Memory Hacking Software

[trialusert]

Look at this code part:


If I NOP the selected function, it changes to:


This way everything works good. The problem appears when I try to inject a "NOP" using the code injector, like this:

1. Before the change (why are there two question marks by the way?)


2. After the change (question marks deleted)


When I do that, the game crashes after a few seconds. I wonder why this is happening? Is this a bug?

[L. Spiro]

You only injected 1 NOP when it requires 2.


L. Spiro

[trialusert]

Even with 2 nops the game keeps crashing... By the way, what are those question marks?

[L. Spiro]

I do not know what the question marks are.

But your injection is wrong on principle.


It needs to be:

Code: Select all

0x005F8A91 :
nop
nop

L. Spiro

[trialusert]

Exactly what I did. Keeps crashing. I believe it's some kind of a bug

[L. Spiro]

That is not what you posted.

I would be surprised if my ASM failed whereas the NOP tool worked, since they work the same exact way. In the end, they both use one WriteProcessMemory() with 2 0x90 values at the given address.

The reason clicking Next gives you a preview is not only so you can copy the codes for your own uses but also so you can verify the code to be injected.


L. Spiro

[trialusert]

I meant that I also tried to inject the code you wrote, but the game still crashed... That's pretty wierd. The game is C&C Tiberium Wars

[WhiteHat]

Perhaps because the codes around the one you’re injecting are SSE ASM codes ? Maybe that is the reason those question marks came up...

To make a far jump, the injection code needs 5 bytes which are in your case here would have to reside in: 0x5F8A91 to 0x5F8A95. Since MHS has not yet able to translate SSE ASM, the OverwrittenCode part were failed to translate the bytes in 0x5F8A93 to 0x5F8A95.

To make it work try to change those question marks into the bytes they are suppose to be. This steps may work:
- Open MHS Hex Editor and Note the 3 bytes within 0x5F8A93 to 0x5F8A95.
- Replace the “??” into “db 0xXX 0xYY 0xZZ” where XX, YY, ZZ are those bytes you get from the first step.


By seeing your screen shot you may want to replace those question mark to:

Code: Select all

db 0xF3 0x11 0x0F

or

Code: Select all

db 0xF3 0x0F 0x11

Either one of them should works...

Correct me if i’m wrong... (whoa, my 700th posts)..

[trialusert]

Thank you WhiteHat, I'll check that soon and report back.