Joined: 01 Sep 2005
|Posted: Mon Oct 09, 2006 2:43 am Post subject: Using ASM to Solve the Tutorial
|Bored? Me too :)
So I decided to go through the tutorial the HARD way.
|There's a hard way?!?!/! I thought I was doing the hard way!?!?!?1/1/1 |
Trust me, you can make it as hard as you want ;)
WARNING! If you struggled through the tutorial the first time this tutorial is probably not for you. It involves straight asm, and no value changing like the tutorial says to do. If you have never seen asm this probably isn't the best intro to it, just a fun way to apply asm techniques to the Tutorial.
NOTE: Scroll over hints to read them. Solutions are at the very bottom but TRY TO SOLVE THEM YOURSELF!
Disable the jump if not equal when it checks for the value to be 1000.
Hint: Use Find out what reads from this address.
Disable the jump if not equal when it checks for the value to be 5000.
Hint: It's the same method used in the 2nd step.
Disable the jump if below checks for both the float and double.
Hint: Floats use fcomp (float compare) and fld (float load)
Disable the jump not equal that compares the new value to the old instead of disabling the moving of the new to the old.
Hint: Set a find what reads on the base pointer
The only hard way I can think of involved me using olly. Its semi-doable in CE too: Open up your mem viewer. We know we need the value to be 1388 (5000 in decimal), so lets search for 88130000, which would be the right operand in the cmp opcode. It should find a hit somewhere around 00455FCB, goto that in diassembler and you should find at 00455FC9 is a cmp, which happens to be the one we want. Nop the jne on 00455FCF and then hit change pointer. Wait for the counter to go down all the way, and we should be done!
How To Solve Them:
TRY BEFORE GIVING UP!!!! IT'S THE ONLY WAY TO LEARN!
Find the addy for the value, turn on Find out what reads it, then wait a second and it automatically reads from 004572EB. Click more information and there is a JNE after comparing the value to 3E8 (1000 in decimal). Open up the memory viewer, goto your disassembler window and ctrl-g to 004572EB. Go down one and you'll be on 004572F5. Double click it to assemble and change it to "nop" and have it fill in the other byte.
After finding the addy for the progress bar value, the same as first step just wait for it to be read at 00456F1F during a cmp to 0x1388. Nop the jne on 00456F29 (like in step 2).
Find the two values' addys. Find what reads on the double addy results in 04568C3. Right below it is the fcomp and a few lines down is a jb. Nop the jb. Do the same method for the float, the read addy should be 004568D4. Then nop the the jb at 004568E3.
Find the base pointer to the addy, then watch what reads the base pointer. 4 Things come up. After checking each, the only one with a cmp or jump near it was 00456384. Go to it, set a bp on it, and press the button to change the value. The bp should be called, so press run again. Now you know that this is where the compare happens, so nop the jne at 0045638F.