 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Eyalos
Master Cheater
![]() Reputation: 0
Joined: 03 Oct 2006
Posts: 343
|
 Posted: Wed Jan 23, 2008 9:57 am Post subject: [Help] Delphi+API hooks (user32) |
 |
|
Hey all, im looking for that answer for the last 2 days, couldnt figure out.
I saw sphere90's code for bypassing PostMessageA's hook, and i tried to change it to delphi, without a success:
| Code: | ULONG reentry_address = GetProcAddress( LoadLibrary("user32.dll"), "PostMessageA" ) + 5;
__declspec(naked) void myPostMessageA(void)
{
__asm
{
mov edi,edi
push ebp
mov ebp,esp
jmp [reentry_address]
}
} |
I DONT wanna be spoonfeeded or whatever but i cant actually figure it out.
My try was to actually convert word by word but it didnt work.
delphi wont let me use the reentry_address as a ULONG, it says its a pointer, so i tried ^ULONG or ^integer, no success, giving me access problems with the User32.
I tried to getModuleHandle in-case of loadlibrary without a success.
also, delphi wont let me just add 5 bytes (+5) to the reentry address so i added:
add dword ptr [reentry_address],5 (or 5h, both failed).
Im really tired off of my try attempts, ill be glad if anyone could help out 
Thanks in advance,
eyalos 
|
|
| Back to top |
|
 |
Eyalos
Master Cheater
![]() Reputation: 0
Joined: 03 Oct 2006
Posts: 343
|
| Posted: Wed Jan 23, 2008 10:04 am Post subject: |
|
|
| Groot wrote: | My unfinished version of it:
| Code: | function PeekMessageA(
hWnd:HWND;
MSG:UINT;
WPARAM:wParam;
LPARAM:lParam):BOOL;
var
OriginalAddy:Pointer; //Needs to be LongInt (ULONG aka Unsigned Long)
DllHandle:THandle;
Begin
DllHandle:=LoadLibrary(user32);
OriginalAddy:=GetProcAddress(DllHandle,'PostMessageA');
Asm
mov edi,edi
push ebp
mov ebp,esp
jmp [OriginalAddy]
End;
Result:=LongBool(OriginalAddy)+5;
End; |
|
I tried that already, without the result thingy, ill check it later, thanks 
(be back in 2hours or so..)
|
|
| Back to top |
|
|
Reak
I post too much
 Reputation: 0
Joined: 15 May 2007
Posts: 3496
|
| Posted: Wed Jan 23, 2008 10:33 am Post subject: |
|
|
I'm not sure, but try this:
| Code: | function PostMessage1337(
hWnd:HWND;
MSG:UINT;
WPARAM:wParam;
LPARAM:lParam):BOOL;
var
reentry_address: pointer;
nub: Integer;
begin
reentry_address:=GetProcAddress( LoadLibrary('user32.dll'), 'PostMessageA');
asm
mov edi,edi
push ebp
mov ebp,esp
jmp reentry_address
end;
Nub := integer(reentry_address)+5;
Result := LongBool(Nub);
end; |
or this:
| Code: | function PostMessage1337(
hWnd:HWND;
MSG:UINT;
WPARAM:wParam;
LPARAM:lParam):BOOL;
var
reentry_address: pointer;
nub: Integer;
begin
reentry_address:=GetProcAddress( LoadLibrary('user32.dll'), 'PostMessageA');
Nub := integer(reentry_address)+5;
reentry_address := pointer(nub);
asm
mov edi,edi
push ebp
mov ebp,esp
jmp reentry_address
end;
Result := LongBool(Nub);
end; |
|
|
| Back to top |
|
|
Eyalos
Master Cheater
![]() Reputation: 0
Joined: 03 Oct 2006
Posts: 343
|
| Posted: Wed Jan 23, 2008 1:24 pm Post subject: |
|
|
| rEakW0n wrote: | I'm not sure, but try this:
| Code: | function PostMessage1337(
hWnd:HWND;
MSG:UINT;
WPARAM:wParam;
LPARAM:lParam):BOOL;
var
reentry_address: pointer;
nub: Integer;
begin
reentry_address:=GetProcAddress( LoadLibrary('user32.dll'), 'PostMessageA');
asm
mov edi,edi
push ebp
mov ebp,esp
jmp reentry_address
end;
Nub := integer(reentry_address)+5;
Result := LongBool(Nub);
end; |
or this:
| Code: | function PostMessage1337(
hWnd:HWND;
MSG:UINT;
WPARAM:wParam;
LPARAM:lParam):BOOL;
var
reentry_address: pointer;
nub: Integer;
begin
reentry_address:=GetProcAddress( LoadLibrary('user32.dll'), 'PostMessageA');
Nub := integer(reentry_address)+5;
reentry_address := pointer(nub);
asm
mov edi,edi
push ebp
mov ebp,esp
jmp reentry_address
end;
Result := LongBool(Nub);
end; |
|
Thanks for your help, im actually trying to get SetCursorPos working,
i have changed the constants in the function thingy to X:integer; Y:integer.
Wont work, gives me access violation.
| Code: | function SCP(
X:integer;
Y:integer):BOOL;
var
reentry_address: pointer;
nub: Integer;
begin
reentry_address:=GetProcAddress( LoadLibrary('user32.dll'), 'SetCursorPos');
Nub := integer(reentry_address)+5;
reentry_address := pointer(nub);
asm
mov edi,edi
push ebp
mov ebp,esp
jmp [reentry_address]
end;
Result := LongBool(Nub);
end; |
Any clues?
(EAcessViolation FTL)
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Thu Jan 24, 2008 6:48 pm Post subject: |
|
|
Check out CE's source. The CEHook does a few hooks for the speed hack which should help you out. Heres a snippet of the code:
| Code: | kernel32lib:=LoadLibrary('kernel32.dll');
if kernel32lib<>0 then
begin
//gettickcount
GetTickCountInfo.location:=GetProcAddress(kernel32lib,'GetTickCount');
if VirtualProtect(GetTickCountInfo.location,5,PAGE_EXECUTE_READWRITE,op) then
begin
GetTickCountInfo.jump[0]:=$e9;
pdword(@GetTickCountInfo.jump[1])^:=dword(@GetTime)-dword(GetTickCountInfo.location)-5;
try
asm
//store original
push edi
push esi
lea edi,GetTickCountInfo.original[0]
mov esi,GetTickCountInfo.location
movsd
movsb
//replace with jump
lea esi,GetTickCountInfo.jump[0]
mov edi,GetTickCountInfo.location
movsd
movsb
pop esi
pop edi
end;
except
end;
end; |
_________________
- Retired. |
|
| Back to top |
|
|
slippppppppp
Grandmaster Cheater
 Reputation: 0
Joined: 08 Aug 2006
Posts: 929
|
| Posted: Sat Jan 26, 2008 10:33 am Post subject: |
|
|
Wow..
| Quote: | function PostMessage1337(
hWnd:HWND;
MSG:UINT;
WPARAM:wParam;
LPARAM:lParam):BOOL;
var
reentry_address: pointer;
nub: Integer;
begin
reentry_address:=GetProcAddress( LoadLibrary('user32.dll'), 'PostMessageA');
asm
mov edi,edi
push ebp
mov ebp,esp
jmp reentry_address
end;
Nub := integer(reentry_address)+5;
Result := LongBool(Nub);
end; |
This shit is messy, here is a smaller and cleaner script, simpilized..
Function Pmessage(WND : HWND; MSG : UINT; WP : WPARAM; LP : LPARAM):bool;
var
Address : ULONG;
begin
Address := DWORD(GetProcAddress(LoadLibrary('user32.dll'), 'PostMessageA')) + 5;
asm
mov edi, edi
push ebp
mov ebp, esp
jmp [Address]
end;
end;
|
|
| Back to top |
|
|
Eyalos
Master Cheater
![]() Reputation: 0
Joined: 03 Oct 2006
Posts: 343
|
| Posted: Tue Jan 29, 2008 6:03 am Post subject: |
|
|
| slippppppppp wrote: | Wow..
| Quote: | function PostMessage1337(
hWnd:HWND;
MSG:UINT;
WPARAM:wParam;
LPARAM:lParam):BOOL;
var
reentry_address: pointer;
nub: Integer;
begin
reentry_address:=GetProcAddress( LoadLibrary('user32.dll'), 'PostMessageA');
asm
mov edi,edi
push ebp
mov ebp,esp
jmp reentry_address
end;
Nub := integer(reentry_address)+5;
Result := LongBool(Nub);
end; |
This shit is messy, here is a smaller and cleaner script, simpilized..
Function Pmessage(WND : HWND; MSG : UINT; WP : WPARAM; LP : LPARAM):bool;
var
Address : ULONG;
begin
Address := DWORD(GetProcAddress(LoadLibrary('user32.dll'), 'PostMessageA')) + 5;
asm
mov edi, edi
push ebp
mov ebp, esp
jmp [Address]
end;
end; |
Why do u really think that if it was so simple i wasnt thinking about that?
He wont accept Address as ULONG - Pointer, thats first of all, than he wont let you add those 5 bytes just like that.
DUH~
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
