Jump to content

  • Log In with Google      Sign In   
  • Create Account

FREE SOFTWARE GIVEAWAY

We have 4 x Pro Licences (valued at $59 each) for 2d modular animation software Spriter to give away in this Thursday's GDNet Direct email newsletter.


Read more in this forum topic or make sure you're signed up (from the right-hand sidebar on the homepage) and read Thursday's newsletter to get in the running!


Changing variable once it is found


Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.

  • You cannot reply to this topic
1 reply to this topic

#1 wicked357   Members   -  Reputation: 1285

Like
0Likes
Like

Posted 21 January 2011 - 03:13 PM

I created a simple win32 console application just for this testing purpose. Lately the idea of reverse engineering has intrigued me I know isn't easy to do it, but I also know that it would more or less depend on what you are reversing, obviously the smaller the application the easier it should be or at least that is my assumption on that.

Here is my sample code:
#include <iostream>

using namespace std;

struct CVar
{
	int num;
};

int main()
{
	CVar cvar;
	cvar.num = 250;

	int choice = 0;
	bool isRunning = true;
	while(isRunning)
	{
		cout << endl;
		cout << "MENU OPTIONS\n";
		cout << "1 - Increment\n";
		cout << "2 - Deincrement\n";
		cout << "3 - Display number\n";
		cout << "9 - EXIT\n";
		cout << "Enter choice: ";
		cin >> choice;
		cout << endl;
		switch(choice)
		{
		case 1:
			cvar.num++;
			break;
		case 2:
			cvar.num--;
			break;
		case 3:
			cout << "\nCVar num: " << cvar.num << endl;
			break;
		case 9:
			isRunning = false;
			break;
		}
	}
}

After running my .exe file in IDA I see that say I want to change the value of player.posY externally and I don't mean just increment it by using switch cases. Initially it is set to 250, but now I want it to be 450 or 1c2 (hex). I see the following in my disassembly for this variable.

mov [ebp+var_8], 0FAh //Where it is declared

than I find that var_8 = dword ptr -8

when you increment via the switch case you see this asm code
mov eax, [ebp+var_8]
add eax, 1 //since 1 is the hex value for 1
move [ebp+var_8], eax

I have taken an ASM class about a year ago, so a little refresher would probably be required, but how would I go about creating an external program to change this value without doing anything via switch case? I did this little program because I figured it would be a good small application to learn on. Any idea or helpful pointers would be greatly appreciated. Thank you.

Sponsor:

#2 outRider   Members   -  Reputation: 852

Like
0Likes
Like

Posted 21 January 2011 - 09:08 PM

If you want to do this with an external program you find the offset of the instruction or data you want to change and you patch it. In your case you know where in the executable that variable is first written to so you open the executable, fseek to the offset, change the immedate part of the instruction to 0x12c, and you're done. If you want to know which part of the instruction corresponds to the immediate operand you look it up in a manual. That's short simple version of this kind of reversing.




Old topic!
Guest, the last post of this topic is over 60 days old and at this point you may not reply in this topic. If you wish to continue this conversation start a new topic.



PARTNERS