT MHS.005CD216


Run MHR.rar here in my comp.. when I press compile it seems doing sumthing but never returns. Takes 50% of CPU usage. I decided to kill it using Task Manager and load it using OllyDbg.

This is the code where it hangs, as you can see it just loops , the instruction JL SHORT MHS.005CD242 was never been true

this is my stack:

Code: Select all

0012F268   0012F578
0012F26C   00000001
0012F270   0012F2B0
0012F274   005C9CBC  RETURN to MHS.005C9CBC from MHS.00485AB0
0012F278   00F9FF28  ASCII "Preprocessing DLL not loaded."
0012F27C   00000001
0012F280   00009800
0012F284   00F68FF0


[L. Spiro]

I could have had this uploaded an hour ago had the fucking Internet not died for an hour for no fucking reason.

Try this.
http://www.memoryhacking.com/MemHack/MHS.rar


L. Spiro

[robrave]

I could have had this uploaded an hour ago had the fucking Internet not died for an hour for no fucking reason.

Try this.
http://www.memoryhacking.com/MemHack/MHS.rar


L. Spiro

didn't work.. still the same - hanged

While using OllyDbg, I've come across this line

Code: Select all

005E93D6  |. 52             |PUSH EDX                                ; /Arg1 = 006885EC ASCII "_M_IX86=600"
005E93D7  |. 8D4D DC        |LEA ECX,DWORD PTR SS:[EBP-24]           ; |
005E93DA  |. E8 014CFEFF    |CALL MHS.005CDFE0                       ; \MHS.005CDFE0


I research
http://softwarecommunity.intel.com/Wiki/DevelopforCoreprocessor/288.htm
http://72.14.253.104/search?q=cache:rz_6iDj8Gf8J:www.gamedev.net/community/forums/mod/journal/journal.asp%3Fjn%3D300672%26cmonth%3D2%26cyear%3D2007+_M_IX86+dual+core&hl=en&ct=clnk&cd=6&gl=ph&lr=lang_en&client=firefox-a

[L. Spiro]

Before you look too much into that, you should know it is nothing more than a text string.
It has absolutely nothing to do with your CPU or operating system.

Obviously it does if you are coding a new program; it is a macro. Hence why you see it in MHS; that area of code creates a list of text macros to send to the preprocessor.



The actual code in MHS appears as:

Code: Select all

   MH_CodeStringList mhcsDefinesCopy, mhcsIncludesCopy;
   mhcsDefinesCopy = m_mhcslDefines;



   if ( bWindowsDefines ) {
      static CHAR * pcWinDefs[] = {
         "_M_IX86=" TOSTRING_CHAR( _M_IX86 ),
         "_WCHAR_T_DEFINED",
         "_MT",
         "_MSC_VER=" TOSTRING_CHAR( _MSC_VER ),
         "_MSC_EXTENSIONS=" TOSTRING_CHAR( _MSC_EXTENSIONS ),
         "_INTEGRAL_MAX_BITS=" TOSTRING_CHAR( _INTEGRAL_MAX_BITS ),
#ifdef _ATL_VER
         "_ATL_VER=" TOSTRING_CHAR( _ATL_VER ),
#endif
#ifdef __CLR_VER
         "__CLR_VER=" TOSTRING_CHAR( __CLR_VER ),
#endif
         "WIN32",
         "_WINDOWS",
         "_CRT_SECURE_NO_DEPRECATE",
#ifdef _CHAR_UNSIGNED
         "_CHAR_UNSIGNED",
#endif
#ifdef __cplusplus_cli
         "__cplusplus_cli=" TOSTRING_CHAR( __cplusplus_cli ),
#endif
#ifdef _CPPLIB_VER
         "_CPPLIB_VER=" TOSTRING_CHAR( _CPPLIB_VER ),
#endif
#ifdef _CPPRTTI
         "_CPPRTTI",
#endif
#ifdef _CPPUNWIND
         "_CPPUNWIND",
#endif
#ifdef _DEBUG
         "_DEBUG",
#endif
#ifdef _DLL
         "_DLL",
#endif
#ifdef _M_ALPHA
         "_M_ALPHA",
#endif
#ifdef _M_CEE
         "_M_CEE",
#endif
#ifdef _M_CEE_PURE
         "_M_CEE_PURE",
#endif
#ifdef _M_CEE_SAFE
         "_M_CEE_SAFE",
#endif
#ifdef _M_IA64
         "_M_IA64",
#endif
#ifdef _M_IX86_FP
         "_M_IX86_FP=" TOSTRING_CHAR( _M_IX86_FP ),
#endif
#ifdef _M_X64
         "_M_X64",
#endif
#ifdef _MANAGED
         "_MANAGED",
#endif
#ifdef _MFC_VER
         "_MFC_VER" TOSTRING_CHAR( _MFC_VER ),
#endif
#ifdef _MANAGED
         "_MANAGED",
#endif
#ifdef __MSVC_RUNTIME_CHECKS
         "__MSVC_RUNTIME_CHECKS",
#endif
#ifdef _NATIVE_WCHAR_T_DEFINED
         "_NATIVE_WCHAR_T_DEFINED",
#endif
#ifdef _OPENMP
         "_OPENMP=" TOSTRING_CHAR( _OPENMP ),
#endif
#ifdef _VC_NODEFAULTLIB
         "_VC_NODEFAULTLIB",
#endif
#ifdef _WIN32
         "_WIN32",
#endif
#ifdef _WIN64
         "_WIN64",
#endif
#ifdef _Wp64
         "_Wp64",
#endif


      };
      for ( DWORD I = 0; I < sizeof( pcWinDefs ) / sizeof( pcWinDefs[0] ); I++ ) {
         mhcsDefinesCopy.Add( pcWinDefs[I] );
      }
   }

But as you can see this section of code depends on bWindowsDefines being TRUE, and it is not TRUE when you compile scripts, so I assure you this is not the area causing problems.


L. Spiro

[robrave]

I see.

I noticed that MHS creates a random named DLL, which I suppose is the compiled code of my loaded script? Can I just compile it in other computer and use that DLL in my comp by using DLL Injector?

Finding the cause takes much time on my part and I'm losing time. I need to extract the game info as soon as possible.

Hehe, or I can try using VC++ to create a DLL and use DLL Injector.

Thanks!

[L. Spiro]

I noticed that MHS creates a random named DLL, which I suppose is the compiled code of my loaded script?

It is the DLL that is injected into the target process to allow you to call functions in the target process. It has a random name so that it can not be detected and patched out (for example, the target process could detect “InjectMe.dll” and go into anti-cheat mode, but since the name of my DLL is different every time it can not do this).

The code for your script is compiled internally.



The version I posted detects if the preprocessor fails and then goes to the normal compilation routine. It should already be working for you.
Since it is apparently not, I will compile a special version that simply does not attempt to preprocess the scripts.
As expected, you will not be able to use macros.


L. Spiro

[L. Spiro]

http://www.memoryhacking.com/MemHack/MHS%204.0.0.5-1%20No%20Kernel.rar
This has no kernel and does not attempt to use the preprocessor to compile scripts.

And the Open Process window can be resized.


L. Spiro

[robrave]

http://www.memoryhacking.com/MemHack/MHS%204.0.0.5-1%20No%20Kernel.rar
This has no kernel and does not attempt to use the preprocessor to compile scripts.

And the Open Process window can be resized.


L. Spiro

weeee!! Pressing Compile on Script Editor works!!! But pressing Go on Preprocessor still err! This is ok, I can use the editor again!

Thanks! Spiro

[robrave]

oh yes,

Code: Select all

Update (4:08 PM 12/3/2007):

MHS4.0.0.9.rar has been added to the download page.



    * Kernel function addresses now shown in the Disassembler Helper tab.
    * Added the CreateDisObj, DestroyDisObj, and Disasm functions to the scripts.
    * Added the MHSAssembly page to the help file.
    * Fixed the Predefined Enums page in the help file.
    [b]* Fixed a compilation bug in the scripts.[/b]
    * Single-stepping now highlights the current function.
    * Added the ability to select functions.
    * Fixed a bug in the Assembler related to unary + and - operators.
    * The Disassembler now allows copying selected addresses as Auto-Assembler strings

This 4.0.0.9 version works on my computer. What is that bug you found? Does dual core really affects the compilation??

Thanks for this release! I can now use the latest version without switching to the special version when using scripts

[L. Spiro]

I had a retarded method for storing references to declared locals and globals (which would include enumerations, since they are all declared as a bunch of globals) such that a pointer was used to each element in a resizable list.
Obviously if the list resized the pointers would be pointing to junk data.

I have no clue why I used that method for that part; I used it only there while all other references to things inside resizable lists used indices.

I changed these to use indices instead of direct pointers.


The problem was hard to create because the resizable list would often be redeclared in the same spot (and only resized when over 0x100 globals were declared), so, depending on the memory uses of your computer you could get the problem you had or not.

Note that this was a bug in the scripts, not in the preprocessor. The invalid pointers were causing huge buffer overwrites which then caused some of the code in the preprocessor module to be overwritten (again only a problem under certain memory layouts).


L. Spiro

[robrave]

i see.. so maybe that causes my CPU usage to push to 50% and MHS just hanged whenever I compile scripts using previous buggy version.

[robrave]

and maybe because my new comp uses DDR2 type memory.. all other computer I have used are DDR1 and MHS works fine.