Saturday, December 10, 2011

CodeReload

This is a program I wrote which will automatically find memory addresses for any 32 bit program, given specific patterns to match. This works very similar to the "OllyDBG method" (Where you copy ASM code around the address in the known version and search it in the unknown), but also provides better functionality. Not only can you search static or wildcard values, but you can also do greater and less than comparisons.

The program is written in C++ using the Qt GUI library. Included with the program is an example pattern file with patterns created for a game called Tibia. It also includes instructions on how to properly define patterns.

Notes:

  • Patterns longer than 128bytes will not work in some situations
  • Patterns using greater than and less than have not been fully tested
  • Patterns must be written with the syntactical scrutiny of a grammar nazi, my parsing is crude
  • Patterns may only use hexadecimal values




So without further adieu, here's the source. If you just want to use the binary, you can find it in the Release\Release folder. (Redundant, I know, but I needed to organize the QT Dll's somewhere isolated)

2 comments:

  1. Hey friend, found you on Reddit, thanks for posting the link and the information. I'm pretty well versed in ASM (basics down definitely) and in the past I've done ASM but rarely get the payoffs I'm looking for. I've read the book "Reversing - The secrets to reverse engineering". I'm looking for more resources to gain ability. Any suggestions that helped you along? Thanks!

    ReplyDelete
  2. Well, most of what I learned came from exploring or Google-ing, plus a little bit here and there from Reddit (more recently). Sometimes I will task myself with something that at first glance seems ridiculously challenging and I will make sure I see it through - it usually ends up teaching me quite a bit and being much easier than I expect. This post is an example of that. One of my hobbies is writing hacks for games, and one of the communities I'm a part of spends a good portion of a week after game updates sharing new data addresses and code locations. I told myself I would find an easier way, and now I'm updating my software in 25 minutes, as opposed to 6 hours, with this program which I wrote in less than a day. That's pretty much all I can tell you: "Explore."

    ReplyDelete