jeremy
July 9th, 2006, 10:45
if im right it lets the program stop when memory is used or accessed
is there an simulare command in ollydbg ?
and how to use it on winxp?
is there an simulare command in ollydbg ?
and how to use it on winxp?
View Full Version : hmemcpy
naides
July 9th, 2006, 11:20
Quote:
| [Originally Posted by jeremy]if im right it lets the program stop when memory is used or accessed NO. IT DOES NOT is there an simulare command in ollydbg ? NO and how to use it on winxp? YOU CANNOT, ONLY WITH WIN95 WIN98 |
Save yourself a lot of grief.
Read the FAQ.
Read up to date tutorials
Read Sites linked below.
For History sake
I am going to respond:
Hmemcpy was a 16 bit "Native" API, used in win 95 and 98 systems, which were 16-32 hybrid.
Its original intent was to implement (H)uge (Mem) copy (cpy), taking advantage of native asm instructions used to quickly mass copy big segments of memory using the DMA features introduced into the 286 processor.
It became popular among crakers of yesteryears, I among them, because it got invoked by most windows API that would capture imput from a buffer in a text window (the serial), and store it into a buffer that was passed to the API as a parameter. . . This was a "Universal" method to track serial and password analysis and validation
Needless to say, for multiple reasons, this trick is quite outdated, hardly ever works these days.
Narvaja proposed a method to implement a Hmemcpy-like functionality within ollydbg, which suppossedly works in newer, XP like systems.
I most confess I have not found it very useful.
It has been translated to English, You may search for it.
Silkut
July 9th, 2006, 11:24
I thought it was only possible to use it with win98 ? Anyway you can use it with softice but not olly imo. You can use softice on winxp but you need a special manipulation described in the faq.
Did you search the web to know more ? There is ton of info.
EDIT: woop gre-naides was too fast =)
Did you search the web to know more ? There is ton of info.
EDIT: woop gre-naides was too fast =)
fighter_81
July 21st, 2006, 08:19
in winxp sp2 and with softice you can break on EditWndProc+566 that's the same thing of HMEMCPY, i use that every time and it works for me
Dj_Oggy
August 10th, 2006, 14:53
Ollyplugin puntos magicos.He can place BP on VB5-6 and normal program.After activating you can in BP manager (alt+b) found correct bytes sequence.
concretly is this adress in user32.dll
77D4CA9E F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[es>
concretly is this adress in user32.dll
77D4CA9E F3:A5 rep movs dword ptr es:[edi],dword ptr ds:[es>
SiGiNT
August 11th, 2006, 16:21
For Delphi apps this does essentially the same thing, (as discussed in another thred here, just searching for HMEMCPY should have found it),
bp EditWndProc+566
SiGiNT
bp EditWndProc+566
SiGiNT
WaSt3d_ByTes
August 22nd, 2006, 19:43
It is called point-h.It is different in every machine but there are tools that you can find it. I am sure that lena151 have used it too in one of her tutorials.
Powered by vBulletin® Version 4.2.2 Copyright © 2018 vBulletin Solutions, Inc. All rights reserved.