I'm fairly new to reverse engineering, but I have been practicing and been successful with many things but I have come stumped on finding a check-sum that is shutting down my app when memory in a certain area is modified.

Basically as soon as I modify it, everything shuts down. It doesn't give any message, any error logs or any hint leading me to its location. Ive been using ollydbd 1.1 and 2.0 simultaneously to run hit trace, run trace, and try to isolate what is happening after the memory modification but cant find it.

Any tips how I might go about finding it? This is for some very old 1996 video game I am trying to goof with for learning purposes or giggles, but not sure how to find this thing. Any tips would be appreciated.

set breakpoints on ExitProcess and TerminateProcess and look at the stack-trace when they're called

I've had that idea and tried to but had no success, i believe this might be due to my lack in knowledge in finding these things. Ive been able to stop a different checksum in the program because it had a message linked to it. So I searched the whole program for similar procedures and found 8, put a hit trace on all of them, then modified the memory. It shut down with nothing on the log.

So how would I identify those procedures? And is "stack-trace" the same as run trace?

How do I find an Exitprocess or TerminateProcess?

Better idea, put a reading hardware breakpoint on the byte you modify, and wait for it to hit.

Thanks so much your idea worked perfect 100%