10 replies to this topic

[gamax92]

The full album of glitchyness here: http://imgur.com/a/AlP17

Spoiler

Paddle's graphics are corrupted. Various background tiles are blank.
A couple balls are stuck in the boundary of the level.


One managed to free itself. However it's now going super speed.


Hard to tell, but a couple more background tiles are broken, plus dimming has now activated.
The two stuck balls are now glitched in the opposite side of the level.


Loaded up a new level, As you can see now background tiles have graphics from random things.


It was actually possible to play this level, even with the corruption.


Yeah ... This is the animation you get when the ball hits a blocks.
The computer gets really slow during this and lasts for about 2 seconds.


Almost cleared the level! Just a few more blocks to go.


??? I don't even.

Images are in the Spoiler tag, there are 8 various images.

I actually ran this game on a real machine running MS-DOS 6.22, not a VM or DosBox.
The memory editing was achieved by a utility called Game Wizard 32 Pro. The game featured here is "Cyber Sphere"

[PixelToast]

epic win :3
rom/ram corruption is fun

[Zudo]

Lol, this topic makes no sense to me!

[Dlcruz129]

ZudoHackz, on 13 July 2013 - 01:02 AM, said:

Lol, this topic makes no sense to me!

Ever used Cheat Engine? OP pretty much used a tool like it to change random variables on a game in MS-DOS.

[nutcase84]

Awesome! Wonder if you can do this with modern games...

[Pharap]

nutcase84, on 13 July 2013 - 06:31 PM, said:

Awesome! Wonder if you can do this with modern games...

It's possible but it would require an insane amount of fiddling and hacking.

Anything that runs on an emulator it would be possible with, especially if the emulator is open source or has plugin support.

[Mads]

Pharap, on 14 July 2013 - 12:53 AM, said:

nutcase84, on 13 July 2013 - 06:31 PM, said:

Awesome! Wonder if you can do this with modern games...

It's possible but it would require an insane amount of fiddling and hacking.

Anything that runs on an emulator it would be possible with, especially if the emulator is open source or has plugin support.

It's basically impossible to do it with modern operating systems, as each programme has it's own physical memory, which is mapped to some virtual addresses via paging. These virtual addresses are what the programme sees, but not where the stuff is stored. See this example:

init_paging();
map_page(0x3000, 0x60000, 3);
int *p = (int *) 0x3000;
*p = 12;
kprintf("*(0x%x) = %i\n", (uint32_t) p, *p);

map_page(0x2000, 0x60000, 3);
int *p2 = (int *) 0x2000;
/* notice how the value of p2 is not set */
kprintf("*(0x%x) = %i\n", (uint32_t) p2, *p2);

First, the virtual address 0x3000 is mapped to the physical address 0x60000. Then a pointer is created, and its value is set to 12.
The virtual address 0x2000 is then mapped to the same physical address. A pointer is then created, but notice how the value is not set. This shouldn't be needed, as the two pointers actually point to the same physical address.

This is the output of the above code:

*(0x3000) = 12
*(0x2000) = 12

[Pharap]

Mads, on 14 July 2013 - 03:01 AM, said:

It's basically impossible to do it with modern operating systems, as each programme has it's own physical memory, which is mapped to some virtual addresses via paging. These virtual addresses are what the programme sees, but not where the stuff is stored. See this example:

init_paging();
map_page(0x3000, 0x60000, 3);
int *p = (int *) 0x3000;
*p = 12;
kprintf("*(0x%x) = %i\n", (uint32_t) p, *p);

map_page(0x2000, 0x60000, 3);
int *p2 = (int *) 0x2000;
/* notice how the value of p2 is not set */
kprintf("*(0x%x) = %i\n", (uint32_t) p2, *p2);

First, the virtual address 0x3000 is mapped to the physical address 0x60000. Then a pointer is created, and its value is set to 12.
The virtual address 0x2000 is then mapped to the same physical address. A pointer is then created, but notice how the value is not set. This shouldn't be needed, as the two pointers actually point to the same physical address.

This is the output of the above code:

*(0x3000) = 12
*(0x2000) = 12

No need to explain virtual addresses to me

The kernel32.dll system library in windows allows you to manipulate heaps.(Yes,I interop)
In theory you could create a wrapper process to watch the heap.

It's also possible to dasm Java and .Net games, add extra instructions and then reasm them, so there's probably ways you could interrupt things using that technique.

[Mads]

Pharap, on 14 July 2013 - 08:51 AM, said:

It's also possible to dasm Java and .Net games, add extra instructions and then reasm them, so there's probably ways you could interrupt things using that technique.

That has nothing to do with editing the memory, unless you do it from within the code. And if you do that, you'd have to recompile everytime you changed something

[immibis]

There's no problem with editing random memory on a PC game (the function you want is WriteProcessMemory on Windows, or ptrace(PTRACE_POKEUSER) on Linux), but there's a pretty high chance of it resulting in a segfault (crash)

Edit: I tried it, as expected every time it crashed or nothing happened.

[Pharap]

Mads, on 14 July 2013 - 12:34 PM, said:

Pharap, on 14 July 2013 - 08:51 AM, said:

It's also possible to dasm Java and .Net games, add extra instructions and then reasm them, so there's probably ways you could interrupt things using that technique.

That has nothing to do with editing the memory, unless you do it from within the code. And if you do that, you'd have to recompile everytime you changed something

You wouldn't have to reasm each time. .Net has the ability to dynamically load libraries, instantiate objects and other things using reflection (and I'd assume similar is possible in Java). So you could effectively just put in a bit of code that instantiates an inherited class found in a dynamically loaded library and then you could just use external libraries like DLC to screw with the memory.