[ASM] Changing Offsets

[cerealnp]

Hi guys, i was starting to get bored with cheaters on my server, and some time ago i started to code a c++ antihack. But, i was thinking now, wouldn't be easier to simply change the ZCharacter::SetHP, ZCharacter::SetAP etc. function offsets, so the dll wont work (Yes, i discovered this by myself). So, im asking you guys help... Simply jumping the funcion offset to another place and writing it again there than jumping again to the original place will work? Thanks for the help =P

 

[shortymant]

i believe so.
But, i think there is just a little bit more than that.
ask ijji? :O

 

[cerealnp]

I think ijji wont help me =P
But maybe you can =]
Is there something else i have to do to make it work?
Ty

 

[Lambda]

You can change the Image base value of the PE Header, but to get this working you must fix all the relocations of the executable or it will not work.

Ijji doesnt change the addresses, when ijji/official server makes a update, it simply puts a newer (with more code, more addresses) executable.

You also can copy the entire function, replace the original function with 0's and then paste the function at the end of the runnable, but you must fix all the calls/absolute jmps to get it working

 

[cerealnp]

Ty Lambda, so just copying the function offset to another place and jumping to there and back wont work? Lets start copying all functions to the bottom =P

 

[Lambda]

Ty Lambda, so just copying the function offset to another place and jumping to there and back wont work? Lets start copying all functions to the bottom =P

dont jump to the function, because its useless since the original hack funcion will work, you must delete the "original" function and fix all the calls of the function to point to the new address


for example

CALL GiveMe12389132HP


function GiveMe12389132HP
mov eax, 12389132

you need to delete the function GiveMe12389132HP and copy it to a new location, so the new code will look like..



CALL NewGiveMeHP

function GiveMe12389132HP
[insert here a bunch of nops]

function NewGiveMeHP
mov eax, 100

 

[cerealnp]

Ok, really thanks for the help s2

 

[WhiteMoga]

A quick recommendation for doing so in Olly is to get all the references to the function is to highlight the first line of the function and hit Ctrl-R

In case you didn't know.

 

[cerealnp]

Yeah, i already discovered that, btw i tought it was just displaying the first line's call, not the entire funcion =P. Thx

 

[WhiteMoga]

It basically displays every line that references the line you select, and seeing as it is a function/method, you start with the first line, you really don't have to be concerned with any lines inside of it, as they generally wont be referenced.