Shifu-Hacks Blog

愚かさは博学ではない。

Just-in-case ASM Knowledge

Posted by compactwater on September16 2007

If you don’t know basic Assembly/Assembler/Whatever you want to call it (ASM), then you should read a tutorial, this is for people who have at least a basic understanding.
Sometimes a game cannot be hacked because it has simple protection, or the value is randomly generated (obfuscated), or encrypted. This is where you must look into the game’s memory to hack it, though some of it may be randomly allocated.

Finding the memory is (usually) simple, using “Find out what accesses/reads/writes to this address” with Cheat Engine on an interesting value. If the game knows when something should not be changed, you can usually ‘nop-out’ the code that detects the odd change, but more advanced detection methods would require actual thought. The general things you need to know,is reversing, changing the value of a register (asm or debug), and nopping.

 

Reversing & Nop-ing:

Making a code do the opposite. Example:
jne 005B667F
changes to
je 005B667F

jne means “jump if NOT equal”, and je means “jump IF equal”. “jump” means to goto an address, at the current state, usually to check something, and if correct, do something, such as decrement health or ammo. Example:
@005B667F:
mov eax,005B667F
add eax,5D
cmp eax,ecx
je take_damage
jne return

mov (move) moves “005B667F”, the location of the address, add loads the pointer, and cmp (compare) compares eax to ecx, which if it is equal, will cause you to take damage, and if not equal, will return. There are many ways you could stop yourself from taking damage, the simplest is to change jne to je, but you can also nop it.

Changing & Setting Debug Registers

Cheat Engine has a built-in ability to set debug registers. You can also choose to use Int3 breakpoints. When setting a debug breakpoint, or editing the memory to change the value of something, always be sure you’re doing it correctly, and that you have enough memory allocated; never be scared to over allocate. For changing a register, you will need to ‘code-cave’, redirected memory that can be changed freely with (almost) no fault. Example:
@005B667F:
add eax,ecx
cmp eax,edi
add eax,edx
cmp eax,edi
jne here
je there

Your code-cave:
mov eax,your_value
cmp eax,edi
mov eax,your_value2
cmp eax,edi
jne somewhere
je elsewhere
jmp return

Modified 005B667F:
jmp code-cave
return:

So, the code will goto your code-cave instead of the actual thing, and will do whatever you want. This is best for games that may have simple anti-hacking protection, or computers that have an inability to set a debug register, otherwise you can do that in Cheat Engine, and set the value of a register, or a flag (such as ZF).

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

 
%d bloggers like this: