Determine diassembler code changes

Need Help With an Existing Feature in Memory Hacking Software? Ask Here

Moderators: g3nuin3, SpeedWing, WhiteHat, mezzo

Determine diassembler code changes

Postby trialusert » Tue Nov 02, 2010 4:07 am

How can I determine whether a few code lines have been changed in the asm code of the game? I have downloaded a trainer recently and I would like to know how they made one of its features... I want to be able to see the changes in MHS diassembler each time i active/deactive that feature. Please please tell me there is an option to do so!
User avatar
trialusert
NULL
 
Posts: 155
Joined: Tue May 20, 2008 6:19 pm

Re: Determine diassembler code changes

Postby L. Spiro » Wed Nov 03, 2010 7:54 am

Search for bytes that have changed within the .text section of the game module.
Or you can search the entire module for changed bytes.


L. Spiro
Our songs remind you of songs you’ve never heard.
User avatar
L. Spiro
L. Spiro
 
Posts: 3129
Joined: Mon Jul 17, 2006 10:14 pm
Location: Tokyo, Japan

Re: Determine diassembler code changes

Postby trialusert » Wed Nov 03, 2010 8:19 am

Thank you.
User avatar
trialusert
NULL
 
Posts: 155
Joined: Tue May 20, 2008 6:19 pm

Re: Determine diassembler code changes

Postby trialusert » Sun Dec 05, 2010 1:34 am

I managed to do it using a little C# code that I wrote. I wanna share it here, I know it's not even getting close to what MHS has to offer but it might be useful to some people...

Code: Select all
Process p = Process.GetProcessesByName("[FullProcessName]")[0];
ProcessMemoryReaderLib.ProcessMemoryReader preader = new ProcessMemoryReaderLib.ProcessMemoryReader();

preader.ReadProcess = p;
preader.OpenProcess();

int bytesread;
byte[] arr, arr2;

Console.WriteLine("1");
Console.ReadKey();
arr = preader.ReadProcessMemory(new IntPtr(0xAddress), 10000000 (number of bytes to read), out bytesread);

Console.WriteLine("2");
Console.ReadKey();
arr2 = preader.ReadProcessMemory(new IntPtr(0xAddress), 10000000 (number of bytes to read), out bytesread);

for (int i = 0; i < 10000000; i++)
    if (arr[i] != arr2[i])
    {
        Console.WriteLine("wew!");
        Console.WriteLine(arr[i].ToString("x").ToUpper() +
            " " + arr[i + 1].ToString("x").ToUpper() +
            " " + arr[i + 2].ToString("x").ToUpper() +
            " " + arr[i + 3].ToString("x").ToUpper() +
            " " + arr[i + 4].ToString("x").ToUpper() +
            " " + arr[i + 5].ToString("x").ToUpper() +
            " " + arr[i + 6].ToString("x").ToUpper() +
            " " + arr[i + 7].ToString("x").ToUpper() +
            " " + arr[i + 8].ToString("x").ToUpper() +
            " " + arr[i + 9].ToString("x").ToUpper());
        break;
    }


It is basically a simple console application that shows you the bytes that changed within 2 peirods of time. I used it to apply features from another hack into my own hack. When you see "1" on the console window, press any key. When you see "2" enable the hack and again press any key.
Here is "ProcessMemoryReaderLib" section - might help you with all kind of memory-related projects as well...
Attachments
ProcessMemoryReaderLib.rar
(1.32 KiB) Downloaded 1029 times
User avatar
trialusert
NULL
 
Posts: 155
Joined: Tue May 20, 2008 6:19 pm


Return to Help

Who is online

Users browsing this forum: No registered users and 0 guests

cron