Find out what writes to this address - memory

How to locate the assembly code that change the specific memory address?
For example:
Now:
ADDRESS VALUE
0x730b54 1000
Then the value changed:
ADDRESS VALUE
0x730b54 6000
I want know the assembly code that modified the value of this piece of memory. Could I do that?
Just like Cheat Engine's "Find out what writes to this address".

The usual way would be with a debugger, set to break on writes to the address.
If you want something to do that monitoring and nothing else, it's possible, but the code is highly platform specific, so you'd need to tell us the platform you want to develop for before anybody can give much help.
I'd also note that even if the code you're monitoring is written in assembly language, there's no particular reason to write the monitoring code in assembly. Something like C or C++ works quite nicely for the task, although it does help (a lot) to have a fair amount of knowledge at the assembly language level. Even though you retrieve then in structs so C can use them, you still end up directly modifying the registers of the target process to debug it.

Related

how I can translate changes made in Cheat Engine into my game.exe

I have a game I am looking to modify a bit by altering the exe code, something I have a little bit of experience with (low level hacking HEX only as I do not have source code of game).
I found a trainer that writes into the game.exe memory to do things like increase health, money etc. The trainer itself can do many things, one of which is preventing enemies from dropping loot once they are killed. This is the function that I wish to embed in the game.exe.
I have found the address of this function in Cheat Engine and have successfully written new data into memory to prevent the look drops. Now my task is how to make this permanent in the game.exe?
Does anyone know how I can translate the changes I make in Cheat Engine into my game.exe so that I no longer need a trainer to make the changes?
Cheat engine does not, as far as I'm aware, have the capability to permanently patch the .exe file. To do this you will want to use OllyDbg which does allow it.
You have already found the address's you need in CE and you can use these in OllyDbg to go right to where you need to change stuff.

What does pwn mean in server exploitation (in CTFs)?

Pwn - I know that this is a category in CTFs in which you exploit a server to find the flag.
there is a library called pwntools, it's a CTF framework and exploit development library in python.
What I can't understand is why is it called "PWN" and is it an abbreviation?
pwn is also owning/dominating someone, but does this definition fit?
Thanks for helping ^^
It is litereally just that. Owning the server. You're looking to far into it and forgetting the background in which this culture has risen.
In the context of internet/hacking slang, it indeed means that your server (or data or anything else) has been taken over control, that you "lost the game".
I think this is an abbreviation from "pawned", from the verb "to pawn", used in games, though I can't find a reliable and authoritative source for it (same as current wiktionary word article is stating).
I feel like it has roots in the chess game (where you used pieces called "pawns").
It sounds like "owned" and "punched". It might also be some invented word.

Analyzing code path in Objective C a la TraceGL?

TraceGL is a pretty neat project that allows JS programmers to trace code paths in Javascript. It looks something like this:
I'd like to build something similar for Objective C. I know the runtime has made it rather easy to trace method calls, but how would I trace control flow? For example, in the screenshot above, code paths not executed are made obvious with a red highlight. What would be the best way to achieve something similar in an Objective C/Xcode workflow?
The best I've come up with so far is to write a preprocessor that injects code into temporary source files before sending them to the compiler. Anyone have a better idea?
I guess the visualizer for issues found by Xcode's static analyzer comes pretty close to this - albeit this one will only give you the call path for a particular issue like a memory leak.
Try "Product > Analyze" in Xcode, select any of the issues found on any given project and click on the blue arrow in the code editor to see for yourself.
Not exactly answer for Objective C and XCode.
For C++ code there is a industrial quality code coverage tool BullseyeCoverage
Function coverage gives you a quick overview and condition/decision coverage gives you high precision
Works with everything you can write in C++ and C, including system-level and kernel mode
If you want to invent/write this kind of tool yourself I'd recommend to take a look at (evaluate) some existing tools that solve the same task so that you don't miss a key functionality
There are basically 2 categories of such tools
working at binary level, instrument byte code, library entry points etc.
working at source level, instrument source code before going to the compiler
The purpose of the instrumentation is to insert into the code calls to a profiling runtime that collects the runtime statistics for further processing.
Basic calls
timestamp, thread id, source code address, entering
timestamp, thread id, source code address, leaving
The source code address depends on the granularity you are interesetd in. It can be a function name ot it can be a source file and line number.
Collected performance data can be quite huge so they are usually summed-up and whole callstacks are not captured. It is usually sufficient level of detail for detecting performance bottlenecks.
Another drawback is that capturing detailed performance data especially in code points with many hits will slow the application significantly.
If you want complete history then capture the full trace including timestamps and thread-ids and you will be able to recreate the call stacks later knowing that each enter has corresponding leave.
To guarantee this pairing the code instrumentation must insert exception handling calls to make sure that exit point will be logged even if the function throws an exception (what is the "exception" and how to try-finally it dependes on the language and the OS platform).
To get all necessary tricks and tips evaluate some tools and take a look at their instrumentation style.
BTW: in general it is quite a lot of work to do and to get right I'd personally thought twice or more times about what will be the outcome and what will be the costs.
As a want-to-play-with topic I fully recommend that. I created such a tool for troubleshooting Java MIDP applications working at C++ source level and Java binary level and it was helpful at the time when we needed it.

How to capture keystrokes?

I'd like to make a simple Erlang console game. I need to control my "car" in that game by key strokes - key up or W key. Is there any way to do that? I read that wx library has such capability but I'm looking for something simple and in my opinion wx library is overkill. I want to grab an event not the character from stdin.
EDIT:
Ok, I've choosen ncurses and cecho as a Erlang library for that.
I know only 2 way to do this: gs and wx.
gs is a bit simpler but the first line of the documentation is a warning telling that gs is not recommended for new application, use wx instead :o)
wx isn't so complex, but its documentation is really poor, and simply refers to wxWidget one. at least there are some demo (demo, sudoku, xrc...) that helps to start to build something. And once you succeed to have your first panels and sizers working, it is really simple to get the key stroke or mouse events an react on them. My main difficulty was in displaying graphical things fast and smooth enough even if at the end it is only a few lines of code (a few 10s).
finally, the erlang console is meant to evaluate erlang expression, so there is no chance that you can capture simple event and control the display in that environment (at a reasonable effort at least).
You can try study kernel's modules group and user_drv but they both has undocumented interface and can be subject of change in any future Erlang/OPT version. You can also made your own driver or NIF to handle termios settings and make your own implementation.
BTW I would definitely stick with wx.

How to program the TI TMS320C674x real-time clock using C

Intense googeling failed to turn out a single decent example of how to program the RTC.
all I could find were examples for the C5000/4000 models, which seems work differently as I was unable to locate any of the header files required to get the sample code to compile.
the closest I got was finding the RTC user manual, but it's no help at all on the subject of actually programming the real time clock using C
I'd appreciate to no end a working example or a pointer to where such an example exists
I'm assuming you are using TI's DSP/BIOS, as this seems to be the most common manner in which the C6000 family of DSPs are used. The DSP/BIOS operating system provides a number of APIs for interfacing with the real time clock (the CLK module). These APIs abstract away the registers and other low-level details of the RTC as described in the RTC user manual. This is generally the simplest way to use the clock as it avoids the need to manually "program" it.
See the CLK section in the API reference.

Resources