 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
blitz02
Cheater
![]() Reputation: 0
Joined: 28 Feb 2007
Posts: 44
|
 Posted: Thu May 06, 2010 8:32 am Post subject: Help to Understand Disasmblers. |
 |
|
Hi it's me again and thankyou for visiting my thread.
I would likely to know more about disassembly,
I disassembled a dll file(it's a dll of a patched hack).
I'm trying to find the memory address that it modifies/freezes.
Help me understand this :
This is the code.
| Code: |
GameMemoryWrite:
push ebp
mov ebp,esp
push ecx
lea eax,[ebp-04h]
push eax
push 00000004h
mov ecx,[ebp+10h]
push ecx
mov edx,[ebp+08h]
push edx
call [KERNEL32.dll!VirtualProtect]
mov eax,[ebp+10h]
push eax
mov ecx,[ebp+0Ch]
push ecx
mov edx,[ebp+08h]
push edx
call SUB_L10001370
add esp,0000000Ch
mov esp,ebp
pop ebp
retn
;------------------------------------------------------------------------------
|
SUB_L10001370:
| Code: | Align 16
SUB_L10001370:
push ebp
mov ebp,esp
push edi
push esi
mov esi,[ebp+0Ch]
mov ecx,[ebp+10h]
mov edi,[ebp+08h]
mov eax,ecx
mov edx,ecx
add eax,esi
cmp edi,esi
jbe L10001390
cmp edi,eax
jc L10001508
|
Can someone explain it to me clearly? Thanks in advance 
|
|
| Back to top |
|
 |
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Thu May 06, 2010 9:51 am Post subject: |
|
|
| Code: | GameMemoryWrite:
push ebp ; set up stack frame
mov ebp,esp ; set up stack frame
push ecx ; setting up for 4th param <- flOldProtect
lea eax,[ebp-04h] ; get pointer to local variable
push eax ; 4th param <- lpflOldProtect
push 00000004h ; 3rd param <- flNewProtect
mov ecx,[ebp+10h] ; 3rd parameter of this function
push ecx ; 2nd param <- dwSize
mov edx,[ebp+08h] ; 1st parameter of this function
push edx ; 1st param <- lpAddress
call [KERNEL32.dll!VirtualProtect] ; VirtualProtect call
; This entire first half shows a wrapper to VirtualProtect
mov eax,[ebp+10h] ; 3rd param ( dwSize )
push eax ; becomes 3rd param of call to SUB_L10001370
mov ecx,[ebp+0Ch] ; 2nd param of this function = ???
push ecx ; becomes 2nd param of call to SUB_L10001370
mov edx,[ebp+08h] ; 1st param of this function
push edx ; lpAddress becomes 1st param of call to SUB_L10001370
call SUB_L10001370 ; call to SUB_L10001370
add esp,0000000Ch ; caller cleanup
mov esp,ebp
pop ebp ; destroy stack frame
retn ; and return
Align 16
SUB_L10001370:
push ebp ; set up stack frame
mov ebp,esp ; set up stack frame
push edi ; save edi
push esi ; save esi
mov esi,[ebp+0Ch] ; esi = 2nd param << ??
mov ecx,[ebp+10h] ; ecx = 3rd param << dwSize
mov edi,[ebp+08h] ; edi = 1st param << lpAddress
mov eax,ecx ; eax = dwSize
mov edx,ecx ; edx = dwSize
add eax,esi ; eax = dwSize + esi ( 2nd param << ?? )
cmp edi,esi ; if( lpAddress >= 2nd param << ?! )
jbe L10001390 ; then.....
cmp edi,eax ; else if( lpAddress == dwSize + esi ( 2nd param << ?? ) )
jc L10001508 ; then..... |
not enough info. and i assume l10001390/l10001508 lie within gamememorywrite fxn ? since it never appears to return.. i can only assume that is what the cleanup after the CALL is for
|
|
| Back to top |
|
|
blitz02
Cheater
![]() Reputation: 0
Joined: 28 Feb 2007
Posts: 44
|
| Posted: Thu May 06, 2010 5:43 pm Post subject: |
|
|
wow.. Do you have any reference?
Here is the whole code.
| Code: | ;------------------------------------------------------------------------------
EntryPoint:
push ebp
mov ebp,esp
push ecx
mov eax,[ebp+0Ch]
mov [ebp-04h],eax
cmp dword ptr [ebp-04h],00000000h
jz L10001082
cmp dword ptr [ebp-04h],00000001h
jz L1000101B
jmp L100010AD
L1000101B:
push SSZ10003040_AuditionSEA_Public
push 00000000h
call [USER32.dll!FindWindowA]
test eax,eax
jnz L1000104D
push 00000000h
push SSZ10003054_Public_Hack
push SSZ10003060_Please_use_with_AuditionSEA_exe
call [USER32.dll!GetActiveWindow]
push eax
call [USER32.dll!MessageBoxA]
push 00000000h
call [KERNEL32.dll!ExitProcess]
L1000104D:
mov ecx,[ebp+08h]
push ecx
call SUB_L100012D6
add esp,00000004h
push 00000040h
call [USER32.dll!MessageBeep]
mov edx,[L100030A4]
push edx
push 00000000h
push 00000000h
push L100012AF
push 00000000h
push 00000000h
call [KERNEL32.dll!CreateThread]
mov [L100030AC],eax
jmp L100010AD
L10001082:
mov eax,[L100030A0]
push eax
push FFFFFFFCh
push 00000000h
push SSZ10003080_DLightClass
call [USER32.dll!FindWindowA]
push eax
call [USER32.dll!SetWindowLongA]
push 00000000h
mov ecx,[L100030AC]
push ecx
call [KERNEL32.dll!TerminateThread]
L100010AD:
mov eax,00000001h
mov esp,ebp
pop ebp
retn 000Ch
;------------------------------------------------------------------------------
GameMemoryWrite:
push ebp
mov ebp,esp
push ecx
lea eax,[ebp-04h]
push eax
push 00000004h
mov ecx,[ebp+10h]
push ecx
mov edx,[ebp+08h]
push edx
call [KERNEL32.dll!VirtualProtect]
mov eax,[ebp+10h]
push eax
mov ecx,[ebp+0Ch]
push ecx
mov edx,[ebp+08h]
push edx
call SUB_L10001370
add esp,0000000Ch
mov esp,ebp
pop ebp
retn
;------------------------------------------------------------------------------
SetAuditionHook:
push ebp
mov ebp,esp
sub esp,00000008h
mov eax,[ebp+0Ch]
mov [ebp-04h],eax
cmp dword ptr [ebp-04h],00000100h
jz L10001102
jmp CASE_1000126F_PROC0001
L10001102:
mov ecx,[ebp+10h]
mov [ebp-08h],ecx
mov edx,[ebp-08h]
sub edx,0000006Bh
mov [ebp-08h],edx
cmp dword ptr [ebp-08h],0000000Fh
ja CASE_1000126F_PROC0001
mov eax,[ebp-08h]
jmp [CASE_PROCTABLE_1000126F+eax*4]
CASE_1000126F_PROC000F:
push 00000004h
push L10003010
mov ecx,[L10003000]
push ecx
call GameMemoryWrite
add esp,0000000Ch
push 00000001h
push L10003030
mov edx,[L10003004]
push edx
call GameMemoryWrite
add esp,0000000Ch
jmp CASE_1000126F_PROC0001
CASE_1000126F_PROC0008:
push 00000004h
push L1000301C
mov eax,[L10003000]
push eax
call GameMemoryWrite
add esp,0000000Ch
jmp CASE_1000126F_PROC0001
CASE_1000126F_PROC0000:
push 00000004h
push L1000302C
mov ecx,[L10003004]
push ecx
call GameMemoryWrite
add esp,0000000Ch
jmp CASE_1000126F_PROC0001
CASE_1000126F_PROC0009:
push 00000004h
push L10003018
mov edx,[L10003000]
push edx
call GameMemoryWrite
add esp,0000000Ch
jmp CASE_1000126F_PROC0001
CASE_1000126F_PROC000A:
push 00000004h
push L10003014
mov eax,[L10003000]
push eax
call GameMemoryWrite
add esp,0000000Ch
jmp CASE_1000126F_PROC0001
CASE_1000126F_PROC000B:
push 00000004h
push L10003020
mov ecx,[L10003000]
push ecx
call GameMemoryWrite
add esp,0000000Ch
jmp CASE_1000126F_PROC0001
CASE_1000126F_PROC000C:
push 00000004h
push L10003038
mov edx,[L1000300C]
push edx
call GameMemoryWrite
add esp,0000000Ch
jmp CASE_1000126F_PROC0001
CASE_1000126F_PROC0002:
push 00000004h
push L1000303C
mov eax,[L1000300C]
push eax
call GameMemoryWrite
add esp,0000000Ch
jmp CASE_1000126F_PROC0001
CASE_1000126F_PROC000D:
push 00000004h
push L10003028
mov ecx,[L10003000]
push ecx
call GameMemoryWrite
add esp,0000000Ch
jmp CASE_1000126F_PROC0001
CASE_1000126F_PROC000E:
push 00000004h
push L10003024
mov edx,[L10003000]
push edx
call GameMemoryWrite
add esp,0000000Ch
jmp CASE_1000126F_PROC0001
CASE_1000126F_PROC0007:
push 00000004h
push L100030B4
mov eax,[L10003008]
push eax
call GameMemoryWrite
add esp,0000000Ch
CASE_1000126F_PROC0001:
mov ecx,[ebp+14h]
push ecx
mov edx,[ebp+10h]
push edx
mov eax,[ebp+0Ch]
push eax
mov ecx,[ebp+08h]
push ecx
mov edx,[L100030A0]
push edx
call [USER32.dll!CallWindowProcA]
mov esp,ebp
pop ebp
retn 0010h
;------------------------------------------------------------------------------
CASE_PROCTABLE_1000126F:
dd CASE_1000126F_PROC0000
dd CASE_1000126F_PROC0001
dd CASE_1000126F_PROC0002
dd CASE_1000126F_PROC0001
dd CASE_1000126F_PROC0001
dd CASE_1000126F_PROC0001
dd CASE_1000126F_PROC0001
dd CASE_1000126F_PROC0007
dd CASE_1000126F_PROC0008
dd CASE_1000126F_PROC0009
dd CASE_1000126F_PROC000A
dd CASE_1000126F_PROC000B
dd CASE_1000126F_PROC000C
dd CASE_1000126F_PROC000D
dd CASE_1000126F_PROC000E
dd CASE_1000126F_PROC000F
L100012AF:
push ebp
mov ebp,esp
push SetAuditionHook
push FFFFFFFCh
push 00000000h
push SSZ1000308C_DLightClass
call [USER32.dll!FindWindowA]
push eax
call [USER32.dll!SetWindowLongA]
mov [L100030A0],eax
xor eax,eax
pop ebp
retn
;------------------------------------------------------------------------------
SUB_L100012D6:
push ebp
mov ebp,esp
push ecx
push ebx
push esi
push edi
mov dword ptr [ebp-04h],00000000h
pushad
pushfd
mov eax,fs:[00000030h]
mov eax,[eax+0Ch]
mov [ebp-04h],eax
mov esi,[eax+0Ch]
mov edx,[eax+10h]
L100012F8:
lodsd
mov esi,eax
mov ecx,[eax+18h]
cmp ecx,[ebp+08h]
jnz L1000130F
mov ebx,[eax]
mov ecx,[eax+04h]
mov [ecx],ebx
mov [ebx+04h],ecx
jmp L10001313
L1000130F:
cmp edx,esi
jnz L100012F8
L10001313:
mov eax,[ebp-04h]
mov esi,[eax+14h]
mov edx,[eax+18h]
L1000131C:
lodsd
mov esi,eax
mov ecx,[eax+10h]
cmp ecx,[ebp+08h]
jnz L10001333
mov ebx,[eax]
mov ecx,[eax+04h]
mov [ecx],ebx
mov [ebx+04h],ecx
jmp L10001337
L10001333:
cmp edx,esi
jnz L1000131C
L10001337:
mov eax,[ebp-04h]
mov esi,[eax+1Ch]
mov edx,[eax+20h]
L10001340:
lodsd
mov esi,eax
mov ecx,[eax+08h]
cmp ecx,[ebp+08h]
jnz L10001357
mov ebx,[eax]
mov ecx,[eax+04h]
mov [ecx],ebx
mov [ebx+04h],ecx
jmp L1000135B
L10001357:
cmp edx,esi
jnz L10001340
L1000135B:
popfd
popad
pop edi
pop esi
pop ebx
mov esp,ebp
pop ebp
retn
;------------------------------------------------------------------------------
Align 16
SUB_L10001370:
push ebp
mov ebp,esp
push edi
push esi
mov esi,[ebp+0Ch]
mov ecx,[ebp+10h]
mov edi,[ebp+08h]
mov eax,ecx
mov edx,ecx
add eax,esi
cmp edi,esi
jbe L10001390
cmp edi,eax
jc L10001508
L10001390:
test edi,00000003h
jnz L100013AC
shr ecx,02h
and edx,00000003h
cmp ecx,00000008h
jc L100013CC
rep movsd
jmp [L100014B8+edx*4]
L100013AC:
mov eax,edi
mov edx,00000003h
sub ecx,00000004h
jc L100013C4
and eax,00000003h
add ecx,eax
jmp [L100013D0+eax*4]
L100013C4:
jmp [L100014C8+ecx*4]
Align 4
L100013CC:
jmp [L1000144C+ecx*4]
db 90h; '?'
dd L100013E0
dd L1000140C
dd L10001430
L100013E0:
db 23h; '#'
db D1h; ''
db 8Ah; '?'
db 06h;
db 88h; '?'
db 07h;
db 8Ah; '?'
db 46h; 'F'
db 01h;
db 88h; '?'
db 47h; 'G'
db 01h;
db 8Ah; '?'
db 46h; 'F'
db 02h;
db C1h; ''
db E9h; ''
db 02h;
db 88h; '?'
db 47h; 'G'
db 02h;
db 83h; '?'
db C6h; ''
db 03h;
db 83h; '?'
db C7h; ''
db 03h;
db 83h; '?'
db F9h; ''
db 08h;
db 72h; 'r'
db CCh; ''
db F3h; ''
db A5h; '?'
db FFh; ''
db 24h; '$'
db 95h;
dd L100014B8
Align 4
L1000140C:
db 23h; '#'
db D1h; ''
db 8Ah; '?'
db 06h;
db 88h; '?'
db 07h;
db 8Ah; '?'
db 46h; 'F'
db 01h;
db C1h; ''
db E9h; ''
db 02h;
db 88h; '?'
db 47h; 'G'
db 01h;
db 83h; '?'
db C6h; ''
db 02h;
db 83h; '?'
db C7h; ''
db 02h;
db 83h; '?'
db F9h; ''
db 08h;
db 72h; 'r'
db A6h; ''
db F3h; ''
db A5h; '?'
db FFh; ''
db 24h; '$'
db 95h;
dd L100014B8
Align 4
L10001430:
db 23h; '#'
db D1h; ''
db 8Ah; '?'
db 06h;
db 88h; '?'
db 07h;
db 46h; 'F'
db C1h; ''
db E9h; ''
db 02h;
db 47h; 'G'
db 83h; '?'
db F9h; ''
db 08h;
db 72h; 'r'
db 8Ch; '?'
db F3h; ''
db A5h; '?'
db FFh; ''
db 24h; '$'
db 95h;
dd L100014B8
Align 4
L1000144C:
dd L100014AF
dd L1000149C
dd L10001494
dd L1000148C
dd L10001484
dd L1000147C
dd L10001474
dd L1000146C
L1000146C:
mov eax,[esi+ecx*4-1Ch]
mov [edi+ecx*4-1Ch],eax
L10001474:
mov eax,[esi+ecx*4-18h]
mov [edi+ecx*4-18h],eax
L1000147C:
mov eax,[esi+ecx*4-14h]
mov [edi+ecx*4-14h],eax
L10001484:
mov eax,[esi+ecx*4-10h]
mov [edi+ecx*4-10h],eax
L1000148C:
mov eax,[esi+ecx*4-0Ch]
mov [edi+ecx*4-0Ch],eax
L10001494:
mov eax,[esi+ecx*4-08h]
mov [edi+ecx*4-08h],eax
L1000149C:
mov eax,[esi+ecx*4-04h]
mov [edi+ecx*4-04h],eax
lea eax,[00000000h+ecx*4]
add esi,eax
add edi,eax
L100014AF:
jmp [L100014B8+edx*4]
Align 4
L100014B8:
dd L100014C8
dd L100014D0
dd L100014DC
dd L100014F0
L100014C8:
mov eax,[ebp+08h]
pop esi
pop edi
leave
retn
;------------------------------------------------------------------------------
Align 4
L100014D0:
mov al,[esi]
mov [edi],al
mov eax,[ebp+08h]
pop esi
pop edi
leave
retn
;------------------------------------------------------------------------------
Align 4
L100014DC:
mov al,[esi]
mov [edi],al
mov al,[esi+01h]
mov [edi+01h],al
mov eax,[ebp+08h]
pop esi
pop edi
leave
retn
;------------------------------------------------------------------------------
Align 4
L100014F0:
mov al,[esi]
mov [edi],al
mov al,[esi+01h]
mov [edi+01h],al
mov al,[esi+02h]
mov [edi+02h],al
mov eax,[ebp+08h]
pop esi
pop edi
leave
retn
;------------------------------------------------------------------------------
Align 4
L10001508:
lea esi,[ecx+esi-04h]
lea edi,[ecx+edi-04h]
test edi,00000003h
jnz L1000153C
shr ecx,02h
and edx,00000003h
cmp ecx,00000008h
jc L10001530
std
rep movsd
cld
jmp [L10001650+edx*4]
Align 4
L10001530:
neg ecx
jmp [L10001600+ecx*4]
Align 4
L1000153C:
mov eax,edi
mov edx,00000003h
cmp ecx,00000004h
jc L10001554
and eax,00000003h
sub ecx,eax
jmp [L10001558+eax*4]
L10001554:
jmp [L10001650+ecx*4]
db 90h; '?'
dd L10001568
dd L10001588
dd L100015B0
L10001568:
mov al,[esi+03h]
and edx,ecx
mov [edi+03h],al
dec esi
shr ecx,02h
dec edi
cmp ecx,00000008h
jc L10001530
std
rep movsd
cld
jmp [L10001650+edx*4]
Align 4
L10001588:
mov al,[esi+03h]
and edx,ecx
mov [edi+03h],al
mov al,[esi+02h]
shr ecx,02h
mov [edi+02h],al
sub esi,00000002h
sub edi,00000002h
cmp ecx,00000008h
jc L10001530
std
rep movsd
cld
jmp [L10001650+edx*4]
Align 4
L100015B0:
mov al,[esi+03h]
and edx,ecx
mov [edi+03h],al
mov al,[esi+02h]
mov [edi+02h],al
mov al,[esi+01h]
shr ecx,02h
mov [edi+01h],al
sub esi,00000003h
sub edi,00000003h
cmp ecx,00000008h
jc L10001530
std
rep movsd
cld
jmp [L10001650+edx*4]
Align 4
dd L10001604
dd L1000160C
dd L10001614
dd L1000161C
dd L10001624
dd L1000162C
dd L10001634
L10001600:
dd L10001647
L10001604:
db 8Bh; '<'
db 44h; 'D'
db 8Eh; '?'
db 1Ch;
db 89h; '%'
db 44h; 'D'
db 8Fh; '?'
db 1Ch;
L1000160C:
db 8Bh; '<'
db 44h; 'D'
db 8Eh; '?'
db 18h;
db 89h; '%'
db 44h; 'D'
db 8Fh; '?'
db 18h;
L10001614:
db 8Bh; '<'
db 44h; 'D'
db 8Eh; '?'
db 14h;
db 89h; '%'
db 44h; 'D'
db 8Fh; '?'
db 14h;
L1000161C:
db 8Bh; '<'
db 44h; 'D'
db 8Eh; '?'
db 10h;
db 89h; '%'
db 44h; 'D'
db 8Fh; '?'
db 10h;
L10001624:
db 8Bh; '<'
db 44h; 'D'
db 8Eh; '?'
db 0Ch;
db 89h; '%'
db 44h; 'D'
db 8Fh; '?'
db 0Ch;
L1000162C:
db 8Bh; '<'
db 44h; 'D'
db 8Eh; '?'
db 08h;
db 89h; '%'
db 44h; 'D'
db 8Fh; '?'
db 08h;
L10001634:
db 8Bh; '<'
db 44h; 'D'
db 8Eh; '?'
db 04h;
db 89h; '%'
db 44h; 'D'
db 8Fh; '?'
db 04h;
db 8Dh; '?'
db 04h;
db 8Dh; '?'
db 00h;
db 00h;
db 00h;
db 00h;
db 03h;
db F0h; ''
db 03h;
db F8h; ''
L10001647:
jmp [L10001650+edx*4]
Align 4
L10001650:
dd L10001660
dd L10001668
dd L10001678
dd L1000168C
L10001660:
mov eax,[ebp+08h]
pop esi
pop edi
leave
retn
;------------------------------------------------------------------------------
Align 4
L10001668:
mov al,[esi+03h]
mov [edi+03h],al
mov eax,[ebp+08h]
pop esi
pop edi
leave
retn
;------------------------------------------------------------------------------
Align 4
L10001678:
mov al,[esi+03h]
mov [edi+03h],al
mov al,[esi+02h]
mov [edi+02h],al
mov eax,[ebp+08h]
pop esi
pop edi
leave
retn
;------------------------------------------------------------------------------
Align 4
L1000168C:
mov al,[esi+03h]
mov [edi+03h],al
mov al,[esi+02h]
mov [edi+02h],al
mov al,[esi+01h]
mov [edi+01h],al
mov eax,[ebp+08h]
pop esi
pop edi
leave
retn
;------------------------------------------------------------------------------
0000095Bh DUP (??)
;
;
;------------------------------------------------------------------------------
; Name: .rdata (Data Section)
; Virtual Address: 10002000h Virtual Size: 000001C8h
; Pointer To RawData: 00002000h Size Of RawData: 00001000h
;
KERNEL32.dll!CreateThread:
dd ??
KERNEL32.dll!ExitProcess:
dd ??
KERNEL32.dll!VirtualProtect:
dd ??
KERNEL32.dll!TerminateThread:
dd ??
dd 00000000
USER32.dll!SetWindowLongA:
dd ??
USER32.dll!MessageBeep:
dd ??
USER32.dll!MessageBoxA:
dd ??
USER32.dll!GetActiveWindow:
dd ??
USER32.dll!FindWindowA:
dd ??
USER32.dll!CallWindowProcA:
dd ??
dd 00000000
dd 0000206Ch
dd 00000000h
dd 00000000h
dd 000020DEh
dd 00002000h
dd 00002080h
dd 00000000h
dd 00000000h
dd 0000214Ch
dd 00002014h
dd 00000000h
dd 00000000h
dd 00000000h
dd 00000000h
dd 00000000h
dd 000020AEh
dd 000020BEh
dd 000020CCh
dd 0000209Ch
dd 00000000h
dd 000020ECh
dd 000020FEh
dd 0000210Ch
dd 0000211Ah
dd 0000212Ch
dd 0000213Ah
dd 00000000h
dw 029Fh
db 'TerminateThread',0
dw 004Ah
db 'CreateThread',0
db 00h
dw 007Dh
db 'ExitProcess',0
dw 02C3h
db 'VirtualProtect',0
db 00h
db 'KERNEL32.dll',0
db 00h
dw 0258h
db 'SetWindowLongA',0
db 00h
dw 01BDh
db 'MessageBeep',0
dw 01BEh
db 'MessageBoxA',0
dw 00DDh
db 'GetActiveWindow',0
dw 00D5h
db 'FindWindowA',0
dw 0016h
db 'CallWindowProcA',0
db 'USER32.dll',0
db 00h
db 00h;
db 00h;
db 00h;
db 00h;
db 00h;
db 00h;
db 00h;
db 00h;
dd 00000000h
dd 4BC668F8h
dw 0000h
dw 0000h
dd 0000219Ch
dd 00000001h
dd 00000002h
dd 00000002h
dd 00002188h
dd 00002190h
dd 00002198h
dd 000010B8h
dd 000010E8h
dd 000021A8h
dd 000021B8h
dw 0000h
dw 0001h
db '6087SEA.dll',0
db 'GameMemoryWrite',0
db 'SetAuditionHook',0
;------------------------------------------------------------------------------
00000E38h DUP (??)
;
;
;------------------------------------------------------------------------------
; Name: .data
; Virtual Address: 10003000h Virtual Size: 000000B8h
; Pointer To RawData: 00003000h Size Of RawData: 00001000h
;
L10003000:
dd 00D2D978h
L10003004:
dd 00D2D97Ch
L10003008:
dd 00820B6Ch
L1000300C:
dd 00D2DAE4h
L10003010:
db 20h; ' '
db 00h;
db 00h;
db 00h;
L10003014:
db 80h; '?'
db 00h;
db 00h;
db 00h;
L10003018:
db 00h;
db 20h; ' '
db 00h;
db 00h;
L1000301C:
db 00h;
db 40h; '@'
db 00h;
db 00h;
L10003020:
db 00h;
db 00h;
db 08h;
db 00h;
L10003024:
db 00h;
db 04h;
db 00h;
db 00h;
L10003028:
db 01h;
db 00h;
db 00h;
db 00h;
L1000302C:
db 00h;
db 00h;
db 01h;
db 00h;
L10003030:
db 95h;
db 00h;
db 00h;
db 00h;
db A4h; ''
db 70h; 'p'
db 7Dh; '}'
db 3Fh; '?'
L10003038:
db 07h;
db 00h;
db 00h;
db 00h;
L1000303C:
db 12h;
db 00h;
db 00h;
db 00h;
SSZ10003040_AuditionSEA_Public:
db 'AuditionSEA Public',0
Align 4
SSZ10003054_Public_Hack:
db 'Public Hack',0
SSZ10003060_Please_use_with_AuditionSEA_exe:
db 'Please use with AuditionSEA.exe',0
SSZ10003080_DLightClass:
db 'DLightClass',0
SSZ1000308C_DLightClass:
db 'DLightClass',0
db 00h;
db 00h;
db 00h;
db 00h;
db 00h;
db 00h;
db 00h;
db 00h;
L100030A0:
dd 00000000h
L100030A4:
dd 00000000h
db 00h;
db 00h;
db 00h;
db 00h;
L100030AC:
dd 00000000h
db 00h;
db 00h;
db 00h;
db 00h;
L100030B4:
db 00h;
db 00h;
db 00h;
db 00h;
;------------------------------------------------------------------------------
00000F48h DUP (??)
;
;
;------------------------------------------------------------------------------
; Exports
;
Index: 1 Name: GameMemoryWrite
Index: 2 Name: SetAuditionHook
;
;------------------------------------------------------------------------------
; Imports from KERNEL32.dll
;
extrn CreateThread
extrn ExitProcess
extrn VirtualProtect
extrn TerminateThread
;
; Imports from USER32.dll
;
extrn SetWindowLongA
extrn MessageBeep
extrn MessageBoxA
extrn GetActiveWindow
extrn FindWindowA
extrn CallWindowProcA
;
;------------------------------------------------------------------------------
|
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Thu May 06, 2010 7:49 pm Post subject: |
|
|
| lol. No way I'm reading all of that. Try and work it out yourself. Just go through it line by line and see if you can see what it's doing.
|
|
| Back to top |
|
|
blitz02
Cheater
![]() Reputation: 0
Joined: 28 Feb 2007
Posts: 44
|
| Posted: Thu May 06, 2010 8:11 pm Post subject: |
|
|
Noob Question : But how would you assume that you are reading it right?
So on the GameMemoryWrite, I assume I would find the LPVoid address right?
-----------
Oh I think I know now, Gonna trace it back.
I'll be back. If I have any questions please do not fail to answer me mr.Slugsnark. I know I'm noob but any hint would be a big thing.. Thanks.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Thu May 06, 2010 8:20 pm Post subject: |
|
|
| Not sure what you mean to ask. Do you mean how did I come about to make those comments I made ?
|
|
| Back to top |
|
|
blitz02
Cheater
![]() Reputation: 0
Joined: 28 Feb 2007
Posts: 44
|
| Posted: Thu May 06, 2010 10:28 pm Post subject: |
|
|
| Slugsnack wrote: | | Not sure what you mean to ask. Do you mean how did I come about to make those comments I made ? |
Yes. Do you have any patterns or any references to look on?
I really want to understand how it works.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Fri May 07, 2010 8:42 am Post subject: |
|
|
| Well for your first snippet, I looked at the call and worked backwards from there. You can find what the parameters are by googling. Then because it's STDCALL you know they're pushed on in reverse order. Then by knowing how the stack frame works you can determine what each of the [ebp+X] represent.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
