Luigi Auriemma

aluigi.org (ARCHIVE-ONLY FORUM!)
It is currently 19 Jul 2012 18:38

All times are UTC [ DST ]





Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 20 posts ] 
Author Message
 Post subject: olly - memory overrun error while attaching to re5 game
PostPosted: 19 Sep 2009 04:45 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
first, it is not olly's fault, game crashes and it is not only with olly. first i tried to use Tsearch's autohack (debugger) and game crashed with memory overrun error.

now i tried to attach olly, but same happens when i attach it and run it. is there any way to fix this and get olly working with re5 ? (resident evil 5).
something tells me that Luigi knows what this memory overrun means exactly :)

i would try to open file directly, but re5 uses launcher so .exe cannot be launched directly and it also uses this retarded 'games for windows live' (it takes 1-3 minutes to get into game because of it)


Attachments:
err08.JPG
err08.JPG [ 7.65 KiB | Viewed 7779 times ]
Top
 Profile  
 
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 19 Sep 2009 09:55 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
it smells of anti-debugging


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 19 Sep 2009 12:56 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
yes it is, so now the question is. how do i remove it ?
it's "isdebuggerpresent". i tried to fill it with nops, but then i got some wierd "E_FAIL" blabla (screenshot below).
i tried to use olly's hide addons, but then it stucks and tells me to use shift+F7/F8/F9, when i do, then nothing seem to be happening and after i press shift+F9 for like 5 times it crashes out.


Attachments:
msn_screenshot_260.jpg
msn_screenshot_260.jpg [ 7.93 KiB | Viewed 7749 times ]
Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 20 Sep 2009 07:23 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
update on it. i got it as far that it doesn't crash instantly anymore. i used phant0m plugin for olly, but problem is that when i attach it, then it pauses and tells me to use shift+F7/F8/F9 again. so i press shift+F9 and it continues for few seconds..and then pauses again.

in olly it says that some access violation and when i press shift+F9 it says that something was ignored in kernel32.dll. i tought that if i do this every time it pauses, then finally it has nothing left there and runs normally, but when i tried to load into gameplay, it just terminated the process without any message. olly just said "process terminated. exit code 8000FFFF (-2147418113.)"

Luigi you seem to be only hope, because i can't even find a bit about this problem in google or anywhere else :(


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 20 Sep 2009 10:28 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
I don't have much suggestions at the moment.


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 21 Sep 2009 17:42 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
well i managed to get the info i needed, but as you may have noticed today, you told me to use olly to replace values, but its problem, cuz it terminates the program or crashes. do you know a way to remove "isdebuggerpresent" from game.exe ?


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 22 Sep 2009 08:09 

Joined: 14 Aug 2007 11:17
Posts: 24
Sethioz, maybe the problem it's not strictly related to patching IsDebuggerPresent, but maybe it's related to a sort of a memory integrity protection... try to check..


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 22 Sep 2009 16:54 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
honostly i don't have much idea what is "memory integrity protection"
i assume its something like a check that checks if memory is changed / tampered with.

re5 indeed is very annoying to debug. for example all the public trainers will crash the game. makes me wonder..what are those ppl totally idiot ?!! they never even checked if trainer works or not.
they dont crash game instantly, but after while. for example if trainer freezes your ammo, then game will crash in the point where ammo should run out (not always at same place, sometimes it takes longer, but in 5 mins it will crash one way or other).
however when i changed my ammo to 99999 manually (without tampering with breakpoints and debugging), it never crashed.

so most likely re5 does have some kind of memory checks, but those crashes does not occur instantly, unlike debugger. as soon as i attach debugger it crashes. or as i explained that with phant0m it kind a runs, but very faulty and still lot of problems.

any details about checking it ?
or i should ask..what if it does have memory integrity protection ? how should i bypass it ?


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 22 Sep 2009 18:16 

Joined: 22 Sep 2009 18:03
Posts: 1
Hi,

I have been watching this post for the past two days to see if anyone has come up with anything new.

I am currently having the same exact issues as you are.

No released trainers work for me as well, they work for the first couple minutes, but than the game crashes.

Also, attaching olly causes the game to crash and gives the 'err08: memory overrun' message.

It has been suggested to search for an array of bytes where the xlive functions start, and to replace them with a retn 0c.

Quote:
Quoted from Psych on the gamehacking.com forums:::
Here is the signature pattern which has been present since the earliest versions of xlive (gears of war and earlier):
8B EC 83 EC 20 53 56 57 8D 45 E0 33 F6 50 FF 75 0C 8B F9

This will land you at the start of the memory checking routine. One way to bypass is to make the routine retn without carrying anything out. So yes, a retn 0c, will do. It's worth noting however, that this doesn't 'bypass' or 'disable' xlive, it merely prevents it's memory integrity scanning from taking place, and thus stopping the crashing when altering gamecode.

If this is been spread around, at least give credits for god sake. It's easy to rip a memory patch from a release; it's much harder to actually spend the time tracking the function down. Don't believe me? Why not ask Caliber where he got this from? I'm fine with it. I shared it when I could have kept it quiet (albeit not with many people). You might want to make this fact known over at CH or wherever else you and/or H4x0r are posting this. Other trainer makers might as well know about this now, seen as though ripping bastards like him have got it.


I have also tried this method to disable the memory overrun and to get olly working but this fails as well.

If anyone has any better idea's i would really appreciate them.


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 23 Sep 2009 23:55 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
I don't think it works. he mentioned "H4x0r" who is trainer maker. he have made trainer for re5 too, which does not work. so obviously H4x0r knows about this method, but he still did not manage to get trainer working...what an idiots.

however i will give it a try, but what on earth is "retn 0c" ?
how can i replace "8B EC 83 EC 20 53 56 57 8D 45 E0 33 F6 50 FF 75 0C 8B F9" with "retn 0c" ?
however this still does not solve the "isdebuggerpresent" issue, but it should let you use trainers. i remember that i did got xlive error once, i think it was when i tried to remove "isdebuggerpresent".
well as i said, olly + phant0m plugin will do the job, i was able to get the necessary breakpoints after few tries and thats all i needed, so i can call phant0m a sucess.




offtopic - if somebody is interested in re5 hacks and trainer, then i have working trainer (with ammo and infinite time on merc mode) + my own exclusive weapon hacks (getting any weapon anywhere, yes even flamethrower and ltd ..etc). so for ppl who are interested in re5 hacks > Resident Evil 5 hacks & stuff
i dont think you find that anywhere else, enjoy


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 24 Sep 2009 17:24 

Joined: 14 Aug 2007 11:17
Posts: 24
yo Sethioz,
Quote:
however i will give it a try, but what on earth is "retn 0c" ?

it means to return and cleanup the stack, in this case you want to cleanup 0x0C bytes.
Quote:
how can i replace "8B EC 83 EC 20 53 56 57 8D 45 E0 33 F6 50 FF 75 0C 8B F9" with "retn 0c" ?

you don't have to replace anything, this is a pattern that leads you to the function you are looking for. Once you have found this function, you have to patch it with the return instruction above.


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 25 Sep 2009 13:07 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
damn those donkeys are not making any sense. they post one bit of code and think it makes them smart doh. im so confused right now. i have always used "ret" for return, not "retn" ..uhm ?!

so i search for that signature and once i find it, then beginning of that signature is the offset i have to replace ?
im also lost..should i open .exe with olly and search it there ??
well i did that in olly.
open re5dx9.exe, then on bottom window (hex view) i right click and "search for > binary string" then i pasted that hex string in the hex field, but nothing happens when i search. either its not there or im doing it wrong. ill try with tsearch during game run.


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 25 Sep 2009 14:37 

Joined: 13 Aug 2007 21:44
Posts: 4068
Location: http://aluigi.org
sethioz if you have doubts about a sequence of bytes just put it in a new file and open it with a disassembler or place those bytes in the memory with the debugger so that it disassembles them automatically.

the "ret BYTES" instruction is used in the __stdcall (used by Microsoft as default, so also any program compiled with VC++) calling convention (and possibly others).
practically in the __cdecl convention the caller has the control of the stack pointer so if the function required 3 arguments it does "push/push/push/call/add esp, 0c" while in the __stdcall one this operation is performed by the called function so the caller doesn't perform the "add esp, 0c" instruction because it's already done by "retn 0c"

this should clarify the difference between the 2 "ret"


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 25 Sep 2009 16:11 

Joined: 14 Aug 2007 11:17
Posts: 24
yo Sethioz,
Quote:
so i search for that signature and once i find it, then beginning of that signature is the offset i have to replace ?
im also lost..should i open .exe with olly and search it there ??
well i did that in olly.
open re5dx9.exe, then on bottom window (hex view) i right click and "search for > binary string" then i pasted that hex string in the hex field, but nothing happens when i search. either its not there or im doing it wrong.
I just wrote down a little tool that may be useful for your problem, take a look here: http://www.inreverse.net/?p=226.

Hope it may help.


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 25 Sep 2009 16:12 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
i searched that hex string in game's memory (when it was running) and it seems it occurs 3 times.
how would i find it with olly, when i open re5dx9.exe (not attach, but open it as file).
as i said before i tried that search, but nothing happend.
i understand about ret and retn now, but problem is that i still don't know what exactly i need to do in olly to replace it.


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 25 Sep 2009 18:26 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
with Luigi's help i replaced that hex string, but what i understood wrong at first, the hex string is not in re5dx9.exe, but it is in xlive.dll (in windows/system32). however when replaced, re5 did not even start and gave the following error "E_FAIL : XLiveInitialize(&xii)"
so much of those 'geniuses', somehow i knew it doesn't work.
before when i tried to remove "isdebuggerpresent" and nopped the function, i got same error.


Attachments:
msn_screenshot_272.jpg
msn_screenshot_272.jpg [ 11.31 KiB | Viewed 7255 times ]
Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 26 Sep 2009 12:13 

Joined: 14 Aug 2007 11:17
Posts: 24
Quote:
with Luigi's help i replaced that hex string, but what i understood wrong at first, the hex string is not in re5dx9.exe, but it is in xlive.dll (in windows/system32). however when replaced, re5 did not even start and gave the following error "E_FAIL : XLiveInitialize(&xii)"
the problem now may be a little bit different, take a look here.


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 26 Sep 2009 13:11 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
with all respect, they are complete idiots who have some firewall and net problems or common retarded vista problems.
remember that my game ran just fine before i replaced that string in xlive.dll
after i put my backup xlive.dll back in there, it runs fine again. so problem is in xlive.dll, not some firewall or vista shit-up


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 26 Sep 2009 14:43 

Joined: 14 Aug 2007 11:17
Posts: 24
Quote:
remember that my game ran just fine before i replaced that string in xlive.dll
after i put my backup xlive.dll back in there, it runs fine again.
If you patch well you can assume that there is also some integrity check on the dll itself.


Top
 Profile  
 
 Post subject: Re: olly - memory overrun error while attaching to re5 game
PostPosted: 26 Sep 2009 18:16 

Joined: 24 Sep 2007 02:12
Posts: 1114
Location: http://sethioz.co.uk
Quote:
If you patch well you can assume that there is also some integrity check on the dll itself.

then what is the whole point of it in first place ??? damn, ppl should stop confusing if you dont know how to bypass the check or get debugger working.
im totally lost, what possible use that replacement can have, if it still does not work.


Top
 Profile  
 
Display posts from previous:  Sort by  
Forum locked This topic is locked, you cannot edit posts or make further replies.  [ 20 posts ] 

All times are UTC [ DST ]


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for: