Reverse theoretical knowledge 1

Reverse thinking ： First, design the idea , Then start to analyze

actual combat ： Modify the game resolution 640×480 become 1920×1080

One . Analysis methods

1. The game shows → The resolution data is used → Trace to the data source → Modifying data
   What technology is used in game display ？ answer ： Graphic technology

	GDI/GDI+：
	openGl：Linux I use more 
	Direct：
	
	 The display technology used in this game , There must be some characteristics . We can use CE To find this feature , So as to know what technology is used in the game ！

after CE Empirical results show that the game drawing technology is Direct technology

2. By means of msdn Search and guess about technology , The game will be executed after loading the corresponding module DirectDrawCreateEx or DirectDrawCreate
   demonstration ： stay DirectDrawCreate,DirectDrawCreateEx Lower breakpoint , Through reverse analysis and Ctrl+F9,F7, Call DirectDrawCreate The functional framework of Draw it out

4. Finally, it is analyzed and used Screen resolution The address of , Then by modifying the data on the stack (1920×1080), function , Verified that his conjecture is correct .

   
   Raise questions ： Why are we x96dbg Jump to SetDisplayMode function , I can't jump ？

Two . Determine the address of the virtual function

Theoretical knowledge ： This function is DLL Functions inside , We can use Window Of Dll A feature of ： System xxxx.dll The base address is the same in each process

	LPVOID lDx{
    };
	DirectDrawCreateEx(NULL, &lDx, IID_IDirectDraw7, NULL);
	if (lDx) {
    
		LPDIRECTDRAW7 lDx7 = (LPDIRECTDRAW7)lDx;
		lDx7->SetDisplayMode(1, 2, 3, 4, 5);
	}

demonstration ： Get SetDisplayMode The address of , And then the next breakpoint , Run the game .

summary ： By determining the virtual function address , We can also describe the framework of calling functions .

3、 ... and . Make patches

1. Through to SetDisplayMode function Reverse analysis of

int global_43d740 = 1;
int global_4391F8 = 0x10;//bpp
int global_43d75C = 0x698880;//Direct The pointer 
int global_4391F0 = 0x1E0;//height
int global_4391EC = 0x280;//width
void SetDisplayMode() {
    
	int num1 = 0;
	int num2 = 0;
	int width = 0x280;
	int height = 0x1E0;
	if (global_43d740) {
    
		setDisplay(,,,)
	}
}

Found that regular ： We can change global variables by Width and height The number , To change the resolution of the game ;

3. At the end of the game exe Breakpoint under entry point , And then through CE see Store values for the width and height of the game screen , These two values are found as soon as the program starts

   guess ：（1） stay TLS Segment modified （2） Naturally, this number

   demonstration ： Change these two values to 1920×1080, Run the game , Found that the data was changed back

   

4. ultimately , By means of OD Set up Memory write breakpoint , It's positioned to Functions that change data
   

5. demonstration ： Change the screen resolution (1920×1080), Save all changes to the executable , Run the game