Go Back   FileForums > Games > Game Coders
Reload this Page Infernal - Trainer & Gadgets
Register FAQ Community Calendar Today's Posts Search

 
 
Thread Tools Search this Thread Display Modes
Prev Previous Post   Next Post Next
  #14  
Old 17-04-2007, 01:05
TippeX's Avatar
TippeX TippeX is offline
zeroes and ones.....
  
Join Date: Jan 2003
Posts: 3,842
Thanks: 2
Thanked 33 Times in 23 Posts
TippeX is on a distinguished road
Quote:
Originally Posted by کunβeam View Post
Also, how would eax go out of the boundaries, when : [1] it's stacked; [2] it only increases so far as bl is not 0; [3] eax gets restored, so nothing crashes; [4] the sub uses the pop'd eax...?
okay, here goes, u say eax = stack.. fine
cave:

pushad ; preserve registers
loop: ; loop begin
mov bl, [eax+14] ; okay, eax supposedly on the stack
cmp bl, 79 ; is bl = 79
je enemy ; if so, boing out of this routine
cmp bl, 0 ; is bl = 0 (presumably end of string)
je out ; if so, boing out
inc eax ; incriment our pointer by 1
jmp loop ; loop << this is where u can cause a crash eax may be on stack, but the stack does have limits, and this could be reproduced by puting crap in eax
out:
popad ; restore the registers
jmp back ; get out
enemy: ; enemy portion
popad ; restore registers
sub [eax+538],ecx ; and do the mathy thing
jmp back ; then get out

back:


flags not preserved, the sub [eax+538], ecx can adjust the flags

Quote:
[2] it only increases so far as bl is not 0;
erm, it only increases as far as when byte @ [eax] = 0, it will keep going on until this happens or it finds the 'y'

what i would do is check that the byte @ eax fits within an 'acceptable' character range, then i would do an lstrlen or so on it to calculate its length and work from that... its relatively safer..

like check it fits within 'a->z/0-9' or 'A->Z /0-9' then begin processing
the game could act on the flags, from the code, so the cmp, etc can screw
the flags, ideally what u want to do is to set the flags for when u handle the player portion, (where u set the flags to a good condition), and leave them as-is for the enemy portion..

such code could be like

call check_ammo_amount ; this would be the code that you patch
jz user_has_no_ammo

etc..
where the flags are DEFINATELY important, it depends on how the game was coded, but its worth paying attention to..

and i guess u can pity me joe, cos i started out in the dos days, interrupts, 8 bit, 16 bit, pmode... all fun to learn though
__________________
bleh
DO NOT PM me with questions, leave that in the forums...ESPECIALLY if i dont know you...
Last edited by TippeX; 17-04-2007 at 08:28.
 

« Previous Thread | Next Thread »

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Rainbow Six Vegas v1.04 Trainer Doesn't work mfw41 Game Trainers 7 30-03-2007 22:13
The best (and fun) NFS:Carbon trainer available intoksicated General Gaming 3 22-12-2006 04:55
Gothic 2 Trainer prb Dark3lement General Gaming 3 17-08-2006 15:50



All times are GMT -7. The time now is 14:25.

FileForums - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2026, vBulletin Solutions Inc.
FileForums @ https://fileforums.com