flat assembler
Message board for the users of flat assembler.

Index > Main > [Question] Reguarding Flat Assembler

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
bitshifter



Joined: 04 Dec 2007
Posts: 796
Location: Massachusetts, USA
bitshifter 25 Oct 2009, 00:52
If you know what the offset is then just use standard file functions on it.
Post 25 Oct 2009, 00:52
View user's profile Send private message Reply with quote
Black0ne



Joined: 21 Oct 2009
Posts: 9
Black0ne 25 Oct 2009, 01:58
that is the type of stuff im asking about lol, i just recently downloaded FASM and all the tutorials and such I seem to encounter are based on masm32 which is too complicated to even work so i removed it from my pc. i know the address and what bytes that need to be changed but I dont know how to make a a exe from FASM that will make that byte change to what ever program i select.

like in pinball.exe that comes with window if you make address
00A2314E = db 01 00 [ first ball ] and when your on the 2nd ball it becomes 02 00

Im bascially trying to find a way to do in ASM make it

Change bytes at 00A2314E to 01 00 this way you cant ever run out of balls ( not really useful but an example of what im trying to accomplish )
Post 25 Oct 2009, 01:58
View user's profile Send private message MSN Messenger Reply with quote
bitshifter



Joined: 04 Dec 2007
Posts: 796
Location: Massachusetts, USA
bitshifter 25 Oct 2009, 02:06
Ahh, you need to get clever here...
You cant change the number of balls because its dynamic.
Either change the code that increases the ball count,
or change the code that checks the ball count.

Edit:
Here is simple demo which uses win32 file functions.
Youre lucky i like win32 and i am so bored right now...
Look up these funcs at MSDN, and add some error checking.


Description:
Download
Filename: ReName.zip
Filesize: 1.03 KB
Downloaded: 494 Time(s)


_________________
Coding a 3D game engine with fasm is like trying to eat an elephant,
you just have to keep focused and take it one 'byte' at a time.
Post 25 Oct 2009, 02:06
View user's profile Send private message Reply with quote
Black0ne



Joined: 21 Oct 2009
Posts: 9
Black0ne 25 Oct 2009, 04:52
thanks i've looked at this and it replaces the first 17th byte which is somehow where the name is and replaced it with the work joe. this is what im trying to do with my patch. only instead of doing it through a notepad, i need to goto a specific address like 00A4134F and then make the change. but this is a useful example but I understand like 2% of this.code, I mean i understand what its doing but if you told me to write this code by hand, id have no clue wtf i would be doing. but seeing it i understand somewhat.

like

Code:
        ; Change the desired 4 byte block.

      mov     eax,[g_FileBuffer]
  add     eax,17             ; index into the 17th byte (where my name is)
    mov     dword[eax],'Joe.'  ; Replace 4 bytes at offset.
    


add eax,17. i dont see how you knew the name is at the 17th byte. did u write the scr.txt and then open it with Ollydbg or something?
Post 25 Oct 2009, 04:52
View user's profile Send private message MSN Messenger Reply with quote
revolution
When all else fails, read the source


Joined: 24 Aug 2004
Posts: 20445
Location: In your JS exploiting you and your system
revolution 25 Oct 2009, 06:00
Black0ne: File offsets do not equal memory addresses. I don't know where you got the address 00A4134F, but I suspect that the value is a memory address. Be sure that the address is not an uninitialised section in the file otherwise your "patch" cannot ever work. If that address is accurate then you will still have to find where in the disk file those bytes are that you want to change. For an .exe it is not as simple as it may seem. .exe files are not mapped 1-to-1 in the address space.
Post 25 Oct 2009, 06:00
View user's profile Send private message Visit poster's website Reply with quote
bitshifter



Joined: 04 Dec 2007
Posts: 796
Location: Massachusetts, USA
bitshifter 25 Oct 2009, 12:30
FASM really should have a simple file io demo in the examples folder... *hint*
Post 25 Oct 2009, 12:30
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel 25 Oct 2009, 12:39
So it took you 4 days and more than a page to tell us *clearly* that you just want to make a patch written in assembly?

Use Ollydbg to patch the specific location and write the modifications to the exe.
Use a binary comparison utility (you may find one in most hex editors) to compare the original and the modified exe.
Code a program that makes the changes to the location you found above. You'll need these APIs: CreateFile, SetFilePointer, WriteFile, CloseHandle.
Of course, you could also check the exe file size and game version to make sure the user isn't patching the wrong file, add a nice "open file" dialog to let the user choose the location of the file to patch, etc.


Quote:

but because I dont want my methods of finding the addresses and such to be passed around to everyone i help
[...]
I don't want to hand a step by step of what is being done, because that will tell the Makers of the game how to patch what I'm doing and cause me to have to find it all over again
[...]
i could simply release a patch.exe and encrypt it or something

You're really funny, you know? Can't they just use your patch, compare the patched version with the non-patched one and find out what you found out before them?
Do you really think the makers of the game - who have the source in plain text, duh - don't already know where the "thing" is? This is just stupid. They already know it and they know their game is "vulnerable", but 1) don't care or 2) don't have enough resources (time, money, competencies, etc.) to implement or buy the proper protection that would make their software just *a little bit* more difficult to crack.
Post 25 Oct 2009, 12:39
View user's profile Send private message Reply with quote
ManOfSteel



Joined: 02 Feb 2005
Posts: 1154
ManOfSteel 25 Oct 2009, 12:46
bitshifter wrote:
FASM really should have a simple file io demo in the examples folder... *hint*

Idea Um, yes. And examples for a crack and keygen. And then why not a few worms and trojans too. Idea

.
.
.
.
.
.
.
.
.
.

Just kidding. Razz
Post 25 Oct 2009, 12:46
View user's profile Send private message Reply with quote
bitshifter



Joined: 04 Dec 2007
Posts: 796
Location: Massachusetts, USA
bitshifter 25 Oct 2009, 12:50
LOL
Yeah, might as well throw a shell hook in there too Smile
Post 25 Oct 2009, 12:50
View user's profile Send private message Reply with quote
Black0ne



Joined: 21 Oct 2009
Posts: 9
Black0ne 25 Oct 2009, 15:43
ManOfSteel, the purpose of making the patch is to prevent those that use it from knowing whats done. I don't want to example step by step how to bypass the program so that everyone can do it step by step, i want to make sure that once its patched they will be forced to try and learn how its done. if i send out the source it will be patched in a week and for the leechers on the forums, they will simple take it and go until its blocked and never make an effort to further there own knowledge. that is what im trying to prevent, i want to show them that it can be done, even with my lack of knowledge I figured it out. but make it so that they will have to start trying to learn it themselves.

only I first have to learn asm. and I got some type of tutorial list from
http://win32assembly.online.fr/
only all of it is based on MASM32 so when I try to apply that knowledge I got it all wrong since fasm does everything differently.

also this clearly has mistakes but i was wondering is this anywhere near correct?

Code:
 stack 200h
 entry codex:Start

 segment Addy    ; Addy (address) segment
 00446FAB        ; the address that controls Collision

 segment enable
 db eb 6f        ; eb 6f is no collision , so godmode!

 segment disable
 db 7b 6f        ; 7b 6f is collision , so no godmode.


 segment codex
 Start:
 push eax     ; from what i understand that saves eax at the current value.
; mov eax, [00446FAB]  / disable   <-- wasn't sure if i needed to move the value into eax if it was already there so.  i commented it.
 cmp eax, [00446FAB] ; cmp eax (unmodified) to the value of the address containing collision, or i could just do cmp eax, disable
 jne _NotActive         ; if it isnt the same then jump to change it.

 segment _NotActive
 pop eax               ; from what i understand pop removes / clears the register eax.
 mov eax, enable       ; then put enable / eb 6f ( no collision) into the address, creating god.
    
Post 25 Oct 2009, 15:43
View user's profile Send private message MSN Messenger Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2025, Tomasz Grysztar. Also on GitHub, YouTube.

Website powered by rwasa.