Author Topic: [N/A] Text and Hex Editors - Hext Tools 3.0  (Read 33864 times)

DLPB

  • No life
  • *
  • Posts: 8481
  • Karma: 231
  • This rose will never die This rose will never die
    • View Profile
Re: [N/A] Text and Hex Editors - Hext Tools ()
« Reply #100 on: 2017-01-02 15:10:33 »
I have added a new instruction to the Hext format - and expanded on Pointers. This makes it easier to edit code detours, like the ones Aali's driver uses. Instead of forcing the DLL to stay in one place, you can find the needed address by following the jump-to address now. 

Quote
6. Pointers

Sometimes an address points to another address. In these cases you may want to edit the values of the address that is being pointed to. For example, at the address 2E8F0, there may be 4 bytes-  D0 CD 10 00. This may be another address (in this example 0x10CDD0). To edit the address 10CDD0 and not 2E8F0, use the caret (^) as follows:

2E8F0^ = 11 22 33

In the above example, the address that is pointed to at 2E8F0 will be used.

The following type of instructions are all valid:

2E8F0^ = 11 22 33

2E8F0^ = 90 : 5

2E8F0^ = 6A 30 > 90 90 : 3

{Memory permission}
2E8F0^ : 1000

Pointers will only return a 4 byte address.

When using pointers with  Local Add/Subtraction, the correct usage is:

2E8F0^ + 10 = 11 22 33

In the above example, assuming that 2E8F0 points to the address 0x10CDD0, the final address to be changed is 0x10CDE0.

It is also possible to use more than one caret to traverse memory addresses. For example:

2E8F0^^^ = 11 22 33

7. Jumps and Calls (Opcode E9/E8)

What we are referring to here is a 4 byte relative address jump. It may be important for you to locate the address that is being jumped to. This Hext instruction will begin an operation from the location the jump references. For example, at the address 2E8F0 there may be a relative address jump with code E9 0B 17 00 00.  Here, the assembly x86 instruction is jumping to a new memory location at 30000 (2E8F0 + 5 + 170B). To reference this address via the assembly jump, use the 'at sign' (@) as follows:

 2E8F0@ = 11 22 33

Like with Pointers, the following type of instructions are all valid:

2E8F0@ = 11 22 33

2E8F0@ = 90 : 5

2E8F0@ = 6A 30 > 90 90 : 3

{Memory permission}
2E8F0@ : 1000

When using Jumps with  Local Add/Subtraction, the correct usage is:

2E8F0@ + 10 = 11 22 33

In the above example, assuming that 2E8F0 is a jump to address 0x30000, the final address to be changed is 0x30010.

As with Pointers, it is possible to use more than one 'at sign' to traverse memory addresses; for example

2E8F0@@@ = 11 22 33

will follow three x86 Jump/Call instructions.

Combining Pointer and Jump Operations

Pointer and Jump operations can work together in one instruction. For example

2E8F0^@ = 11 22 33

will first retrieve an address at the address 0x2E8F0, and, then, if any jump operation exists at that address, the address that the jump points to will be the one used. Here is a more detailed explanation:

Suppose that at 2E8F0 there are four bytes D0 CD 10 00 (address 0x10CDD0). So, as before, the caret (^) indicates that the bytes at this address will be modified. But the 'at sign' after the caret indicates that you want to also follow a jump to a new address.  At address 0x10CDD0, there may exist a Jump or Call instruction (5 bytes, starting with E8 or E9). This may point to a new address at 0x20A000.  In the above example, the bytes at address 0x20A000 will be ones modified.

In the above example

2E8F0^@ = 11 22 33

is equivalent to

20A000 = 11 22 33
« Last Edit: 2017-01-02 16:45:54 by DLPB »

Maki

  • Lana Del Rey
  • Insane poster
  • *
  • Posts: 412
  • Karma: 76
  • Final Fantasy VIII reverse team
    • View Profile
Re: [N/A] Text and Hex Editors - Hext Tools ()
« Reply #101 on: 2017-01-02 16:22:12 »
Damn, nice job! This assembler JMP pointer jump is what I need for patches!
I can't wait for update!
« Last Edit: 2017-01-07 17:09:53 by Maki »

DLPB

  • No life
  • *
  • Posts: 8481
  • Karma: 231
  • This rose will never die This rose will never die
    • View Profile
Re: [N/A] Text and Hex Editors - Hext Tools 3.0
« Reply #102 on: 2017-01-08 23:53:26 »
Code: [Select]
Hext Tools v3.0
09.Jan.2017

General
1. A new tool - HextCompare - has been added.
2. Byte Grouping options have been removed.
3. The Command window will always close after operations are complete.
4. The tool collection has been renamed from DLPB Tools to Hext Tools.
5. Hext format: added "Jump/Call" address instruction.
6. Hext format: Pointer instruction now allows multiple address levels.
7. Readme files are now help files. All help files have been updated.
8. Only one instance of each tool is allowed (when the file name is the same).

HextCompare
First release.

HextEdit
None.

HextLaunch
1. The log was reporting the wrong addresses for replaced bytes. This has been corrected.
2. Hext_in / DLL_in wll always be used if files are present. The corresponding options have been removed from Settings.ini.
3. WorkingFolder added to Settings.ini. The default is MyFolder1. With this option, it is possible to add multiple modification configurations for one target program or game.

Hextract
1. The log cannot be disabled.
2. The Hextract Instruction List format has been altered. Please check 'Hextract-Help.rtf'
3. Descriptions can now include spaces.

HextSort
1. The log cannot be disabled.

ListLoad
1. 'Start with Windows' option now works properly.

TextMod
1. Better "whole word" detection.

Please read the main help file for each tool.


See first post for link.

I should also note that TextMod Whole Word detection is only going to work correctly with the English language. For now.
« Last Edit: 2017-01-09 00:07:52 by DLPB »

Maki

  • Lana Del Rey
  • Insane poster
  • *
  • Posts: 412
  • Karma: 76
  • Final Fantasy VIII reverse team
    • View Profile
Re: [N/A] Text and Hex Editors - Hext Tools 3.0
« Reply #103 on: 2017-01-09 08:42:10 »
No more password?  ;D

DLPB

  • No life
  • *
  • Posts: 8481
  • Karma: 231
  • This rose will never die This rose will never die
    • View Profile
Re: [N/A] Text and Hex Editors - Hext Tools 3.0
« Reply #104 on: 2017-01-09 12:42:58 »
No ;)  Looks like Google isn't going to block my "virus ridden" collection.

I'm only compressing one file there anyway... ListLoad. And that one is mostly never going to be used by people.
« Last Edit: 2017-01-09 13:57:35 by DLPB »