Hello,
I'm here for some time now and I have decided to start learning things instead of asking for offsets or stuff.
I have found a very good topic on GD forums "How to find stuff" How to find stuff - Game Deception - Forums by bobbysing.
Today I have decided to take the time to make a short tutorial with my level of knowledge speaking about how to find something with IDA.
For those who knows IDA this thread will talk about the String window and how to read subs.
Most of you already know the things I'm going to explain but this thread is mostly for all of the users that are/was like me, searching for things here and not doing by there own.
It is my contribution to 'wraithZX' alert about peoples here.
Quote from wraithZX (http://www.mmowned.com/forums/wow-me...ml#post1687462)
So here we go, what you need is :
- Ida Pro (IDA Pro Disassembler - multi-processor, windows hosted disassembler and debugger)
- Hex-Rays (Hex-Rays Decompiler) <- facultative
- wow.exe .. 3.2.2 here
Step 1 - Opening "wow.exe" with IDA.
First thing is to open 'ida pro', do not forget to run as administrator if you're using windows vista or seven.
We'll have to open wow with IDA to tell ida that we want to disassemble the file to start searching for stuff.
Here you just have to click "File..Open.." select the binary 'wow.exe' and Open.
If you've got a popup after clicking Open, select Portable Executable File (PE).
It takes a certain time for ida to disassemble the binary, so go take a cup of coffee and wait.
Step 2 - The strings window.
So at this point you should have an IDA pro opened with an analyzed wow.exe. What we want is search for something, at this point the easiest way to find something with our poor knowledge is looking at the 'Strings Window'.
- Hit "Shift + F12", wait a moment. This will generate what we call strings.
We will use that window to search for something.
So what you'll do is locate the string "GetMinimapZoneText"
- Hit "Alt + T" type "GetMinimapZoneText".
- Ctrl + T if you want to move to the next occurrence.
You should obtain something like this.
Step 3 - Where is dA c0d3 ?.
Well double click the "GetMinimapZoneText" line, this will bring you to the ida "View-A" of the code.
To access the sub view of the code you will have to click on the .data address.
Step 4 - Show me dA c0d3 !!.
So know you have your IDA pointing on "GetMinimapZoneText" the .data:address.
To view the asm code and start working by your own you will have to click on the "sub_ADDRESS".
Step 5 - What now ?!?.
Well in the View-A of IDA you have the ASM code representing our function.
You have to start reversing by your own now. In this example with have our "GetMinimapZoneText" function located at 0x113D778. I have the "Hex-Rays" plug-in so hitting "F5" show me the pseudocode C.
And finally in C# :
string minimapZoneText = SMemory.ReadASCIIString(mp.WindowHandle, SMemory.ReadUInt(mp.WindowHandle,0x113D778), 30);
Console.WriteLine("GetMinimapZoneText : " + minimapZoneText);I'm pretty sure this thread is not perfect, feel free to edit / discuss / comment.
Special thanks :
Apoc (because it's an awesome guy)
kynox (his blog / work is also awesome)
Cypher (love the blog)
wraithZX
unkn0wn0x (because i'm sure the Aion bot is going to be good)
0 comentarios:
Publicar un comentario