Thursday, 27 March 2014

Preventing spelling mistakes with Sublime spell checking

So people seem to get annoyed at spelling mistakes in my comments and code.
I'm not very good at English. Turns out sublime has a solution.

I just have to enable these settings under Preferences Settings - Default or Settings - User etc.
"spell_check": true,
"dictionary": "Packages/Language - English/en_GB.dic"

If you use US spelling you could set your dictionary too
"dictionary": "Packages/Language - English/en_US.dic"

Yeah.. I use GB at work because I live in New Zealand and we spell things with UK spellings.
Eg Colour not Color. I much prefer US spelling but not much that I can do about that since everyone else would expect things to be spelt how they want right?

It adds commands to the right click menu when right clicking on words where you can ignore or see list of corrections. And words are underlined with a red triangle wave squiggle.

It checks comments and strings in ' ' " " etc.

Very Useful.

Saturday, 22 March 2014

Signature Scanning

I have been getting a lot of questions about Signature Scanning such as

  • What is a signature?
  • How do I find or make one?
  • Where would signature scanning be usefull?

People seem to think this is a hard thing to do so I want to try simplify it.
Basicaly code such as C++ is compiled it is turned into byte code that the computer can run.

When memory hacking we find bytes we want to modify but if the application is recompiled or uses dynamic memory
The address is not garruented to be the same each time the app runs.

A signature is a sequence of bytes and wild cards to find in memory.

I have a game here, and it has a version string rendered in the bottom left.
You may be able to see VER9.02

I wanted to get that version as well as modify it to include my own text.

So I used cheat engine and searched for a string of VER9.02
I had to have Writable and Executable checkboxs set half way so that Cheat engine would scan
readable and executable memory too.

After I found the version string address.
I found what accessed the code.

Which can be done two ways, scan for the address in hex and goto the address -1 in the Memory View dissasembler
Or right click the entry and find what accesses.

I can just scroll up a little bit and look at the bytes on the left. Any references to other memory addresses
will change on recompile, such as ones seen in the PUSH or MOV or CALL op codes
Generally if the value is in the code sections of the executable it will be suspect to change.
Simply make those bytes wild card with the ?? when writing them down. You can search the signature in cheat engine
As an array of bytes with hex turned on.

Signature Scanner:

Video can be found here: