Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» ~=?{The future is here, TastyExploit officially open to the public}?=~
Tue Mar 02, 2010 11:00 pm by Dami

» My first aa script
Tue Mar 02, 2010 7:00 am by wafflemaster

» the real story behind Maverin
Tue Mar 02, 2010 1:33 am by SoundOfDeat

» Random spam
Mon Mar 01, 2010 11:52 pm by Danny1994

» [Request] EMS v56 Exe
Mon Mar 01, 2010 12:39 am by Dami

» [Blacklist] NX-Trading Blacklist.
Mon Mar 01, 2010 12:38 am by Danny1994

» I have a question regarding the meso farmer
Sat Feb 27, 2010 10:30 pm by Dami

» What are you listening to now?
Sat Feb 27, 2010 7:57 pm by Noname111111

» Video(s) Of The Day
Sat Feb 27, 2010 7:37 pm by Noname111111

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
Affiliates
free forum
 



[TuT]Converting debug (EIP) scripts to non debug

Go down

[TuT]Converting debug (EIP) scripts to non debug

Post by Ant on Sat Nov 07, 2009 10:54 pm

It seems like there's many people who got problems with debug, and therefore, I will create this tutorial on how to create it non-debugged.

Here's maxGridLock, eMS v57, debugged.
Code:

// maxGridLock - Debugged
// Updated by Ant3, eMS v57
// Address: 0081B057
// EIP: maxGridLock
[enable]
registersymbol(maxGridLock)
registersymbol(maxGridLockOnOff)
registersymbol(EDIValue)
registersymbol(MaxItemRed)
alloc(maxGridLock, 256)
alloc(maxGridLockOnOff,4)
alloc(EDIValue, 4)
alloc(MaxItemRed,4)
label(doGridLockNormal)
label(doGridLockVac)
label(doGridLockVac2)
label(doGridLockOnly)

maxGridLockOnOff:         
    dd 1                 
EDIValue:
    dd 0                 
MaxItemRed:
    DD 0                 

maxGridLock:
    pushfd
    Push Eax
    Push Ecx
    Mov Eax,[0099df5c]
    Add Eax, e88
    Mov Eax, [Eax]
    Sub Eax, C
    Cmp EBX,Eax
    Pop Ecx
    Pop Eax
    Je doGridLockVac
    Push Eax
    Mov Eax,[Ebx+114]
    Mov [EDIValue],Eax
    Pop Eax
doGridLockOnly:
    popfd
    ja 0081b126
    jmp 0081B05D
doGridLockVac:
    cmp [maxGridLockOnOff], 0 
    je doGridLockNormal
    cmp [EDIValue], 0         
    je doGridLockNormal
    cmp eax, 0               
    je doGridLockNormal
    cmp ebx, 0             
    je doGridLockNormal
    cmp eax, 20             
    jne doGridLockNormal
    cmp edx, 0             
    jne doGridLockNormal
    cmp ecx, 0               
    jne doGridLockNormal
doGridLockVac2:
    push eax
    mov eax,[EDIValue]
    mov [EBX+110],eax
    mov [EBX+114],eax
    pop eax
    popfd
    jmp 0081B080
doGridLockNormal:
    popfd
    ja 008169d9
    jmp 0081B05D

[DISABLE]
dealloc(maxGridLock)
dealloc(maxGridLockOnOff)
dealloc(EDIValue)
unregistersymbol(maxGridLock)
unregistersymbol(maxGridLockOnOff)
unregistersymbol(EDIValue)

To create it non debug, which allows you to just tick it to activate it instead of messing around with EIP to activate, do the following:

Find the following Addy(s) and the EIP(s).
Code:

// Address: 0081B057
// EIP: maxGridLock

Put it to the enable part of the script, like this (Scroll down):
Code:

[enable]
registersymbol(maxGridLock)
registersymbol(maxGridLockOnOff)
registersymbol(EDIValue)
registersymbol(MaxItemRed)
alloc(maxGridLock, 256)
alloc(maxGridLockOnOff,4)
alloc(EDIValue, 4)
alloc(MaxItemRed,4)
label(doGridLockNormal)
label(doGridLockVac)
label(doGridLockVac2)
label(doGridLockOnly)

maxGridLockOnOff:         
    dd 1                 
EDIValue:
    dd 0                 
MaxItemRed:
    DD 0                 

maxGridLock:
    pushfd
    Push Eax
    Push Ecx
    Mov Eax,[0099df5c]
    Add Eax, e88
    Mov Eax, [Eax]
    Sub Eax, C
    Cmp EBX,Eax
    Pop Ecx
    Pop Eax
    Je doGridLockVac
    Push Eax
    Mov Eax,[Ebx+114]
    Mov [EDIValue],Eax
    Pop Eax
doGridLockOnly:
    popfd
    ja 0081b126
    jmp 0081B05D
doGridLockVac:
    cmp [maxGridLockOnOff], 0 
    je doGridLockNormal
    cmp [EDIValue], 0         
    je doGridLockNormal
    cmp eax, 0               
    je doGridLockNormal
    cmp ebx, 0             
    je doGridLockNormal
    cmp eax, 20             
    jne doGridLockNormal
    cmp edx, 0             
    jne doGridLockNormal
    cmp ecx, 0               
    jne doGridLockNormal
doGridLockVac2:
    push eax
    mov eax,[EDIValue]
    mov [EBX+110],eax
    mov [EBX+114],eax
    pop eax
    popfd
    jmp 0081B080
doGridLockNormal:
    popfd
    ja 008169d9
    jmp 0081B05D

0081B057:
jmp maxGridLock

Now you can activate it by simply ticking it. But the disable part of the script is not fully correct.

Do the following:

Go to the address with memory view, and copy the op-code.

(Memory view-> CTRL+G-> 0081B057)

Green = Address

Blue = AOBs/Part of AOBs
Red = Our address op-code

Now add the following to the disable part of the script:
Code:

0081B057:
ja 0081b126 // The orginal op-code of our address

Result:
Code:

// maxGridLock - Non-debugged
// Updated by Ant3, eMS v57
[ENABLE]
registersymbol(maxGridLock)
registersymbol(maxGridLockOnOff)
registersymbol(EDIValue)
registersymbol(MaxItemRed)
alloc(maxGridLock, 256)
alloc(maxGridLockOnOff,4)
alloc(EDIValue, 4)
alloc(MaxItemRed,4)
label(doGridLockNormal)
label(doGridLockVac)
label(doGridLockVac2)
label(doGridLockOnly)

maxGridLockOnOff:         
    dd 1             
EDIValue:
    dd 0           
MaxItemRed:
    DD 0                 

maxGridLock:
    pushfd
    Push Eax
    Push Ecx
    Mov Eax,[0099df5c]
    Add Eax, e88
    Mov Eax, [Eax]
    Sub Eax, C
    Cmp EBX,Eax
    Pop Ecx
    Pop Eax
    Je doGridLockVac
    Push Eax
    Mov Eax,[Ebx+114]
    Mov [EDIValue],Eax
    Pop Eax
doGridLockOnly:
    popfd
    ja 0081b126
    jmp 0081B05D
doGridLockVac:
    cmp [maxGridLockOnOff], 0 
    je doGridLockNormal
    cmp [EDIValue], 0         
    je doGridLockNormal
    cmp eax, 0               
    je doGridLockNormal
    cmp ebx, 0             
    je doGridLockNormal
    cmp eax, 20             
    jne doGridLockNormal
    cmp edx, 0             
    jne doGridLockNormal
    cmp ecx, 0               
    jne doGridLockNormal
doGridLockVac2:
    push eax
    mov eax,[EDIValue]
    mov [EBX+110],eax
    mov [EBX+114],eax
    pop eax
    popfd
    jmp 0081B080
doGridLockNormal:
    popfd
    ja 008169d9
    jmp 0081B05D

0081B057:
jmp maxGridLock

[DISABLE]
0081B057:
ja 0081b126 // The orginal op-code of our address

dealloc(maxGridLock)
dealloc(maxGridLockOnOff)
dealloc(EDIValue)
unregistersymbol(maxGridLock)
unregistersymbol(maxGridLockOnOff)
unregistersymbol(EDIValue)

I hope you learned something today.

Sezabi wrote:You missed out to point what to do when you got a
simple or too long instruction, since a jmp is 6 bytes, and, for
example, push is one byte long. In this case you have to add nops after
the jump to your function (how much - it depends on what you
edited).

// Ant3


Last edited by Ant on Sun Nov 08, 2009 3:42 am; edited 1 time in total
avatar
Ant
V.I.P
V.I.P

Posts : 244
Join date : 2009-10-30
Age : 22

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Dami on Sat Nov 07, 2009 11:03 pm

Gotta love the picture
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 28
Location : Finland

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Danny1994 on Sat Nov 07, 2009 11:50 pm

Nice TuT o:
(I like the pic too Smile)
avatar
Danny1994
Silver Member
Silver Member

Posts : 376
Join date : 2009-08-16
Age : 23
Location : Germany

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Dami on Sun Nov 08, 2009 12:39 am

Well if someone didnt know this already, then he doesnt know the basics.
And thats bad, really bad!
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 28
Location : Finland

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Sezabi on Sun Nov 08, 2009 3:01 am

You missed out to point what to do when you got a simple or too long instruction, since a jmp is 6 bytes, and, for example, push is one byte long. In this case you have to add nops after the jump to your function (how much - it depends on what you edited).

_________________
avatar
Sezabi
Moderator
Moderator

Posts : 161
Join date : 2009-08-13
Age : 26
Location : Bulgaria

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Ant on Sun Nov 08, 2009 3:45 am

Quoted your post and added it to my main post.
avatar
Ant
V.I.P
V.I.P

Posts : 244
Join date : 2009-10-30
Age : 22

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Dami on Sun Nov 08, 2009 3:52 am

Sezabi wrote:You missed out to point what to do when you got a simple or too long instruction, since a jmp is 6 bytes, and, for example, push is one byte long. In this case you have to add nops after the jump to your function (how much - it depends on what you edited).

Yeah for this reason some scripts cannot be really made non eip.
You need at least 5 bytes to create a far jump away from the original code, to reroute it to a codecave that is.
With eip you can pick what address you want, and tell your processor to make an exception there and to reroute it to the codecave address.
That is one reason dr's cannot be detected with mere crc check.
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 28
Location : Finland

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Tom on Thu Nov 12, 2009 5:38 pm

Thanks, this is helping me convert EIP scripts Smile.
avatar
Tom
New member
New member

Posts : 63
Join date : 2009-09-17
Age : 22
Location : England, a dump.

http://www.1337.freevar.com

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Ant on Thu Nov 12, 2009 11:51 pm

I'm glad you had some use of it.
avatar
Ant
V.I.P
V.I.P

Posts : 244
Join date : 2009-10-30
Age : 22

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Tom on Sun Nov 15, 2009 12:46 am

Hmm, this didn't work for one of my scripts, I must have done it wrong.
avatar
Tom
New member
New member

Posts : 63
Join date : 2009-09-17
Age : 22
Location : England, a dump.

http://www.1337.freevar.com

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Ant on Sun Nov 15, 2009 10:43 pm

May I look at it?
avatar
Ant
V.I.P
V.I.P

Posts : 244
Join date : 2009-10-30
Age : 22

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Danny1994 on Mon Nov 16, 2009 4:18 am

Btw does MaxGridLock A/B ?
avatar
Danny1994
Silver Member
Silver Member

Posts : 376
Join date : 2009-08-16
Age : 23
Location : Germany

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Ant on Mon Nov 16, 2009 4:24 am

I don't think so, but maybe it DCs.

You test it.
avatar
Ant
V.I.P
V.I.P

Posts : 244
Join date : 2009-10-30
Age : 22

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Danny1994 on Mon Nov 16, 2009 4:43 am

Because if not it would be awesome for big maps like vikings Smile
avatar
Danny1994
Silver Member
Silver Member

Posts : 376
Join date : 2009-08-16
Age : 23
Location : Germany

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by wafflemaster on Mon Nov 16, 2009 4:55 am

Good guide. You should make one for converting non-debug registers -> debug registers.

wafflemaster
V.I.P
V.I.P

Posts : 123
Join date : 2009-10-27

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by reread on Sun Jan 03, 2010 9:33 pm

this really made things clear for me, thanks Very Happy
avatar
reread
New member
New member

Posts : 51
Join date : 2009-12-30

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Nipasd on Sun Jan 24, 2010 4:12 am

wow took me like half hours to get it but thx for this Smile now i know how to do Razz

Nipasd
New member
New member

Posts : 39
Join date : 2009-11-19

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by chris4life on Mon Feb 22, 2010 9:24 pm

Good for learning

chris4life
BanHammered
BanHammered

Posts : 48
Join date : 2010-02-12

Back to top Go down

Re: [TuT]Converting debug (EIP) scripts to non debug

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top


 
Permissions in this forum:
You cannot reply to topics in this forum