flat assembler
Message board for the users of flat assembler.

Index > Windows > How to increase memory size?

Author
Thread Post new topic Reply to topic
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Hello everyone, I'm thinking about how to increase memory size ? This is what I mean:
I have program and EP = 401000
and end of memory is for example 403000
and when I'm trying to do something like mov eax,[403000] it says wrong address or something.. I want to do that programatically not with source code. Just trying to make anti-debug things.. Smile I though this because when I wrote dll it was like:
mov eax,[bigaddress] and while opening in debugger it said - can't load DLL but when loaded in game, it worked perfect! cause game had much memory then debugger. so, I'm thinking if I can do that on EXE-s too ? Here's theory:
1) Check if debugger is attached
2) If not, increase memory size and move bigaddress into somewhere. Else, it will fail execution.
Or can someone suggest me another way ? Thanks.
Post 07 Mar 2011, 15:43
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Get the address and simply do this

INC [ADDRESS] using a loop (ECX)

or your way

MOV EAX,IMMEDIATE_VALUE_TO_ADD

ADD [_ADDRESS_],EAX


Is the debugger yours or are you trying to detect some else's.

You can make your debuger inject a DLL in your main app and then your main app will check for it at a specific memory space, that it owns.

Read this http://en.wikipedia.org/wiki/DLL_injection or these

http://msdn.microsoft.com/en-us/library/aa366890(v=vs.85).aspx

http://www.codeproject.com/KB/DLL/DLL_Injection_tutorial.aspx
Post 07 Mar 2011, 20:07
View user's profile Send private message Reply with quote
b1528932



Joined: 21 May 2010
Posts: 287
b1528932
ur debugger was shit if it refused to load because of 'wrong' address.
Post 07 Mar 2011, 20:29
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
b1528932 wrote:
ur debugger was shit if it refused to load because of 'wrong' address.


Hahaha, made my day....... But be nice Very Happy
Post 07 Mar 2011, 20:38
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
b1528932
Well, I tested on another PC and there worked fine, so this topic is useless.. I'm just trying to learn how to protect app from debugger.. I mean before debugger loads it, it should do some else function that will quit program.. I don't know why but it always crashes when trying that.. maybe Ollydbg 1.10 has problems on win7 ?
Post 07 Mar 2011, 21:38
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Overflowz wrote:
b1528932
Well, I tested on another PC and there worked fine, so this topic is useless.. I'm just trying to learn how to protect app from debugger.. I mean before debugger loads it, it should do some else function that will quit program.. I don't know why but it always crashes when trying that.. maybe Ollydbg 1.10 has problems on win7 ?


Use the way I told you to,

Most hacking debbugers will do VirtualAllocEx, and WriteProcessMemory.

So you just check in your memory space...Or make a self unpacking app with a hidden algorightm.....

But OllyDbg I think elevates it's access rights and gets System access rights.

Use SeDebugPrivilege


This privilege allows the caller all access to the process, including the ability to call TerminateProcess(), CreateRemoteThread(), and other potentially dangerous Win32 APIs on the target process.
Source - http://support.microsoft.com/kb/131065



Either way dude,,,, there will never be an app that can never be hacked. If I can hack Hardware then what more can I do to shitty software like Call Of Duty ? Hmmmmm.......

Just give up dude, go Open Source.... Twisted Evil Cool
Post 07 Mar 2011, 21:45
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Problem is that, it doesn't matter if memory is increased or not Sad on XP it still works but win7 gives error "Can't Load bla bla".. Thanks for sharing anyway.
Post 08 Mar 2011, 00:13
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
That's because things changed in Windows 7 my man. It don't matter if it's Windows 7 32 bit or Vista 32 bit, Uh Uh !

Very Happy Very Happy Very Happy Cool Cool
Post 08 Mar 2011, 15:44
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Ye.. still trying to find any solution for anti-debug things or maybe with packing would be more difficult to crack.
Post 08 Mar 2011, 16:01
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Overflowz wrote:
Ye.. still trying to find any solution for anti-debug things or maybe with packing would be more difficult to crack.


Well, find a packer and maybe that can help you. But If I'll ever want to crack your software, I will Very Happy Twisted Evil Twisted Evil Twisted Evil

Here...

http://upx.sourceforge.net/
Post 09 Mar 2011, 01:59
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
typedef
Hehe, UPX is used widely and it's easy to unpack.. Smile Trying to do some other method. For example, I'm thinking about resources now. To make new crypter with new algorithm and pack my files.. that's only way I guess.
Post 09 Mar 2011, 07:54
View user's profile Send private message Reply with quote
typedef



Joined: 25 Jul 2010
Posts: 2913
Location: 0x77760000
typedef
Yeah, how ?


I guess you could do it so many weird ways.... I don;try to do that since I declared myself open source
Ex.

Dump your code in a file and take the contents, encrypt them with a salted RNG algorithm, and include them in your unpacker as data...

Ex. myExeCode >> myExeCode.txt >> encrypt >> DB someData.....

then, in unpacker someData >> decrypt >> read into structures (ELF structure)>> set it in memory >> point your EIP to your code and on return destroy the data.

Simple and easily said than done. LOL

Anyways what are you trying to make that is so "secretive" like ? MS (oops)....
Post 09 Mar 2011, 22:12
View user's profile Send private message Reply with quote
Overflowz



Joined: 03 Sep 2010
Posts: 1046
Overflowz
Just trying to make code harder cause it's easy to read/debug and change.. Learning from 0 cause I know it will be very necessary for my apps. and by the way, I don't understand what you mean Sad I need code to understand what you're trying to tell me. (:
Post 13 Mar 2011, 16:42
View user's profile Send private message Reply with quote
LiuGuoHua(Chinese)



Joined: 26 Sep 2003
Posts: 25
LiuGuoHua(Chinese)
Just use the VMP shell:) I think many cracker will give up after they find that the program is protected by VMP...
Post 18 May 2011, 18:54
View user's profile Send private message Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  


< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar. Also on GitHub, YouTube, Twitter.

Website powered by rwasa.