Code insertion tUTORiAL

Author: BlackB
Tools used: none
Difficulty (scale 1-5): 3
Target: Mad Max

Before starting!
This essay is for knowledge purposes only!!
Software developers spend much time in making their programs. They live from the money we give them!
Please buy good software!!
I. What is it?
The title of this essay stands for itself: inserting code into a program. It consists of: finding a suitable place, inserting the code, calling the inserting code, returning to the orginal program.
II. What is it used for?
Most of the time it’s used to add functionality to a program or to crack a packed program without unpacking it. You may wonder: “Why doing difficult code insertion when you can unpack the program and then crack it?”. Well, because most packed .exe files become quite big and it would take too much time (on slow connections) to upload/download the whole program, in comparison to a < 5 KB crack.
III. How does it work?
Imagine we have this packed program called packed.exe. You have found out that at offset 415000 there’s a registered-or-not-jump that has to be NOP-ed out. As the program is packed, it ‘s impossible to do that in a hex editor as you will just NOP out important, compressed data. Anyway, first of all we have to find empty space in the .exe file which we can use to add our own code. Just scroll around in a hex-editor and search for “00” or “90” as hex values. Please be warned that you don’t use empty space that is used to write unpacked code to. You may have to give it a few tries before you ‘ve found a suitable place to add your code. Okay, now before we let the program jump to our own inserted routine, the program gotta be fully unpacked. Therefore we have to find the end of the unpacking routine. (if you can’t find this, or you don’t know what i’m talking about, read Volatility’s essay on manually unpacking!). When you’ve found the end of the unpacking routine, you have to insert a jump to your inserted code. At the end of your inserted code: jump back. You can also put a call at the end of the unpacking routine and put a ‘ret’ at the end of your inserted code. Hmmmm, I can imagine that if you’re a beginner cracker this all can sound pretty confusing.
Try to follow this scheme:

[original code]
…end of unpacking routine…
push 401000
pop esi

[modified code]
…end of unpacking routine…
jmp 42000 ;jump to an empty location you’ve found (note that 42000 is a bogus value!)
pop esi
42000: push 401000 ;we used this instruction for our jump, so don’t forget to insert it here!
push eax ;push ALL registers you will use in your inserted code!!
mov al, 90 ;put the hex value for NOP in al
mov byte ptr [00415000], al ;clear out the registered-or-not-jump
mov byte ptr [00415001], al ;same here, for the second byte of the jump
pop eax
jmp back ;with ‘back’= the offset of the ‘pop esi’ instruction

That’s it!

IV. In the end
Voilà , this was the easy part. More difficult is finding the protection of the program! Because (don’t forget) you can’t use a disassembler. That way you’ll have to do everything with SoftICE. The best example I can give is my tutorial on ACDSee 3.0. Go and read it!



Essay written by The Blackbird © 1999-2000
This essay can be freely distributed/ published/ printed etc… as long as no modifications are made.

Site intro and MMORPG ranting

Hum, right then. How’s everyone doing? How am I you ask? Great! I haven’t had much to add to the news of the site since theres nothing really to post about except any updates I might have done to the site…which I did! 😛

I added a new intro to the site which I think looks pretty good…really fits into the name and I also added a bunch of tutorials and a new download…its a gamehacking patch for IDA which is worth checking out…has a mini tutorial inside it.

Also I do like to talk about something today…I don’t really rant about things…much…but lately this has been bothering me and it is online games (like muonline, conquer online, ragnarok) and cheaters!

To start off let me give a little background…I moderate forums on a few cheat sites ( cheat-core, xcheater and my own site ) lately I have seen an increase in idiots signing up for the forum and posting useless rambling with half-assed english posts about a few free MMORPG games requesting features like god mode, money hacks and what not. Not only that but they refuse to even find out if someone actually posted their question before so when I come back from work/study I will find the forums full with retards posting topics like “I FROM BRAZIL NED MUH HACKS” or “Hey i will pay you $300-$400.00 if you can make me this cheat” and the posts simply contain a bunch of random similes followed by their email address…and there’s literally rows of these topics which I have to clean everyday! What’s wrong with these morons? Are they this dumbfounded or do they simply lack grade 5 English skills to read something?

It doesn’t stop here though! Oh no!! Once you get idiots like this they, like magnets…will attract other idiots who think everyone on the net is a gullible fool and will download a file called muonlinehack.rar.exe and claiming “I tried this and i made over 200,000,000 in game money in one minute…its amazing!” or those people who say they are employees at the company that made the game and they will make some shitty yellow on red html page on geoshities or anglefire where they will ask you to enter your user/pass for the game and what you wanted added to your account…hello? Who the fuck are you kidding there bud. So in the name of humanity if you see someone post on how they need cheats for some online game do delete their post, submit their email to porn sites, abuse the little fuckers, report the post to a mod or the html page if they claim to be an employee of some game.

Long time no post

Yeah, I’ve been fairly busy now days and don’t have much time making trainers but I intend on keeping this site running and updated ;). The site will get a MAJOR upgrade when php5 comes out. Just to give you an idea I will be implementing some new features into the site including a SOAP services for people to show cast my tutorial/download archives on their web-site. Database will be stored in XML or SQLite instead of the current way I’m using and last but not least I will be adding support so you can browse .zip files interactively and download individual files from them.