DMA = Dynamic Memory Allocation.

All this time people have been trying to figure out ways of getting around DMA, but is it possible to actually go into the code and remove the instructions that cause the DMA? (just fill the DMA initializing code with nops).

In other words, I don't think that DMA "just happens out of the blue" it has to be a part of the actual code, there must be some code that tells the program to "use DMA", this is what needs to be removed and/or changed.

Essentially you would be castrating the program's ability to use DMA.

What is the feasibility of doing this?

Thanks

Since most programs require it to function, the feasibility is very low, and in some cases, impossible.

Take for example a program that allocates 100 blocks of memory of 10kb in size each. These are dynamically allocated (as you describe). If you disable the programs ability to create these blocks, it needs to store them somewhere else, and the only other place is within the section table entry so that the pe loader will allocate and initialise them for you on program load. Much less efficient and uses much more memory than necessary as they are there all the time rather than only when needed.

Personally however, I think you are confused and need to learn more of WHY programs use it.

If this question however was a piss-take (hard to tell), then I admit I've biten the back end of the horse.

Then I guess the only way to get around DMA is to create a memory map, becuase (I think) the location of values in memory always stay relative to eachother even when the program is restarted.

So, say you wanted to always read a specific value even when the game was restarted how would you do it? Would you use a known pointer and then go from there?

Well, if I haven't misunderstood you completely, it's about as easy as any other large scale modification of a program.

Certainly theoretically possible, but most likely very tedious and prone for mistakes.

You would have to locate all calls to dynamic memory operations (like allocations and deallocations) in the entire program, and replace them with your own code. This code would in turn practically have to be a complete dynamic memory system that operates on a "heap" that is based on a static buffer. This static buffer would in turn have to be allocated by you, probably by adding or modifying a section in the PE-file if you want to be completely free from external dynamic memory operations.

Do you have any programming experience with dynamic memory handling? Your post indicates that you might not have grasped the concept of dynamic memory allocation completely, but maybe I just don't understand what you mean. Please be a little more specific about what you want to accomplish, and more to the point why you want to do it, and I will hopefully be able understand (and help) you better.

dELTA

Well, really I am more of a noob that is just asking "far out" questions. (hey it's the newbie forum!)

Well if one can't easily remove DMA, then perhaps you could learn how it works in terms of being able to predict how it is going to allocate memory. Is there any system that DMA uses to decide how it is going to allocate memory? Or is it all random?

Practically all dynamic memory systems use deterministic algorithms, but due to many reasons it is practically impossible to predict where a certain memory block will be allocated anyway.

The best thing would probably be to hook the allocation function, check if the caller is the one you're looking for, and in that case save the return value of the allocation function (the pointer to to the block). For this you would only need to know where the alloc function is called in the program, and it will the work fine.

But again, please explain what you are trying to accomplish, and why. It might very well exist a much easier way to do it.

dELTA

Well basically it is just to create a game trainer that can always read a specific value such as "number of bullets" even when the game is restarted (DMA). However, I want to find a way of doing this without having to actually change any of the game code. Otherwise I would just store the value at the pointer into an empty address and then read that.

I know it doesn't really sound that exciting, but it is something I have been trying to do.

If you are trying to track down "NumberOfLivesLeft" for example in some game, which would work no matter how many times you restarted, what you would normally do is lookup the process to find out where it's currently sitting in memory. Then find out where it stores all the pointers to it's allocated memory, and then look into those places for your data and modify it. Any process that allocated memory has to store the pointer somewhere, and whilst it's true that this pointer could be in further allocations, those have to be stored somewhere too, and the end result is that one of them will be in the programs data segment which will be a simple offset from the VA start address, and can be found quite easily. You can then traverse through the programs internal tables and eventually find the data your looking for.

Well, actually, the "final pointer" could also be a local variable of a function (hence located on the stack, possible not on the same address each time), but the probability is relatively high that you will be able to trace it all the way to the data section anyway.

Also, for a bit more hands-on advice about how to do this:

1.
Search for the value in memory with your favorite game-trainer-utility.

2.
Put a read-breakpoint on this value's location.

3.
When the breakpoint goes off, note the address of the code that references it.

4.
Disassemble the executable containing this code in e.g. IDA, and analyze the code all the way back to the "final pointer". There might be more dynamic steps in the pointer chain which might require you to repeat this process several times before reaching the final location though.

dELTA

OK try here,

hxxp://sheeprec.cjb.net/

theres a tutorial on DMA.

Sheep knows his stuff and is pretty damned helpful, if you can track him down

Kilby...

(Can I have my money now sheep ?)

BTW

I recomend reading up on malloc, and also how sections in PE files work.

Regards,

Kilby...