Memory Hacking Software

[soundfish]

Hello everyone,

I downloaded MHS to hack a small program called noiscraddle. It displays a nagscreen every few minutes, which I want to get rid of.

I found the adress which controls the visibility of the nagscreen and the ASM code which changes it. If I NOP the code the nagscreen doesn't appear anymore. So far so good.

But now for my quenstion, how do make this hack permanent, is there a way to edit the .exe file?
Can I just dissasamble it and then NOP the ASM code I foundin MHS? If so, how do I find the correct code, MHS only displays the location of the ASM in the memory, not where it is in the .exe file.

[WhiteHat]

Use MHS Hex Editor. This tool allows you to open and edit file...

To find the correct location of the code in the .EXE files, try this
formula: address in EXE = your NOP address - 0x400000

If the formula isn’t working, just search for the perfectly match
array of bytes arround your NOP address between the memory
and the .exe file...


Edit: it was EXE not EXP ... >.<

[L. Spiro]

The formula will not work.
Search for the actual bytes in the file and if you have only one match modify it via the Hex Editor.


L. Spiro

[soundfish]

I opend the memory in the Hex Editor and went to the location of the ASM code I found and copied a few bytes.
Then I opened the .exe file and searched for the bytes I copied from the memory, but it doesn't find anything

EDIT:
Also searched all dll files in the program directory, no luck either.

[L. Spiro]

MHS will come with a feature to tell you where it is in the file in the next version.


L. Spiro

[soundfish]

great, i'm looking forward to it.

Untill then I'll just see if i can find from where the ASM code is called and try to modify that
My guess is that it is some sort of openGL function I'm looking at right now, so i'll just try to find the function call.