Comments on: Hacking mac apps: Direct Mail http://www.seoxys.com/hacking-mac-apps-direct-mail-archive/ Wed, 27 Feb 2013 21:05:44 +0000 hourly 1 http://wordpress.org/?v=3.0.1 By: DirectHit http://www.seoxys.com/hacking-mac-apps-direct-mail-archive/comment-page-1/#comment-20429 DirectHit Tue, 08 Jun 2010 09:39:42 +0000 http://www.seoxys.com/2007/12/19/hacking-mac-apps-direct-mail/#comment-20429 Aren't the "reverse" bytes actually in that format on the Intel because of the way variables are stored in memory? Isn't it supposed to be that it reads them backwards in assembly code? e.g. 1234h : 34h 12h. and 0000:0010 translates into 0001:0000. Cause I am pretty sure that's how the memory is read in assembly. Aren’t the “reverse” bytes actually in that format on the Intel because of the way variables are stored in memory? Isn’t it supposed to be that it reads them backwards in assembly code?
e.g. 1234h : 34h 12h. and 0000:0010 translates into 0001:0000.
Cause I am pretty sure that’s how the memory is read in assembly.

]]> By: Seras Victoria http://www.seoxys.com/hacking-mac-apps-direct-mail-archive/comment-page-1/#comment-3986 Seras Victoria Tue, 16 Sep 2008 01:04:59 +0000 http://www.seoxys.com/2007/12/19/hacking-mac-apps-direct-mail/#comment-3986 Thanks! I find this all fascinating and wish I had more time to study it (don't worry, not because I want to steal any money from poor independent developers). Great post! Thanks! I find this all fascinating and wish I had more time to study it (don’t worry, not because I want to steal any money from poor independent developers). Great post!

]]> By: kenneth http://www.seoxys.com/hacking-mac-apps-direct-mail-archive/comment-page-1/#comment-3985 kenneth Sat, 13 Sep 2008 21:21:55 +0000 http://www.seoxys.com/2007/12/19/hacking-mac-apps-direct-mail/#comment-3985 From my limited understanding of it yes. Basically, if you're on intel, you'd read this in gdb: 0xc4830c75 and you'd have to search for this in the binary: 0x750c83c4. On PPC you'll search for whatever you get in gdb. Note I don't really know the full theory behind it, I just apply it in practice and this is what works for me. From my limited understanding of it yes. Basically, if you’re on intel, you’d read this in gdb: 0xc4830c75 and you’d have to search for this in the binary: 0x750c83c4. On PPC you’ll search for whatever you get in gdb. Note I don’t really know the full theory behind it, I just apply it in practice and this is what works for me.

]]> By: Seras Victoria http://www.seoxys.com/hacking-mac-apps-direct-mail-archive/comment-page-1/#comment-3984 Seras Victoria Sat, 13 Sep 2008 21:01:38 +0000 http://www.seoxys.com/2007/12/19/hacking-mac-apps-direct-mail/#comment-3984 Well yes that makes sense, but I'm still a little confused... specifically when you said: "If you’re on intel, don’t forget you have to reverse all the blocks of four bytes before searching." In your example gdb gave you 0xc4830c75 for the instruction (right?), based on my somewhat limited knowledge I'm guessing that the 0x75 is the opcode that you want to change. So what is the value that's searched for in the binary? Does gdb always spit out big endian instructions...? Well yes that makes sense, but I’m still a little confused… specifically when you said: “If you’re on intel, don’t forget you have to reverse all the blocks of four bytes before searching.”

In your example gdb gave you 0xc4830c75 for the instruction (right?), based on my somewhat limited knowledge I’m guessing that the 0x75 is the opcode that you want to change. So what is the value that’s searched for in the binary? Does gdb always spit out big endian instructions…?

]]> By: kenneth http://www.seoxys.com/hacking-mac-apps-direct-mail-archive/comment-page-1/#comment-3982 kenneth Sat, 13 Sep 2008 16:47:46 +0000 http://www.seoxys.com/2007/12/19/hacking-mac-apps-direct-mail/#comment-3982 Yeah: this is due to Intel being Little-endian, while PPCs are Big-endian. See http://en.wikipedia.org/wiki/Endianness#Little-endian for a more detailed explanation. Yeah: this is due to Intel being Little-endian, while PPCs are Big-endian. See http://en.wikipedia.org/wiki/Endianness#Little-endian for a more detailed explanation.

]]> By: Seras Victoria http://www.seoxys.com/hacking-mac-apps-direct-mail-archive/comment-page-1/#comment-3981 Seras Victoria Sat, 13 Sep 2008 16:03:04 +0000 http://www.seoxys.com/2007/12/19/hacking-mac-apps-direct-mail/#comment-3981 When you say, "If you’re on intel, don’t forget you have to reverse all the blocks of four bytes before searching", I assume you mean that when you disassemble the PPC code, which should be different (e.g. you're not dealing with 0x75/0x74 at all, but something completely different), that whatever it is that you'll get from gdb you do not reverse? When you say, “If you’re on intel, don’t forget you have to reverse all the blocks of four bytes before searching”, I assume you mean that when you disassemble the PPC code, which should be different (e.g. you’re not dealing with 0x75/0x74 at all, but something completely different), that whatever it is that you’ll get from gdb you do not reverse?

]]>