Great piece of software, but a few of suggestions:
1. Maybe I missed this, but a window to show a process' loaded modules along with their base addresses.
2. The ability to search from one module to another by specifying the module name, ex. - From: pbcl.dll To: pbbag.dll would search the entire pbcl.dll module or include a keyword like (nm) that means, "search up to the next module". See example:
http://img352.imageshack.us/img352/83/exampledq0.jpg
3. Let the hex editor have an option to operate like TSearch's - being able to move around memory freely by scrolling (especially backwards).
4. In the disassembler window, while both debugging and not debugging, NOP Selected did not patch anything. Maybe I am doing this wrong?
5. Add in a Force Jump right near the NOP Selected option like TSearch's debugger has.
6. Add a wildcard option to hex string searches (specifying a ** should represent an unknown byte, whereas 7* could be used for a conditional jump byte search).
A few suggestions
Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo
4 posts • Page 1 of 1
A few suggestions
by BlackDove » Sat Feb 09, 2008 10:17 pm
- BlackDove
- I Ask A Lot Of Questions
- Posts: 11
- Joined: Sat Feb 09, 2008 9:55 pm
Re: A few suggestions
by mezzo » Sun Feb 10, 2008 12:07 am
BlackDove wrote:1. Maybe I missed this, but a window to show a process' loaded modules along with their base addresses.
Expression evaluator or the helper window of the disassembler. (you can also try alt+enter)
BlackDove wrote:2. The ability to search from one module to another by specifying the module name, ex. - From: pbcl.dll To: pbbag.dll would search the entire pbcl.dll module or include a keyword like (nm) that means, "search up to the next module". See example:
http://img352.imageshack.us/img352/83/exampledq0.jpg
Same as above, just enter the range you found above in the search range box. (or use enter the module name into the expression evaluator to get the address.
BlackDove wrote:3. Let the hex editor have an option to operate like TSearch's - being able to move around memory freely by scrolling (especially backwards).
just enter a lower start address in the helper window of the hexeditor
BlackDove wrote:4. In the disassembler window, while both debugging and not debugging, NOP Selected did not patch anything. Maybe I am doing this wrong?
Perhaps the range you are trying to edit is protected (read only) and you need to fix that first ?
BlackDove wrote:5. Add in a Force Jump right near the NOP Selected option like TSearch's debugger has.
Just overwrite the command or make a codecave to do so.
BlackDove wrote:6. Add a wildcard option to hex string searches (specifying a ** should represent an unknown byte, whereas 7* could be used for a conditional jump byte search).
Can be done with groupsearch
- No thanks, I already have a penguin -
-
mezzo - El Mariachi
- Posts: 739
- Joined: Mon Apr 30, 2007 10:27 pm
- Location: Antwerp
by BlackDove » Sun Feb 10, 2008 1:38 am
Most of my suggestions were for convenience purposes.
#1:
I could not get the expression evaluator to list modules even with Alt+Enter.
The Helper window does have an Import section, but this does not list module base addresses.
#2:
Saves typing and retyping module name to get base address when game is restarted.
#3:
This is essential - who wants to be bothered having to type when a simple mouse click should be able to take you back in memory?
#4:
The process / area of memory is not protected. It simply does not write (does not work on Windows Calculator for example).
#5:
When changing a program's flow to determine logic, who wants to be bothered with having to type a code cave or manually entering in assembly commands?
#6:
Okay, never fully looked into group search.
#1:
I could not get the expression evaluator to list modules even with Alt+Enter.
The Helper window does have an Import section, but this does not list module base addresses.
#2:
Saves typing and retyping module name to get base address when game is restarted.
#3:
This is essential - who wants to be bothered having to type when a simple mouse click should be able to take you back in memory?
#4:
The process / area of memory is not protected. It simply does not write (does not work on Windows Calculator for example).
#5:
When changing a program's flow to determine logic, who wants to be bothered with having to type a code cave or manually entering in assembly commands?
#6:
Okay, never fully looked into group search.
- BlackDove
- I Ask A Lot Of Questions
- Posts: 11
- Joined: Sat Feb 09, 2008 9:55 pm
by L. Spiro » Sun Feb 10, 2008 9:36 am
For MHS 4.0.0.14:
The Exports tab in the Disassembler now lists all modules.
Furthermore, the Properties window allows you to snap the search range to the selected chunk or module.
SO() and EO() operators have been added to the Expression Evaluator. SO() = sizeof(), and returns the size of a module. EO() = endof() and returns the ending address of a module.
All search dialogs now allow valid expressions in all edit fields, so you can set your search range to:
Start: pbcl.dll To: eo( pbcl.dll )
It will be done with the keyboard. Changing the scrolling system is quite a hassle; rather Page Up and Page Down should suffice.
NOP Selected works. The memory is protected—even Calc.exe has read-only code and you can change its protection from the Properties dialog.
We’ll see. I have never used TSearch so I wouldn’t know how they implemented this feature. My guess would be that all you have to do is enter the address where you want to JMP, which saves you from typing “JMP ”. I already plan to add an Assemble command which simply changes one line of code, so if all from what you are saving yourself is 4 characters I’m not really sure of the value of this feature.
Group Search doesn’t do exactly what your request was, but it may work regardless.
Furthermore, regular String Searches (Wildcards) work for many cases, and there is a Script Search as well that is guaranteed to be able to give you the functionality you desire.
With 3 ways to get the job done it is probably not valuable enough to make it into a new Evaluation Type (remember, I can not just change the existing Hex String search because the method for searching wildcards has no optimizations and it would slow down the existing search (which is shared by the ASCII and Unicode types) to switch to that method. I would have to make a new Evaluation Type and new parsers for it).
If you did not know that the Wildcard, ASCII, and Unicode searches are binary, now you do. This means you can put any character into them using escape sequences.
Most of the other points are already in the current build and ready for the next release.
L. Spiro
BlackDove wrote:#1:
I could not get the expression evaluator to list modules even with Alt+Enter.
The Helper window does have an Import section, but this does not list module base addresses.
The Exports tab in the Disassembler now lists all modules.
Furthermore, the Properties window allows you to snap the search range to the selected chunk or module.
BlackDove wrote:#2:
Saves typing and retyping module name to get base address when game is restarted.
SO() and EO() operators have been added to the Expression Evaluator. SO() = sizeof(), and returns the size of a module. EO() = endof() and returns the ending address of a module.
All search dialogs now allow valid expressions in all edit fields, so you can set your search range to:
Start: pbcl.dll To: eo( pbcl.dll )
BlackDove wrote:#3:
This is essential - who wants to be bothered having to type when a simple mouse click should be able to take you back in memory?
It will be done with the keyboard. Changing the scrolling system is quite a hassle; rather Page Up and Page Down should suffice.
BlackDove wrote:#4:
The process / area of memory is not protected. It simply does not write (does not work on Windows Calculator for example).
NOP Selected works. The memory is protected—even Calc.exe has read-only code and you can change its protection from the Properties dialog.
BlackDove wrote:5. Add in a Force Jump right near the NOP Selected option like TSearch's debugger has.
We’ll see. I have never used TSearch so I wouldn’t know how they implemented this feature. My guess would be that all you have to do is enter the address where you want to JMP, which saves you from typing “JMP ”. I already plan to add an Assemble command which simply changes one line of code, so if all from what you are saving yourself is 4 characters I’m not really sure of the value of this feature.
BlackDove wrote:#6:
Okay, never fully looked into group search.
Group Search doesn’t do exactly what your request was, but it may work regardless.
Furthermore, regular String Searches (Wildcards) work for many cases, and there is a Script Search as well that is guaranteed to be able to give you the functionality you desire.
With 3 ways to get the job done it is probably not valuable enough to make it into a new Evaluation Type (remember, I can not just change the existing Hex String search because the method for searching wildcards has no optimizations and it would slow down the existing search (which is shared by the ASCII and Unicode types) to switch to that method. I would have to make a new Evaluation Type and new parsers for it).
If you did not know that the Wildcard, ASCII, and Unicode searches are binary, now you do. This means you can put any character into them using escape sequences.
Most of the other points are already in the current build and ready for the next release.
L. Spiro
-
L. Spiro - L. Spiro
- Posts: 3129
- Joined: Mon Jul 17, 2006 10:14 pm
- Location: Tokyo, Japan
4 posts • Page 1 of 1
Return to Bugs/Problems/Suggestions
Who is online
Users browsing this forum: No registered users and 0 guests