Memory Hacking Software

[WhiteHat]

For those who plays WarCraft 3 The Frozen Throne v 1.21a, have you ever
try to attach MHS debugger on it ?

MHS crashed every time i tried to. But i can't say this is a bug, because the
debugger works perfect on other games (i tried only with MHS 4.0.0.13).

FYI, i haven't try this with earlier version of MHS...

Thanks in advance.

EDIT :
Attaching debugger i meant was Tools > Disassembler. Upon hitting this menu,
MHS crashes.

Also, i have just tried this from MHS 4.0.0.6 ~ MHS 4.0.0.13 and the same thing
happened.

[Xanatus]

The disassembler crashes very often for me, too. In most cases when i jump to any code location that has a lot of undefined code. I guess the disassembler has some problems with protected memory areas or with some kind of opcodes.

[L. Spiro]

It won’t be something like that, but it will be something simple.

The Disassembler is actually much more complex than what you can see for now.
For example, it supports code folding, multi-line comments (such as those in IDA) and breaking of functions into chunks and graphing them just as IDA does.
I only allow one viewtype (with one big chunk showing all of the code and no buttons for folding functions) and currently do not have any comments that run onto extra lines, so what you see is just the basic OllyDbg view.

Furthermore, each line of text is actually several blocks put together. That is how color coding is done (links are highlighted when you mouse over them).

Then there is a dictionary and look-up table that-


So the point is, there is a shitload going on there.



With all of that being said, all of it is very stable with only a few exceptions. These exceptions are very rare to encounter under normal use, but I found one of them already and fixed it in this release.
They are all very simple to fix. I know that it has to do with a pointer I pass at the beginning of loading it which is sometimes not passed all the way down if there are errors loading the initial address area.
Finding the places where this can actually cause problems would be easy if I had test material.


L. Spiro

[WhiteHat]

My barin is too limited to understand L. Spiro’s explanation. But i agree, even i stated before, that MHS debugger is stable.
I can debug other games i play perfectly...

However for gold hack of WarCraft 3 TFT, i found that the base pointer address is way much bigger than other game. (i had to
use CheatEngine 5.3 for debugger). This is one of them :

Player 1 Gold:
[[[0x6f87d7bc]+0xC]+0x154]+0x78


While for game called FATE, here is the complex address i got which shows the base pointer is not too big (i mean, too far from
address 0x00400000)

My Gold:
[[[[0x00d3a228]+0x278]+0x644]+0x458]+0x8

I don't know if the base pointer address (the green one) have something to do with the failure i encountered in Frozen Throne,
other any technical reason that L. Spiro had mentioned...


Thanks for helping....

[L. Spiro]

To put it into pictures, MHS can do this:
http://www.hex-rays.com/idapro/pix/pc3.gif (Notice the addresses at the start of the code are all the same. This is a multi-line comment.)

And this:
http://www.hex-rays.com/idapro/freefile ... review.htm

MHS is ready to beat both OllyDbg and IDA, and will eventually allow you to switch between either layout as you prefer.

Furthermore, it has code folding. To see this, just write a function in the Script Editor and see the mark next to the start of it. Click that mark and the function folds into itself.
Now just imagine that in the Disassembler.



The current layout in MHS is just a big island with all the code in it, making it look as simple as the OllyDbg layout. Take one of those small islands from the second picture, make it huge, and put all of the code into it.


L. Spiro

[WhiteHat]

The current layout in MHS is just a big island with all the code in it, making it look as simple as the OllyDbg layout. Take one of those small islands from the second picture, make it huge, and put all of the code into it.

Does CheatEngine debugger use a different sysem so it can debug WC3 ‘safely’ ?

[L. Spiro]

I wouldn’t know that.


L. Spiro

[WhiteHat]

My previous post was obviously a stupid question... XD

Anyway, i hope the next MHS releases would allow us to debug Warcraft 3.

[JB Gzn]

My previous post was obviously a stupid question... XD

Anyway, i hope the next MHS releases would allow us to debug Warcraft 3.

MHS will.... always PWN games lol.
atleast if its getting updated which it probably would till L. Spiro retires

[Mimicsub]

Hell yeah,Mhs software is awesome.Dont retire L.Spiro.

Long Live.

[WhiteHat]

If i’m not mistaken, MHS had able to disassembly Warcraft TFT v1.20, that is
the patch version before v1.21a in other computer (not the one i’m using now).

I’m not sure whether the computer or the version is the matter which cause
the debugger to work...

[L. Spiro]

Well what is the error report after the crash?


L. Spiro

[WhiteHat]

Sorry but I’m not quite sure what to post here... Would you be
more specific ?

However, here's a few:

Error Signature
- AppName : mhs.exe
- AppVer : 4.0.0.13
- ModName : mhs.exe
- ModVer : 4.0.0.13
- Offset : 001cfa46

as for report contents (technical information), i wish i could do
copy and paste here cause it goes pages even the scroll slider
became very small (thin)...

[L. Spiro]

I meant, is it writing an invalid address or reading one?


L. Spiro

[WhiteHat]

It was just a plain Send Error Report or Don’t Send ...

“Memory Hacking Software has encountered a problem and needs to close.
We are sorry for the inconvenience”.

Then upon click-ing on “To see what data this error report contains, click
here” those technical stuffs appeared which i post a few of them...

Where should i look into to determine it was writing or reading ?