I know it have been asked before but I searched and didn't found that exact post where someone quoted some lines in Olly that indicates where the ^x
are located. I would like know them because I'm going to try to add some new colors.
Thank you.
I know it have been asked before but I searched and didn't found that exact post where someone quoted some lines in Olly that indicates where the ^x
are located. I would like know them because I'm going to try to add some new colors.
Thank you.
Aristrum (marky) has this done, he said it was amazingly simple, he did it right after my computer crashed D:
This dosn't help...
No, thats changing pre-existing codes.Originally Posted by x1nixmzeng
He wants to add new ones, for example ^:
just give it a few more days, i bet it will be released soon enough
Since everyone dodges the answer, would there be a possible way of finding that segment ?
lol dodging and telling you that you are being impatient are different "sir" search it for yourself if your so anxious
lolwut?
idk i had to come up with something, i dont like the term dodge xDDD
Tried Searching for all referenced strings but nothing at the end...
Since you asked...
(Don't complain about how I write things in ASM: if you don't like it, change it! :P. You should get how it works here anyway.)
This tutorial assumes you're using a variant of "Xiaos" runnable (I'm using the unmasked runnable.) If you follow my instructions exactly, you'll get two new colours, Cyan and Teal. (^:, ^; respectively)
It also assumes some basic knowledge of OllyDbg.
1) Go to address 005466F3
2) This CMP is the maximum ASCII hex # you're going to add a colour for. I'm adding a colour for 0-; in ascii so I've changed it to CMP CL,3B
3) Go to address 0054679C
4) Change this to a JMP to a large, empty area. I used 005E5203, but you're welcome to change that if you'd like.
5) Go to the address mentioned in 4.
6) Place all of the colours in this format, or if not, figure out your own. Replace all bold parts with your stuff.
(Note: You need to start from ASCII 30 as this is 0, and we replaced it with a JMP, so we've got to redo 0-9.)
Once you've done all the colours, instead of another CMP, ASCII, do MOV EAX, -1 and JMP back to the original function. This should make it white if you missed any colours out.
Look below for exactly what I did...
7) For example, this is what I have.Code:CMP EAX, ASCII HEX CODE JNZ NEXT CMP MOV EAX, ARGB CODE JMP 005467A3 ... REPEAT FOR ALL ASCII NUMBERS YOU CHOSE ... MOV EAX,-1 JMP 005467A3
Note how I have all the old colours there, and my new ones on the end. (3A and 3B.)Code:005E5203 > \83F8 30 CMP EAX,30 005E5206 . 75 0A JNZ SHORT Aristrum.005E5212 005E5208 . B8 808080FF MOV EAX,FF808080 005E520D .^ E9 9115F6FF JMP Aristrum.005467A3 005E5212 > 83F8 31 CMP EAX,31 005E5215 . 75 0A JNZ SHORT Aristrum.005E5221 005E5217 . B8 0000FFFF MOV EAX,FFFF0000 005E521C .^ E9 8215F6FF JMP Aristrum.005467A3 005E5221 > 83F8 32 CMP EAX,32 005E5224 . 75 0A JNZ SHORT Aristrum.005E5230 005E5226 . B8 00FF00FF MOV EAX,FF00FF00 005E522B .^ E9 7315F6FF JMP Aristrum.005467A3 005E5230 > 83F8 33 CMP EAX,33 005E5233 . 75 0A JNZ SHORT Aristrum.005E523F 005E5235 . B8 FF0000FF MOV EAX,FF0000FF 005E523A .^ E9 6415F6FF JMP Aristrum.005467A3 005E523F > 83F8 34 CMP EAX,34 005E5242 . 75 0A JNZ SHORT Aristrum.005E524E 005E5244 . B8 00FFFFFF MOV EAX,-100 005E5249 .^ E9 5515F6FF JMP Aristrum.005467A3 005E524E > 83F8 35 CMP EAX,35 005E5251 . 75 0A JNZ SHORT Aristrum.005E525D 005E5253 . B8 000080FF MOV EAX,FF800000 005E5258 .^ E9 4615F6FF JMP Aristrum.005467A3 005E525D > 83F8 36 CMP EAX,36 005E5260 . 75 0A JNZ SHORT Aristrum.005E526C 005E5262 . B8 008000FF MOV EAX,FF008000 005E5267 .^ E9 3715F6FF JMP Aristrum.005467A3 005E526C > 83F8 37 CMP EAX,37 005E526F . 75 0A JNZ SHORT Aristrum.005E527B 005E5271 . B8 800000FF MOV EAX,FF000080 005E5276 .^ E9 2815F6FF JMP Aristrum.005467A3 005E527B > 83F8 38 CMP EAX,38 005E527E . 75 0A JNZ SHORT Aristrum.005E528A 005E5280 . B8 008080FF MOV EAX,FF808000 005E5285 .^ E9 1915F6FF JMP Aristrum.005467A3 005E528A > 83F8 39 CMP EAX,39 005E528D . 75 0A JNZ SHORT Aristrum.005E5299 005E528F . B8 FFFFFFFF MOV EAX,-1 005E5294 .^ E9 0A15F6FF JMP Aristrum.005467A3 005E5299 > 83F8 3A CMP EAX,3A 005E529C . 75 0A JNZ SHORT Aristrum.005E52A8 005E529E . B8 FFFF00FF MOV EAX,FF00FFFF 005E52A3 .^ E9 FB14F6FF JMP Aristrum.005467A3 005E52A8 > 83F8 3B CMP EAX,3B 005E52AB . 75 0A JNZ SHORT Aristrum.005E52B7 005E52AD . B8 808000FF MOV EAX,FF008080 005E52B2 .^ E9 EC14F6FF JMP Aristrum.005467A3 005E52B7 > B8 FFFFFFFF MOV EAX,-1 005E52BC .^ E9 E214F6FF JMP Aristrum.005467A3
8) Save your executable to somewhere new, launch it however and test it out. If you did everything as I said, you'd end up with something like this:
9) Now go back and add as many colours as you want. You'll end up with something like this.
Have fun doing all those colours. As I said, once you got this working, feel free to play with it to make it work better for you.
Thank you a lot. Ill try this in a couple minutes. Edit with my outcomeSince you asked...
(Don't complain about how I write things in ASM: if you don't like it, change it! :P. You should get how it works here anyway.)
This tutorial assumes you're using a variant of "Xiaos" runnable (I'm using the unmasked runnable.) If you follow my instructions exactly, you'll get two new colours, Cyan and Teal. (^:, ^; respectively)
It also assumes some basic knowledge of OllyDbg.
1) Go to address 005466F3
2) This CMP is the maximum ASCII hex # you're going to add a colour for. I'm adding a colour for 0-; in ascii so I've changed it to CMP CL,3B
3) Go to address 0054679C
4) Change this to a JMP to a large, empty area. I used 005E5203, but you're welcome to change that if you'd like.
5) Go to the address mentioned in 4.
6) Place all of the colours in this format, or if not, figure out your own. Replace all bold parts with your stuff.
(Note: You need to start from ASCII 30 as this is 0, and we replaced it with a JMP, so we've got to redo 0-9.)
Once you've done all the colours, instead of another CMP, ASCII, do MOV EAX, -1 and JMP back to the original function. This should make it white if you missed any colours out.
Look below for exactly what I did...
7) For example, this is what I have.Code:CMP EAX, ASCII HEX CODE JNZ NEXT CMP MOV EAX, ARGB CODE JMP 005467A3 ... REPEAT FOR ALL ASCII NUMBERS YOU CHOSE ... MOV EAX,-1 JMP 005467A3
Note how I have all the old colours there, and my new ones on the end. (3A and 3B.)Code:005E5203 > \83F8 30 CMP EAX,30 005E5206 . 75 0A JNZ SHORT Aristrum.005E5212 005E5208 . B8 808080FF MOV EAX,FF808080 005E520D .^ E9 9115F6FF JMP Aristrum.005467A3 005E5212 > 83F8 31 CMP EAX,31 005E5215 . 75 0A JNZ SHORT Aristrum.005E5221 005E5217 . B8 0000FFFF MOV EAX,FFFF0000 005E521C .^ E9 8215F6FF JMP Aristrum.005467A3 005E5221 > 83F8 32 CMP EAX,32 005E5224 . 75 0A JNZ SHORT Aristrum.005E5230 005E5226 . B8 00FF00FF MOV EAX,FF00FF00 005E522B .^ E9 7315F6FF JMP Aristrum.005467A3 005E5230 > 83F8 33 CMP EAX,33 005E5233 . 75 0A JNZ SHORT Aristrum.005E523F 005E5235 . B8 FF0000FF MOV EAX,FF0000FF 005E523A .^ E9 6415F6FF JMP Aristrum.005467A3 005E523F > 83F8 34 CMP EAX,34 005E5242 . 75 0A JNZ SHORT Aristrum.005E524E 005E5244 . B8 00FFFFFF MOV EAX,-100 005E5249 .^ E9 5515F6FF JMP Aristrum.005467A3 005E524E > 83F8 35 CMP EAX,35 005E5251 . 75 0A JNZ SHORT Aristrum.005E525D 005E5253 . B8 000080FF MOV EAX,FF800000 005E5258 .^ E9 4615F6FF JMP Aristrum.005467A3 005E525D > 83F8 36 CMP EAX,36 005E5260 . 75 0A JNZ SHORT Aristrum.005E526C 005E5262 . B8 008000FF MOV EAX,FF008000 005E5267 .^ E9 3715F6FF JMP Aristrum.005467A3 005E526C > 83F8 37 CMP EAX,37 005E526F . 75 0A JNZ SHORT Aristrum.005E527B 005E5271 . B8 800000FF MOV EAX,FF000080 005E5276 .^ E9 2815F6FF JMP Aristrum.005467A3 005E527B > 83F8 38 CMP EAX,38 005E527E . 75 0A JNZ SHORT Aristrum.005E528A 005E5280 . B8 008080FF MOV EAX,FF808000 005E5285 .^ E9 1915F6FF JMP Aristrum.005467A3 005E528A > 83F8 39 CMP EAX,39 005E528D . 75 0A JNZ SHORT Aristrum.005E5299 005E528F . B8 FFFFFFFF MOV EAX,-1 005E5294 .^ E9 0A15F6FF JMP Aristrum.005467A3 005E5299 > 83F8 3A CMP EAX,3A 005E529C . 75 0A JNZ SHORT Aristrum.005E52A8 005E529E . B8 FFFF00FF MOV EAX,FF00FFFF 005E52A3 .^ E9 FB14F6FF JMP Aristrum.005467A3 005E52A8 > 83F8 3B CMP EAX,3B 005E52AB . 75 0A JNZ SHORT Aristrum.005E52B7 005E52AD . B8 808000FF MOV EAX,FF008080 005E52B2 .^ E9 EC14F6FF JMP Aristrum.005467A3 005E52B7 > B8 FFFFFFFF MOV EAX,-1 005E52BC .^ E9 E214F6FF JMP Aristrum.005467A3
8) Save your executable to somewhere new, launch it however and test it out. If you did everything as I said, you'd end up with something like this:
9) Now go back and add as many colours as you want. You'll end up with something like this.
Have fun doing all those colours. As I said, once you got this working, feel free to play with it to make it work better for you.
XD didn't see you made a tut ;p would of posted there instead
Last edited by Nobody666; 11-08-09 at 01:00 PM.
/close topic
in tut section as of now
Thanks man ^^
Reply With Quote
