Multiple StarCraft - Basic Reversing with OLLYDBG

    Multiple StarCraft - Basic Reversing Tutorial with OLLYDBG

    For this tutorial you will need StarCraft and the debugger OLLYDBG.
    What we are going to acomplish in this tutorial is write a patched executable that will allow us to run multiple instances of StarCraft. This will teach you some basic reverse engineering skills and some basic functions of OLLYDBG.

    Run OLLYDBG and go to the file menu and select Open.

    Find StarCraft.exe in your StarCraft directory

    Once you open StarCraft OLLYDBG will look like this

    Right click -> Search for -> All refrenced text strings

    A new window will open up, go to your window setting and tile your windows vertically so they look like this.

    While looking though the list of all the refrenced text strings you will eventually run across this string saying "StarCraft Check For Other Instances"

    Double Click that item and it will bring you to the line where that is used.

    Select the four lines in the brackets and NOP them.

    The lines will look like this after they are NOPed

    Now right click the changes we made -> Copy to exicuatble -> Selection

    A new window will come up, right click the selected changes in there -> Save to file.

    Save your new patched version as Multiple StarCraft.exe

    Run StarCraft.exe and Multiple StarCraft.exe

    Very nice LCS.

    Bump! I re-uploaded all of the images and fixed my first post because when the attachments broke a while back it pretty much made this tutorial useless, so today I decided to fix this up so it can be used. I hope someone actually uses this tutorial and learns something from it, shout out in here if you have any problems, questions, comments, feedback on the tutorial, but I think it is pretty straight forward. (I made it step by step so anyone can do it and learn about OLLYDBG / basic reversing / asm with out having to think too much)

    well, I've tried to do this tutorial over and over again. but still shows no result. I've tried to start the to .exe separatly and at the same time. what have I done wrong? Oo

  7. #7


    Ye, it doesn't work anymore. Maybe it's patched.... Running Multisc.exe bring back the previous opened Sc.exe as it shoud be with original exe
    you dont need to nop out that shizzle. just change the conditional jump:

    004E0200   /$  55                PUSH EBP
    004E0201   |.  8BEC              MOV EBP,ESP
    004E0203   |.  51                PUSH ECX
    004E0204   |.  68 C8F84F00       PUSH StarCraf.004FF8C8                     ; /EventName = "Starcraft Check For Other Instances"
    004E0209   |.  6A 00             PUSH 0                                     ; |InitiallySignaled = FALSE
    004E020B   |.  6A 00             PUSH 0                                     ; |ManualReset = FALSE
    004E020D   |.  6A 00             PUSH 0                                     ; |pSecurity = NULL
    004E020F   |.  FF15 10E14F00     CALL DWORD PTR DS:[<&KERNEL32.CreateEventA>; \CreateEventA
    004E0215   |.  FF15 14E24F00     CALL DWORD PTR DS:[<&KERNEL32.GetLastError>; [GetLastError
    004E021B   |.  3D B7000000       CMP EAX,0B7
    004E0220      /0F85 88000000     JNZ StarCraf.004E02AE
    004E0226   |.  8B3D 0CE14F00     MOV EDI,DWORD PTR DS:[<&KERNEL32.Sleep>]   ;  kernel32.Sleep
    004E022C   |.  8B1D 48E34F00     MOV EBX,DWORD PTR DS:[<&USER32.FindWindowA>;  USER32.FindWindowA
    004E0232   |.  C745 FC 00000000  MOV [LOCAL.1],0
    004E0239   |.  8DA424 00000000   LEA ESP,DWORD PTR SS:[ESP]
    004E0220    . /E9 89000000       JMP StarCraf.004E02AE
    004E0225      |90                NOP

  9. #9


    For those of you having problems; try running the modded executable first then the original.

