ZenHAX

Free Game Research Forum | Official QuickBMS support | twitter @zenhax | SSL HTTPS://zenhax.com
It is currently Tue Jun 27, 2017 5:22 am

All times are UTC




Post new topic  Reply to topic  [ 7 posts ] 
Author Message
PostPosted: Wed Apr 12, 2017 1:35 am 

Joined: Tue Jul 12, 2016 9:37 am
Posts: 9
Hi, please move this thread if I'm in the wrong section.

I need help in debugging the .dll in ollydbg.

What I am trying to do is to change ID for PCMesh so that I can add more 3d model/mesh/ID to be use in the future.

The default ID for the PCMesh,

Start ID is 10301 = 283D
End ID is 10999 = 2AF7


Image
Image
Image



If I will just try to expand 10999 to 11999/12999 etc it cannot be done because on 11,000-300,000+ is use by NPC Dialogue and others.

So to be safe I want to change it to start ID in 400,000 and end ID in 405,000.

I edited two location of PCMesh offset 10025348 and 10045C90.

Image
Image



After that when I test it, this one appears.

Image



I look at the crash report but I cannot understand what to change.

Image



It seems I have to edit something inside HT3DHeaven.dll.

I tried looking the offset in HT3DHeaven.dll from the crash report but I dont have any clue or idea what to do next.

Please help, thank you.


Code:
https://mega.nz/#!3pMUUTRZ!Ykf5V3XUF9t6B_fpaYCfmIDR2UC8Ei6U4PTNJCqhMEY


Top
   
PostPosted: Sat Apr 15, 2017 2:10 pm 

Joined: Tue Jul 12, 2016 9:37 am
Posts: 9
Up, please help.


Top
   
PostPosted: Sat Apr 15, 2017 6:22 pm 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 90
From the look of your 2nd screenshot before the edits, the code is doing a big if / else if table such as:
Code:
if (EAX < 0x283D || EAX > 0x2AF7) {
    EAX = "PCMesh";
}
else if (EAX < 0x4E21 || EAX > 0x55EF) {
    EAX = "PCTex";
}


And so on. Based on that, I would say your hot-patching is not the way to go to fix this or do what you want. Instead, an inline patch that jumps to a cave and continues the if/else checks would probably be your better bet. Either at the top or bottom if that large if/else (ja/jb) table, create a code cave jump to your own code and add onto the checks using your custom range that you want to also use for PCMesh. As normal in a code cave, replace any code you used to create the jump, then jump back as normal etc.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Sun Apr 16, 2017 11:42 am 

Joined: Tue Jul 12, 2016 9:37 am
Posts: 9
atom0s wrote:
From the look of your 2nd screenshot before the edits, the code is doing a big if / else if table such as:
Code:
if (EAX < 0x283D || EAX > 0x2AF7) {
    EAX = "PCMesh";
}
else if (EAX < 0x4E21 || EAX > 0x55EF) {
    EAX = "PCTex";
}


And so on. Based on that, I would say your hot-patching is not the way to go to fix this or do what you want. Instead, an inline patch that jumps to a cave and continues the if/else checks would probably be your better bet. Either at the top or bottom if that large if/else (ja/jb) table, create a code cave jump to your own code and add onto the checks using your custom range that you want to also use for PCMesh. As normal in a code cave, replace any code you used to create the jump, then jump back as normal etc.



I see, thank you for the advice. I will look for more tutorial about codecave since this is my first time and I dont really know about ASM Language.

I'll get back as soon as I get it and post the code for more advice if problem occurs.

A question though,

- I will make 1 codecave from the if/else right?
- and the second code for pcmesh is ok to edit right away?

I have a private question to ask @atom0s, kindly check your inbox. Thank you.


Top
   
PostPosted: Sun Apr 16, 2017 6:23 pm 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 90
The cave depends on how you want to approach it, do you want to just patch the exe? Do you want to create a loader that does the patch for you leaving the original exe untouched? Do you want to inject a DLL that makes the patches, again leaving the original exe untouched?

The idea is that you need to find some area in the games exe that is either just 00's, 90's or CC's in a big enough chunk that you can make your cave inside of it, have the code you need to add, then jump back to the original code. You also need to make sure that the area of memory you use is not used for anything else at some point in the game. Generally, this is why creating your own block of memory for a cave is generally better if possible. (ie. using VirtualAlloc within the process, or VirtualAllocEx remotely.)

You will want to jump from the original code, anywhere you feel is best be it at the start of that if/else or the end of it, or even in the middle of it, up to you really. Restore any code you altered within the cave, do your new code, then jump back to the original.

I wouldn't suggest editing the code as-is, and instead do what you need within the cave only since you want to add new ranges for the game to look for new things.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
PostPosted: Mon Apr 17, 2017 3:02 am 

Joined: Tue Jul 12, 2016 9:37 am
Posts: 9
atom0s wrote:
The cave depends on how you want to approach it, do you want to just patch the exe? Do you want to create a loader that does the patch for you leaving the original exe untouched? Do you want to inject a DLL that makes the patches, again leaving the original exe untouched?

The idea is that you need to find some area in the games exe that is either just 00's, 90's or CC's in a big enough chunk that you can make your cave inside of it, have the code you need to add, then jump back to the original code. You also need to make sure that the area of memory you use is not used for anything else at some point in the game. Generally, this is why creating your own block of memory for a cave is generally better if possible. (ie. using VirtualAlloc within the process, or VirtualAllocEx remotely.)

You will want to jump from the original code, anywhere you feel is best be it at the start of that if/else or the end of it, or even in the middle of it, up to you really. Restore any code you altered within the cave, do your new code, then jump back to the original.

I wouldn't suggest editing the code as-is, and instead do what you need within the cave only since you want to add new ranges for the game to look for new things.



I would really like to have a DLL that make the patches because it's flexible but with my skill set and knowledge as of now I think I will just do the patches in the exe.

Yes, I understand now. There is a huge space at the end of the exe there I could make the cave and jump back to the target block.

What I dont know yet is how to make 2 set of range of ID like the "PCTMD" tab, it uses two range.

I want to make the "PCMesh" to add new set of ID instead of changing the old one.

If I will copy the code of "PCTMD" second range of ID, I dont know what I will edit so that I can connect it to PCMesh to establish new set of ID.

I think I will try to do some trial and error for now and get back here with the codes.


Top
   
PostPosted: Mon Apr 17, 2017 5:13 pm 
User avatar

Joined: Sat Dec 27, 2014 8:49 pm
Posts: 90
If you inject a DLL you can use a 'naked' function inside of your DLL to be the cave instead of worrying about finding usable memory or allocating more inside of the game.

_________________
My personal site: http://atom0s.com
Donations can be made via Paypal: Click Here


Top
   
Display posts from previous:  Sort by  
Post new topic  Reply to topic  [ 7 posts ] 

All times are UTC


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Powered by phpBB® Forum Software © phpBB Limited