Memory Hacking Software

[L. Spiro]

I use the term “complaint” lightly.

As you have probably figured out I am open to suggestions at all times and implement most of them; all of it goes towards making my software better and better.

If the Auto-Assembler was not coming I would add the option not to add the overwritten code at all, or add the Assemble feature I used to have which allowed you to overwrite just one line of code (I will be adding that too anyway, also probably in the next release).


L. Spiro

[Shynd]

One more thing: can you make it so that, in the disassembler, when ctrl+g is pressed, the literal edit box is auto-focused with all current text selected, so that the user can just press ctrl+v to paste over the current address? Also, could you allow it to handle addresses in '0x00000000' format? Thanks again

[L. Spiro]

I can. I plan to make the input for that (and many others) evaluated by the expression evaluator so it would except many forms of input.


L. Spiro

[Shynd]

I'm sure this is already planned, but the ability to call functions inside the process within scripts. It's already semi-possible using a combination of breakpoints and code injection, but it's a little bit advanced for most users, I think (as well as a pain in the ass )


GetProcAddress and GetModuleHandle for current process possible? For instance, if one wanted to breakpoint on GetTickCount()...

Code: Select all

LPSCRIPT_ADD_BP bp;

bp->iType = SPBT_EXECUTE;
bp->iCallback = SYS_FUNCS_CUR_PROC_SCRIPT_FUNC;
bp->dwNewParms[1] = 1;
bp->pcName = "wsock_send"; //or, i suppose, SPrintF(bp->pcName, "wsock_send");
bp->bHardware = true;
bp->bSet = true;
bp->aAddress = (DWORD)GetCurProcessProcAddress(GetCurProcessModuleHandle("kernel32.dll"), "GetTickCount");

...or something?

[L. Spiro]

the ability to call functions inside the process within scripts

These are called extern functions.
Syntax:

Code: Select all

extern INT __stdcall FuncName( INT iParm0, FLOAT fParm1 /*Etc.*/ ) = { "gamex86.dll", 0x0002EFC8 };

Usage:

Code: Select all

INT iGetPlayers = FuncName( 0, fX ); // Call the remote function an store the return.
if ( FuncName( 90, 0.0f ) ) {} // Call the remote function and branch based off the return.
extern INT iMaxPlayers = { "gamex86.dll", 0x89EC };
iMaxPlayers += FuncName( iMaxPlayers, 90.0f ); // Pass an extern variable into the parameter list and add the return to an extern variable.

It has been planned for over a year but it is not simple to implement.
However, thanks to the additions of a few recent features it can finally be implemented.

GetProcAddress and GetModuleHandle for current process possible?

The planned feature (available in MHS 4.0.0.7) is MHS_ADDRESS GetRemoteFunctionAddress( library, function ).



To create a breakpoint structure properly:

Code: Select all

SCRIPT_ADD_BP bpBreak = { 0 }; // = { 0 } is required; it sets the entire structure to 0.
bpBreak.dwRange; // Required for software read/write breakpoints.
bpBreak.aAddress = 0x01005334; // The address is required.
// Everything else is optional; since the structure is set to 0’s it will have no name, no condition, no callback functions, and will not be active.
// You can then update only the structure members that are important for this breakpoint.


bpBreak.pcName = "Hello";

L. Spiro

[Shynd]

When I use a String Search to search for a string of hex values, it finds it 3 times; when I search for that same string of hex values in the hex editor using CTRL+F, it doesn't find any--well, it doesn't tell me it wasn't found and it also doesn't tell me it was found or jump to display the address at which it was found. Does anyone else have this problem?

[L. Spiro]

The Hex Editor does not search the entire RAM of the process.
Only what is selected or in range.

If problems exist beyond this I will look into it.


L. Spiro

[Shynd]

I believe it was in range. I'll run a few more tests and get back.