PDA

View Full Version : Multiple StarCraft - Basic Reversing with OLLYDBG



LCS
05-31-2007, 12:00 AM
For this tutorial you will need StarCraft and the debugger OLLYDBG.
What we are going to acomplish in this tutorial is write a patched executable that will allow us to run multiple instances of StarCraft. This will teach you some basic reverse engineering skills and some basic functions of OLLYDBG.

Run OLLYDBG and go to the file menu and select Open.
http://www.bwhacks.com/forums/attachment.php?attachmentid=12161&stc=1&d=1222476414

Find StarCraft.exe in your StarCraft directory
http://www.bwhacks.com/forums/attachment.php?attachmentid=12162&stc=1&d=1222476414

Once you open StarCraft OLLYDBG will look like this
http://www.bwhacks.com/forums/attachment.php?attachmentid=12163&stc=1&d=1222476414

Right click -> Search for -> All refrenced text strings
http://www.bwhacks.com/forums/attachment.php?attachmentid=12164&stc=1&d=12224764147

A new window will open up, go to your window setting and tile your windows vertically so they look like this.
http://www.bwhacks.com/forums/attachment.php?attachmentid=12165&stc=1&d=1222476414

While looking though the list of all the refrenced text strings you will eventually run across this string saying "StarCraft Check For Other Instances"
http://www.bwhacks.com/forums/attachment.php?attachmentid=12166&stc=1&d=1222476414

Double Click that item and it will bring you to the line where that is used.
http://www.bwhacks.com/forums/attachment.php?attachmentid=12167&stc=1&d=1222476414

Select the four lines in the brackets and NOP them.
http://www.bwhacks.com/forums/attachment.php?attachmentid=12168&stc=1&d=1222476414

The lines will look like this after they are NOPed
http://www.bwhacks.com/forums/attachment.php?attachmentid=12169&stc=1&d=1222476414

Now right click the changes we made -> Copy to exicuatble -> Selection
http://www.bwhacks.com/forums/attachment.php?attachmentid=12170&stc=1&d=1222476414

A new window will come up, right click the selected changes in there -> Save to file.
http://www.bwhacks.com/forums/attachment.php?attachmentid=12171&stc=1&d=1222476414

Save your new patched version as Multiple StarCraft.exe
http://www.bwhacks.com/forums/attachment.php?attachmentid=12172&stc=1&d=1222476414

Run StarCraft.exe and Multiple StarCraft.exe
http://www.bwhacks.com/forums/attachment.php?attachmentid=12173&stc=1&d=1222476414

Success!
http://www.bwhacks.com/forums/attachment.php?attachmentid=12174&stc=1&d=1222476414

DSG
05-31-2007, 03:16 PM
LLGW!

p00onu
05-31-2007, 07:07 PM
Very nice LCS.

LCS
09-26-2008, 04:57 PM
Bump! I re-uploaded all of the images and fixed my first post because when the attachments broke a while back it pretty much made this tutorial useless, so today I decided to fix this up so it can be used. I hope someone actually uses this tutorial and learns something from it, shout out in here if you have any problems, questions, comments, feedback on the tutorial, but I think it is pretty straight forward. (I made it step by step so anyone can do it and learn about OLLYDBG / basic reversing / asm with out having to think too much)

LCSTest
11-12-2008, 03:19 PM
Test.

Maid
11-14-2008, 04:45 AM
well, I've tried to do this tutorial over and over again. but still shows no result. I've tried to start the to .exe separatly and at the same time. what have I done wrong? Oo

Lovely_Dictator
12-09-2008, 03:01 AM
Ye, it doesn't work anymore. Maybe it's patched.... Running Multisc.exe bring back the previous opened Sc.exe as it shoud be with original exe

hure
12-09-2008, 11:25 AM
you dont need to nop out that shizzle. just change the conditional jump:


004E0200 /$ 55 PUSH EBP
004E0201 |. 8BEC MOV EBP,ESP
004E0203 |. 51 PUSH ECX
004E0204 |. 68 C8F84F00 PUSH StarCraf.004FF8C8 ; /EventName = "Starcraft Check For Other Instances"
004E0209 |. 6A 00 PUSH 0 ; |InitiallySignaled = FALSE
004E020B |. 6A 00 PUSH 0 ; |ManualReset = FALSE
004E020D |. 6A 00 PUSH 0 ; |pSecurity = NULL
004E020F |. FF15 10E14F00 CALL DWORD PTR DS:[<&KERNEL32.CreateEventA>; \CreateEventA
004E0215 |. FF15 14E24F00 CALL DWORD PTR DS:[<&KERNEL32.GetLastError>; [GetLastError
004E021B |. 3D B7000000 CMP EAX,0B7

004E0220 /0F85 88000000 JNZ StarCraf.004E02AE

004E0226 |. 8B3D 0CE14F00 MOV EDI,DWORD PTR DS:[<&KERNEL32.Sleep>] ; kernel32.Sleep
004E022C |. 8B1D 48E34F00 MOV EBX,DWORD PTR DS:[<&USER32.FindWindowA>; USER32.FindWindowA
004E0232 |. C745 FC 00000000 MOV [LOCAL.1],0
004E0239 |. 8DA424 00000000 LEA ESP,DWORD PTR SS:[ESP]
to:

004E0220 . /E9 89000000 JMP StarCraf.004E02AE
004E0225 |90 NOP

aznlazyboi
02-21-2009, 07:29 PM
For those of you having problems; try running the modded executable first then the original.