iCali Posted July 4, 2011 Share Posted July 4, 2011 Just a quick question. How do you go by obtaining offsets from an address. I use TSearch and OllyDbg. Help would be appreciated. (I'm looking for the byte that looks like 0x14, 0x04, 0x0C and stuff like that). ~ iCali Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 4, 2011 Share Posted July 4, 2011 you need to be a little bit more descriptive. What you are trying to do and so on... Quote Link to comment Share on other sites More sharing options...
Jason Cooper Posted July 4, 2011 Share Posted July 4, 2011 Just a quick question. How do you go by obtaining offsets from an address. I use TSearch and OllyDbg. Help would be appreciated. (I'm looking for the byte that looks like 0x14, 0x04, 0x0C and stuff like that). ~ iCali It isn't hard to calculate an offset. Take the final address value and subtract the original address value and there you have your offset. e.g. 0x0100 a 0x0101 b . . . 0x0105 f 0x0106 g To find the offset to g from a take 0x0106 and subtract 0x0100 which gives you an offset of 0x0006. Quote Link to comment Share on other sites More sharing options...
iCali Posted July 6, 2011 Author Share Posted July 6, 2011 It isn't hard to calculate an offset. Take the final address value and subtract the original address value and there you have your offset. e.g. 0x0100 a 0x0101 b . . . 0x0105 f 0x0106 g To find the offset to g from a take 0x0106 and subtract 0x0100 which gives you an offset of 0x0006. Thanks for the help but it's not like that. I'm using it to read memory from a program to send back information if a circumstance is met. like $Health = _MemoryRead($ADDR_Health, $PROCESS_INFO) if ($Health < $HEAL_Health) Then ... so basically that one would be a start to an auto healer. If you haven't figured this out, I'm working on autos. ~iCali Quote Link to comment Share on other sites More sharing options...
iCali Posted July 6, 2011 Author Share Posted July 6, 2011 you need to be a little bit more descriptive. What you are trying to do and so on... I'm looking for basically how to find the offset from where the programs memory is stored. I know it's dynamic, but I've taken that into account in the code. So basically, I need a way to find the offset "0xFF" from an address "FFFFFFFF" using a debugger (I use OllyDbg because it was recommended to me, if you have a better recommendation, I would love to check it out :D) Quote Link to comment Share on other sites More sharing options...
Mr-Protocol Posted July 6, 2011 Share Posted July 6, 2011 For a buffer overflow exploit or something? Quote Link to comment Share on other sites More sharing options...
iCali Posted July 6, 2011 Author Share Posted July 6, 2011 For a buffer overflow exploit or something? Not really 'exploiting' but it would be more closer to the 'botting' category. Basically if $TARGET > 1 send("Attack Key") <--- obviously not code :D Quote Link to comment Share on other sites More sharing options...
digip Posted July 6, 2011 Share Posted July 6, 2011 I don't know anything about assembly, but sounds like you need to build an egg hunter. put something into an area that you can buffer overflow and check where it it, then work from there maybe. This is one of those times when I wish I took the offsec classes, cause Mati knows this stuff like the back of his hand. He speaks asm like a second language. Also, I think depending on the OS, such as XP, vs Vista, vs 7 and 32 vs 64 bit, its all going to be in different places, not to mention if the program uses ASLR it should be randomizing where its putting things in memory. The guys over at Corelan also have a lot of material on their site for this sort of thing - https://www.corelan.be/index.php/forum/ Quote Link to comment Share on other sites More sharing options...
iCali Posted July 6, 2011 Author Share Posted July 6, 2011 (edited) I don't know anything about assembly, but sounds like you need to build an egg hunter. put something into an area that you can buffer overflow and check where it it, then work from there maybe. This is one of those times when I wish I took the offsec classes, cause Mati knows this stuff like the back of his hand. He speaks asm like a second language. Also, I think depending on the OS, such as XP, vs Vista, vs 7 and 32 vs 64 bit, its all going to be in different places, not to mention if the program uses ASLR it should be randomizing where its putting things in memory. The guys over at Corelan also have a lot of material on their site for this sort of thing - https://www.corelan.be/index.php/forum/ I have the memory problem controlled, it uses the process information to help construct the offset, I'm just looking for the place the memory is stored, I already have it statically laid out. Where do you take classes for this kind of stuff? I can't seem to find any good tutorials online, and my High School offers no coding classes, I've had to teach myself, which I've also herd, leads to bad coding habits. - Edit - Just looked at that website, it looks like they are focusing on "exploits" what I'm doing isn't exploiting, I just want to use memory that you already have access to like "HP", "MP", "EXP", "Level" and use them to construct some basic form of AI to send button pushes. Edited July 6, 2011 by iCali Quote Link to comment Share on other sites More sharing options...
digip Posted July 6, 2011 Share Posted July 6, 2011 I have the memory problem controlled, it uses the process information to help construct the offset, I'm just looking for the place the memory is stored, I already have it statically laid out. Where do you take classes for this kind of stuff? I can't seem to find any good tutorials online, and my High School offers no coding classes, I've had to teach myself, which I've also herd, leads to bad coding habits. - Edit - Just looked at that website, it looks like they are focusing on "exploits" what I'm doing isn't exploiting, I just want to use memory that you already have access to like "HP", "MP", "EXP", "Level" and use them to construct some basic form of AI to send button pushes. I know you aren't developing exploits, but its essentially the same thing. Just exploits tend to do malicious things, and you are trying to just do another function that isn't malicious, which I think their site might help with getting down to that low level understanding of asm and how to access things in a debugger or such. As far as classes, Offensive Security teaches classes on a number of subjects. One of their classes, AWE (Advanced Windows Exploitation) covers using debuggers and such, which might come in handy, but its high level stuff, not for someone at an introductory level, but if you know programming and how to write shell scripts somewhat, that would be something to check out. Their cracking the perimeter class also goes over egghunting which is probably going to give you a better understanding of asm and using a debugger. I fail when it comes to using Olly, and know that I don't know enough, but if I wanted to dig into it, Corelan and Offsec would be the two places to study and learn from - http://www.offensive-security.com/ Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.