Thread: Nop's

  1. #16
    Registered User
    Join Date
    Jul 2007
    Quote Originally Posted by matsp View Post
    If you mean "how do you replace an existing bit of code with a jump that does the overwritten code wher the jump lands", then it's pretty simple - of course, you DO need to find a space to store the code you jump to.

    There are several ways to find some place for the code:
    - allocate some more memory with execute privileges by the Win32 API -
    - by replacing some "Unused code", e.g. some error handling code that only happens when the application does something unusual, like running out of memory or dividing by zero or some such that doesn't happen under normal operaiton - there's usually "unused" code in any application -
    - if nothing else, overwriting the "exit-code" that leaves the application is always an option - it may not be able to exit nicely any longer, but who cares...

    No, I haven't done exactly this sort of hacking, but I have replaced code in executables/binaries for professional reasons at work - and there's USUALLY some place to put the code even in a fixed size binary.

    So, once we've found a target code and some place to put our "extra" code, we do:

    - insert a "jmp my_code" in place of some other instruction(s).
    - add those "other instructions" at the beginning or end of "my_code",
    - my code also does whatever it is that I wanted to do that wasn't in the original code, say increase my points in the game by 100 every time the letter K is pressed, or add more lifes to my player when I press "&", etc, etc.
    - jump back to just after the "jmp my_code", making sure this is a valid instruction.

    I ment making the checksum from the codebase..

  2. #17
    Kernel hacker
    Join Date
    Jul 2007
    Farncombe, Surrey, England
    Quote Originally Posted by Bubba View Post
    The prefix is not a NOP.

    I have a very hard time believing NOPs are used for inserting hacks into games. There are much more elegant ways that do not mess with the core source code being ran. However as the discussion of these methods most certainly does not fall within the guidelines of this forum I will not discuss them.

    But all this sounds very suspect right from the word "go".
    I think it's quite feasible to overwrite NOPs in code to insert other code, but there are certainly plenty of other methods for subverting code in an application. Overwriting parts of it with NOP's would be another possibility.

    0x66 is a prefix in x86, which toggles 16/32-bit registers.

    The two bytes of 0x66 0x90 is a NOP (exactly, it is "xchg ax, ax" in 32-bit, and "xchg eax,eax" if you execute in 16-bit mode - but since xchg doesn't actually do "anything" when both sides are the same register, it's a "NOP", and someone at Intel in the late 70's/early 80's decided that "NOP" should be the opcode of "xchg ax,ax". Multiple 0x66 prefix are also supported by the processor, as long as the total number of bytes is less than 15.

    I agree, there's many other ways you could manipulate what the code in a game does, without inserting or removing NOP instructions.

    Last edited by matsp; 07-30-2007 at 04:18 AM.

Popular pages Recent additions subscribe to a feed

Similar Threads

  1. prog runs on 64bit - seg faults on 32bit
    By hollie in forum C Programming
    Replies: 13
    Last Post: 12-08-2006, 01:59 AM