Using Softice to defeat DMA by Gorgnut
Welcome to my second tutorial, this time we will defeat DMA using
Softice.
To be honest to you guys, i recently learned using Softice. The main reson
was that when i was using the Autohack option in TSearch, it rebooted my
computer! I had to find another way. I already knew that Softice could do
the job, but i thought that it was really advanced and hard. It wasint.
A bit knowledge of ASM can be usefull tho...
I wont do a super detailed tutorial on this, and it is required that you
can use a memory searcher. I wont go throught the step where you use the
memory searcher. I asume you already have found your value that you want
to hack and now you want to find the offset for it, the one that doesint
change when you restart the game.
Well lets get on with it should we?
In your game, push CTRL + D. Softice should popup. First we will have to
change some things.
Write WR and push return
This will give you the REGISTER window. It is preety little and is at the
very top of Softice.
Write WD and push return
This will give you the DUMP WINDOW.
Write WC and push return
This gives you the CODE WINDOW. It is the main window and what you see there is assembly
launguage.
Great! Now we have setted things up nice and clean. Lets get on with the tutorial.
I will now explain what breakpoints are. Due to that im writing this 01:00 in the morning im pretty tierd and will only explain
BPM, Breakpoint on Memory Access. In Softice we use the command BPM ADRESS W or R. What i mean by W or R is that, W stands for Write and R stands for Read. So if somthing gets written to the location we use BPM ADRESS W. If something gets readed at the location we use BPM ADRESS R. Mostly it is the write method.
EXAMPLE: I want to get the offset of a games ammo adress, then i use
BPM ADRESS W Ofcourse you replace the ADRESS with YOUR adress, like 50A7F or something.
Well that wasint so hard was it?
Here is what you got to do to defeat DMA using Softice.
1. Find your adress with a memory searcher.
2. In game, boot up Softice using CTRL + D.
3. Put a breakpoint on your adress using BPM ADRESS W
4. Push CTRL + D to get back to your game and do something to that effects your value.
5. BOOM! Softice pops up! Now all you really see is a bunch of ASM code. I will teach you a little trick here! Softice pops up at a special offset. However this is probably not the adress that you should
freeze/"nop out".
But if you look at line above the one that where Softice pops up, you can see something like:
011E: 005A53F 378C84 SUB [EAX], ECX
The SUB stands for subtract. There are other things that work like SUB.
Like DEC which stands for decrease. Now in a situation where you wanted to freeze the ammo for some game, it is often a thing like SUB or DEC your gonna look for.
So to NOP out these (NOP stands for NO OPERATION) you do the following:
Write A theoffset, like this A 5A53F
Once you done that your in like an "editing mode"
Now, what we are going to to do is to NOP out 378C84 (ofcourse you have an own thing to NOP out..). But first a basic rule here: When you nop something you put over write something with 90. For every 2 numbers you put a 90.
EXAMPLE: 378C84 would need 3 NOP's.
--------
NOPNOPNOP
Now, to nop it when you are inside of the editing mode:
write 90 and push enter, do that for every nop thing.
EXAMPLE: To nop 378C84:
write NOP and push enter
write NOP and push enter
write NOP and push enter
then without writing anything push enter to get out of the "editing mode"
Thats about it! Press CTRL + D to get back to your game and try it out!
Got any problems? Im on EfNet all the time, #Gamehacking
Or send it to gorgnut@hotmail.com
|
|
