Text strings & Code caves?

RobotGymnast · #1 08-03-2008, 05:14 AM

When you search "all referenced text strings" in ollyDBG, it gives you addresses and commands beside the strings. I can understand how the address could be the address in memory, but what about the command? Is it the command that wrote that string or what?

Also, I want to insert my own code into some games or whatever, but if I code cave a line, even without inserting my own code, it crashes. Why is this? Also, I want to do something like if eax == [some address] then mov [eax],0x3E7 (like set HP to 0x3E7/999), how do I do that?

wassssup34579 · #2 08-03-2008, 10:32 AM

the command is what it would be it the variable type wasnt a string.

your not supposed to "cave a line". code caves are already created when the program was compiled, unless the .CODE section was manually increased.

in ollydbg, your code would be like this:

Code:

0046FFC7     3D F8324500    CMP EAX,asdf.004532F8
0046FFCC     75 06          JNZ SHORT asdf.0046FFD4
0046FFCE     C700 E7030000  MOV DWORD PTR DS:[EAX],3E7
0046FFD4     90             NOP

whereas 004532F8 is the address. also, JNE = JNZ. its automatically changed in ollydbg when you use jne.

RobotGymnast · #3 08-03-2008, 10:39 AM

ohh I get it.

err I just mean say in say Cheat Engine when you want to insert your own code, it allocates memory and jumps to it, then jumps back, but if I do that without changing any code (aside from the automatic jumps it puts in) it crashes.

wassssup34579 · #4 08-03-2008, 11:02 AM

cheat engine doesnt do that. it just overwrites the existing code.

RobotGymnast · #5 08-03-2008, 11:04 AM

no it doesn't. if you do "code injection* it allocates memory, puts the code in there, jumps to it, and jumps back

when you're in the memory window it's like ctrl+A, template>code injection

wassssup34579 · #6 08-03-2008, 11:12 AM

ohh, i thought you meant like to go memory viewer>right click>Assemble.

RobotGymnast · #7 08-03-2008, 11:43 AM

ohh no. I wanna insert my own code sometimes, but it always crashes even if I don't (like if I say inject code, but then don't add any).. any idea why?

wassssup34579 · #8 08-03-2008, 12:38 PM

you also have to make sure that all the registers and the stack is exactly the same when you jump back to the original program. any slight change can lead to that.

RobotGymnast · #9 08-03-2008, 12:45 PM

well I don't change anything! I just jump out, run the instruction, jump back in. The instruction(s) run are the ones where the jump out statement currently is. I don't add any code.

it's like

Code:

00000000:
mov [eax],4523

becomes

Code:

00000000:
jump 12345678
....
12345678:
mov [eax],4523
jump 00000000

no changes, I just click code injection, it creates the jump statements, but then I inject without changing any code, and it just puts the original code there.