尝试使用C ++更改命令 [英] Trying to change the command with C++

问题描述

嘿，
我正在尝试更改exe文件中的内容.
我在ollydbg中以及更改命令时找到了命令. exe发生变更
(在游戏中)
但是我只需要帮助，可以使用dll对其进行更改..
这是ollydbg中的命令:

单击此处打开pictuce1.

现在，我可以像这样更改它:

单击此处打开pictuce2.

保存文件，它将在游戏中更改.
但是这个命令我又在另一个地方了.
我需要这个，你看到这之后的命令吗?
此命令:

Hey,
I''m trying to change someting in exe file.
I found command in ollydbg, and when I change the command. someting change in the exe
(on game)
But what I just need help with, its to change it with a dll ..
Here the command in ollydbg:

Click here to open pictuce 1.

Now, I can change it like this:

Click here to open pictuce 2.

save the file, and its will change in the game .
But this command I have again in a diffrence place.
and I need this one, you see the command after this one ?
this commands:

mov dword ptr [ebp-10],7
mov dword ptr [ebp-10],0E
mov dword ptr [ebp-10],8
mov dword ptr [ebp-10],9
mov dword ptr [ebp-10],29

所以基本上我需要地址:004BA5FB.

单击此处打开pictuce1.

现在，我只想知道如何使用dll进行更改..
感谢您阅读和阅读help:)

So basically I need the address: 004BA5FB.

Click here to open pictuce 1.

Now, I just want to know how I can change it with the dll ..
Thanks for read & help :)

推荐答案

广义上讲，如果不了解可执行程序的结构，就无法做到这一点.您实际上需要复制调试程序的大部分操作.您可以尝试在Google上搜索有关可执行代码文件的信息，但是您仍然需要做很多工作.

Broadly speaking, you cannot do this without learning about the structure of executable programs; you effectively need to duplicate much of the operation of the debug program. You could try a Google search for information on executable code files but you will still have a lot of work to do.

为什么需要它?我想您可能想重定向一个函数调用?

Why do you need that? I suppose you probably want to redirect a function call?

如果您正在玩OllyDbg，则应该前往tuts4you，exetools或woodmann论坛.

您将获得大量有关从RVA地址转换为文件偏移量的信息.

当然，另一种选择是选择一个从目标位置开始的字节范围(假设为16)，然后检查该字节在内存映像/exe文件中是否唯一.在这种情况下，您可以简单地打开，读取搜索并替换，然后写入该进程的内存.

另一个选择是仅获取一个应用程序修补程序(上面提到的第一个论坛上有很多)，您给它指定了目标exe名称，文件偏移量或搜索字符串，最后是修补程序字节.您应该能够下载并配置一个程序，以在20分钟内修复" exe文件.

此外，对于它的价值-如果要更改突出显示的说明中的2:

If you''re playing with OllyDbg, you should head over to either tuts4you, exetools or woodmann forums.

You''ll get plenty of information there about converting from a RVA address to a file-offset.

The other alternative, of course is to select a range of bytes starting at the target location (lets say 16) Then check to see if the bytes are unique in the memory image/exe file. If this is the case, you can just simply open, read search and replace, then write to the process''s memory.

Yet another alternative is to just get an app patcher (plenty at first forum mentioned above) You give it a target exe name, a file offset or search string and finally the patch bytes. You should be able to download and configure one to ''fix'' the exe file in under 20 mins.

Also, for what it''s worth - if you want to change the 2 in the highlighted instruction:

MOV DWORD PTR SS:[EBP-10], 2

然后实际上是从地址0x004BA5F E(不是0x004BA5 B)开始的4个字节之后

Then you''re actually after the 4 bytes starting at the address 0x004BA5FE (not 0x004BA5B)

这篇关于尝试使用C ++更改命令的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！