I have been trying new (to me) methods of creating the code for a code cave. Using a lot of tips provided, I have managed to copy a block of code to a cave area in Olly, changed references and the like. The next step is how to then take this info and turn it into pokes using Olly.......... I have downloaded the PP on caves, but can't open the second two, I get a weird error???

The reason I ask, is if I take the info, and put it into Tsearch, the Je Jmp's etc require editing to Long, which then changes all the memory allocation, and then causes referencing problems.

I can do it another way, but would like to do it with Olly only. :P

For the PP tut you dont need to open the second or third ZIP, just DL all and extract one and all info from the other two will be included in to the PP file.
Hmm if you do it properly, then you should not need to modify anything when taking in to Tsearch.

Modifying I mean removing the BF1942 and adding the 00 etc, when I do this I get error out of range, change to Je long.........

I just tried a block of code, and interestingly, when I pasted the section, a whole lot more code than I had selected was pasted in????

I get the error when extracting the second and third part of the PP?

Hmm if you do it properly, then you should not need to modify anything when taking in to Tsearch.

Agreed, if they require editing to long in T-Search they would have also in Olly. But if you copy paste the ASM from Olly it seems to add the errors back in such as the unknown idetifiers, but i believe you just need to be more careful and construct your codecaves in Olly first.

Do all the modifying of JMP's in Olly and then copy into T-Search for the sole purpose of converting to Poke's.

Do all the modifying of JMP's in Olly and then copy into T-Search for the sole purpose of converting to Poke's.[/QUOTE]

thats what i do and its easy too.

when I do this I get error out of range, change to Je long........
This should be done in OLLY, can be done in Tsearch , but the best is to test your cave in OLLY. Normaly OLLY will tell you if its a LONG etc. After you finnished the cave and the JMP Gate, hit the BLUE Play button in OLLY, and go in game and check your hack, now if the hack works, then the code works;) then take that into Tsearch Easywrite, and you should not have to modify nothing, exccept for deleting Bf1942. or adding some 0 etcetc

I must be doing something wrong............ I created the cave, the jump back, then the jump to. I worked 'live' in Olly. Great, I copied into Tsearch, created the pokes, and the game crashes, to 00000000 address??? Ill start again............... All good fun

I skip out Tsearch completely...

Once you have you cave working in Olly, highlight ALL of it and right click --> Binary --> Copy.

Paste this into a notepad file, you will see that it pastes in lines of a maximum length of 32 paris of numbers (bytes).
To the left of the 1st line type in yourself the following "POKE XXXXXXXX" where XXXXXX is the address of the first line in your cave.
Now for the subsiquent lines you need to do a small amount of detective work...
Look at the first 3 or 4 bytes on the second line and then find those bytes in your cave (in OllyDbg), now chances are the bytes you find are midway through an address line, so you need to count on from the address of that line. Remember hex is 0 1 2 3 4 5 6 7 8 9 A B C D E F.
Once you find this address type POKE XXXXXX (where XXXXXX is the address), repeat for any further lines in your cave.
Repeat this whole process for your jumpgate and your done, no more loading Easywrite and having masses of poke lines!

I know its not explained to well here, its easier to understand in practice so if anyone wants a personal mini-tute drop me a line.

Well i managed to get the thing working in Olly, which was great. I then copied the code to Tsearch. created the pokes, added to my test trainer, and it crashed........ I did some investigation and was surprised to see the following

Original 8D6424 00 LEA ESP,DWORD PTR SS:[ESP]
Cave 8D2424 LEA ESP,DWORD PTR SS:[ESP]

As u can see there is a difference in the number of bytes used. So I added a nop after the cave line and it works LOL, anyone understand why the two lines are different???

I know the effect the difference causes, in memory address allocation, wich causes reference problems........

Thankfully I got it working........

the lines are different with the 00 byte

I must be doing something wrong............ I created the cave, the jump back, then the jump to. I worked 'live' in Olly. Great, I copied into Tsearch, created the pokes, and the game crashes, to 00000000 address??? Ill start again............... All good fun
LOL, If i had a dollar for evry time i crashed the game, i'd have enough to buy a new comp.
:cheeky:

the lines are different with the 00 byte
Spont, I understand the difference, just wondering why. There is no change in the content of the line when copied into the cave, but when its pasted in the 00 is added?

No biggie............ ;)