 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Monkeygeek
Expert Cheater
![]() Reputation: 0
Joined: 01 Jan 2007
Posts: 175
Location: ENLIGHTENED
|
 Posted: Sun Sep 23, 2007 12:01 am Post subject: |
 |
|
What exactly does this do?
_________________
Explain.
 |
|
| Back to top |
|
 |
appalsap
Moderator
 Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Sun Sep 23, 2007 12:08 am Post subject: |
|
|
| appends virus code to your boot sector
|
|
| Back to top |
|
|
kittonkicker
I post too much
 Reputation: 1
Joined: 19 Apr 2006
Posts: 2171
|
| Posted: Sun Sep 23, 2007 5:00 pm Post subject: |
|
|
This is a much better than the way I'm getting the address...
I'm using the GGRPM pointer to get the address of ReadProcessMemory, and from there doing a search for the call to ZwReadVirtualMemory, and adjusting that pointer.
I like your method better though!
_________________
All gone  |
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
 Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Tue Sep 25, 2007 9:23 am Post subject: |
|
|
Question:
Why don't you use MODULEENTRY.szModule to get the file name?
Besides that, you might consider this a bit simpler: | Code: | invoke Module32First,hSnapshot,addr MODULEENTRY
.while eax != FALSE
.if word ptr MODULEENTRY.szModule == 'np'
.endif
invoke Module32Next,hSnapshot,addr MODULEENTRY
.endw |
|
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Tue Sep 25, 2007 10:07 am Post subject: |
|
|
Side note - you could initialize MODULEENTRY32 like this:
MODULEENTRY MODULEENTRY32 <sizeof MODULEENTRY32>
Also, push ebp\mov ebp,esp are not needed, as you are not using any local varialbe.
|
|
| Back to top |
|
|
appalsap
Moderator
Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Tue Sep 25, 2007 12:08 pm Post subject: |
|
|
| another note: you don't close the snapshot (memory leak)
|
|
| Back to top |
|
|
appalsap
Moderator
Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Tue Sep 25, 2007 1:22 pm Post subject: |
|
|
| Um. It allocates memory for the structures required for ZwQuerySystemInformation. By using CloseHandle you free the memory. It's that simple.
|
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Tue Sep 25, 2007 1:46 pm Post subject: |
|
|
| x0r wrote: | | DoomsDay wrote: | Side note - you could initialize MODULEENTRY32 like this:
MODULEENTRY MODULEENTRY32 <sizeof MODULEENTRY32>
Also, push ebp\mov ebp,esp are not needed, as you are not using any local varialbe. |
Hm, I'm a bit confused... You're trying to give me advice? Without sounding mean, that's not wise of you. MODULEENTRY struct definition is fine as it is, there's no need for me to needlessly specify the structure size when the windows includes already do that for me and the function establishing commands (push ebp, etc) are used for a few reasons;
1. Referencing parameters in an API when doing things like stack manipulation.
2. IDA/OllyDBG interpretation functionality, if you haven't noticed they both recognize functions by the function initiators.
3. MASM32 automatically adds the function initialization when using functions with parameters so it's a good habit to get used to them. Again; you really should go with HLA. |
x0r, don't get me wrong, I am giving you advices, but I'm doing this in order to help you get your code more efficient. By giving you advises, I'm not stating that I'm better than you, as our knowledge is pretty much at the same level. If you wish me to stop helping out then just say it. The code I posted is being used in my GG\CRC bypass, I'm using it to dinamicly calculate MapleStory's hash size (see VirtualQueryEx).
EDIT:I'm not rude, nor stupid, please avoid getting this to personal levels.
|
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Tue Sep 25, 2007 2:19 pm Post subject: |
|
|
| x0r wrote: | | DoomsDay wrote: | | x0r, don't get me wrong, I am giving you advices, but I'm doing this in order to help you get your code more efficient. By giving you advises, I'm not stating that I'm better than you, as our knowledge is pretty much at the same level. If you wish me to stop helping out then just say it. The code I posted is being used in my GG\CRC bypass, I'm using it to dinamicly calculate MapleStory's hash size (see VirtualQueryEx). |
No, don't get me wrong; you're trying to teach me something which is at an elementary level of MASM understanding so I am annoyed by your rude behavior and I know for a matter of a fact my code is better than yours because I've seen your code (AoB finder) now compare it to my code. So now let me tell you this, find your place and stay there, you're in no position to be lecturing me about things like stupid macro usage and needless structure size declarations. Now really, quickly have a look at my hash-breaker in OllyDBG or your disassembler of choice and tell me if you can still level with me. (This uses AoBs and dynamically gets the MS code section size too without needlessly using such a powerful API  ) Oh yeah, I posted this a few weeks ago, so you should be able to find the original copy somewhere on the MS section (exactly the same) |
No x0r, and I believe I've just caught you on a lie. I did take a look at the original hashbreaker you've posted, and I actually have a backup of it on my PC, the dlls' CRC does not match by shit:
| Code: | Old hashbreaker - 5831CCFF
Current hashbreaker(which now, imports VirtualQueryEx for some odd reason) - 4102FB22 |
Excellent C\P of my AOBScan btw (it is public, no complaints). As for my place, it's here, telling you that you did not read about the MODULEENTRY32 structure, which makes me think you found the template elsewhere (assumation). The way I see it, my coding is absolutely better than yours, as you've kindly decided to copy it. Now, please refrain from flaiming me, it's not the purpose of this discussion.
~See you tomorrow
Last edited by DoomsDay on Tue Sep 25, 2007 3:06 pm; edited 3 times in total |
|
| Back to top |
|
|
Uligor
Grandmaster Cheater
 Reputation: 0
Joined: 21 Jan 2006
Posts: 956
|
| Posted: Tue Sep 25, 2007 2:20 pm Post subject: |
|
|
DoomsDay, you must know that x0r thinks he's the best and no matter what, he will keep thinking that.
_________________
|
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Tue Sep 25, 2007 3:01 pm Post subject: |
|
|
Owned? No.
Yet I did notice my mistake over this, I loaded my own DLL =P, I take back some of the things I said.
|
|
| Back to top |
|
|
DoomsDay
Grandmaster Cheater
Reputation: 0
Joined: 06 Jan 2007
Posts: 768
Location: %HomePath%
|
| Posted: Tue Sep 25, 2007 3:17 pm Post subject: |
|
|
| x0r wrote: | | DoomsDay wrote: | Owned? No.
Yet I did notice my mistake over this, I loaded my own DLL =P, I take back some of the things I said. |
Owned? Yes, you made a complete fool out of yourself. Not only that you complimented that with another stupid mistake of yours to go with it. Not only should you take back what you said, you should apologize for your sheer audacity... You probably won't though |
You proved the following fact: I did a mistake and relied on it. I do appoligize for blaming you as a result of it. I must tell you though, don't think that my act is an act of audacity, your stand is not higher than mine, keep that in mind.
|
|
| Back to top |
|
|
MegaForum
Grandmaster Cheater
![]() Reputation: 0
Joined: 20 Aug 2007
Posts: 558
|
| Posted: Tue Sep 25, 2007 3:28 pm Post subject: |
|
|
lolz x0r pwned you =o. 
|
|
| Back to top |
|
|
the_undead
Expert Cheater
 Reputation: 1
Joined: 12 Nov 2006
Posts: 235
Location: Johannesburg, South Africa
|
| Posted: Tue Sep 25, 2007 4:05 pm Post subject: |
|
|
| DoomsDay wrote: | | x0r wrote: | | DoomsDay wrote: | Side note - you could initialize MODULEENTRY32 like this:
MODULEENTRY MODULEENTRY32 <sizeof MODULEENTRY32>
Also, push ebp\mov ebp,esp are not needed, as you are not using any local varialbe. |
Hm, I'm a bit confused... You're trying to give me advice? Without sounding mean, that's not wise of you. MODULEENTRY struct definition is fine as it is, there's no need for me to needlessly specify the structure size when the windows includes already do that for me and the function establishing commands (push ebp, etc) are used for a few reasons;
1. Referencing parameters in an API when doing things like stack manipulation.
2. IDA/OllyDBG interpretation functionality, if you haven't noticed they both recognize functions by the function initiators.
3. MASM32 automatically adds the function initialization when using functions with parameters so it's a good habit to get used to them. Again; you really should go with HLA. |
x0r, don't get me wrong, I am giving you advices, but I'm doing this in order to help you get your code more efficient. By giving you advises, I'm not stating that I'm better than you, as our knowledge is pretty much at the same level. If you wish me to stop helping out then just say it. The code I posted is being used in my GG\CRC bypass, I'm using it to dinamicly calculate MapleStory's hash size (see VirtualQueryEx).
EDIT:I'm not rude, nor stupid, please avoid getting this to personal levels. |
He doesn't know any better. You see, Irwin suffers from an emotional intelligence akin to that found in autistic three year olds. He seems to think he is some sort of prodigy and thus incorrectly believes he is better than everyone else. However, I find solace in the fact that once he leaves mommy and daddy's basement and encounters a world where he cant hide behind a computer screen and make conceited, self-righteous remarks without getting his ass kicked, he will realize he is not so great after all.
_________________
|
|
| Back to top |
|
|
Liquid369
I post too much
![]() Reputation: 0
Joined: 15 Oct 2006
Posts: 3938
Location: Where ever I am
|
| Posted: Tue Sep 25, 2007 4:25 pm Post subject: |
|
|
| x0r wrote: | | the_undead wrote: | | He doesn't know any better. You see, Irwin suffers from an emotional intelligence akin to that found in autistic three year olds. He seems to think he is some sort of prodigy and thus incorrectly believes he is better than everyone else. However, I find solace in the fact that once he leaves mommy and daddy's basement and encounters a world where he cant hide behind a computer screen and make conceited, self-righteous remarks without getting his ass kicked, he will realize he is not so great after all. |
I'd love to sit with you and divulge my mental state but I'm not exactly feeling like I need to explain my actions to somebody like you who had a nervous breakdown after breaking up with a girlfriend then going on a rampage and eventually leaking something of mine You seem to think that I've forgotten? You do know that most of the intelligent people on the forum already know of your malicious and childish ways (eg. throwing a tantrum) even without you having to come out and admit that you did indeed betray my trust and leak something I trusted you with simply to get back at me for being angry at you for breaking my trust in the first place Hell, you took refuge with void during that time, using him as a friend Now, let everyone see your cowardice; you couldn't even admit to a simple truth and resorted to procrastination methods, it's been months now and you can't utter the words which everyone already knows. Why? Pride, you come and gossip about me saying I'm self-righteous, I'm conceited & I'm the one getting my ass kicked? Isn't that a paradox? |
Lets just say thats both of you but he is more bearable and doesn't have his head so far up his ass that his face is being burnt off by the stomach acid
_________________
People are of no value.
We could make more sometime.
If we need them.
Life itself is only vision, a dream.
Nothing exists in empty space and you.
And you are but a thought. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
