 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
GRPsuper9
Newbie cheater
![]() Reputation: 0
Joined: 04 Feb 2007
Posts: 16
|
 Posted: Thu Jan 01, 2009 4:43 pm Post subject: Changing ASM Code with a DLL Injection |
 |
|
Hey guys, im fairly new to Visual C++ so dont flame please  .
Ive been looking at this code recently:
| Code: | #include <windows.h>
bool bWantsExit;
int *iTime = (int*)0x0100579C;
DWORD WINAPI MyThread()
{
while( !bWantsExit )
{
*iTime = 0;
Sleep( 10 );
}
return 0;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwMsg, LPVOID lpReserved)
{
switch( dwMsg )
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls( hModule );
bWantsExit = false;
CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)MyThread, NULL, 0, 0 );
return TRUE;
case DLL_PROCESS_DETACH:
bWantsExit = true;
return TRUE;
}
return TRUE;
} |
Which is meant for Minesweeper. I made a simple little program with Visual Basic 6, that whenever you click a command button, the number in the label goes down by 1. I know the basics of setting a variable right when the DLL is injected (through the code listed above), but how would I make it so my DLL would change the ASM code of the process, lets say from to (which is located in address 00401c24)
Im just thinking out loud here, but would this be a codecave? Have it jump from its original code to the modified code then back to the step after 00401c24?
I will upload my "InjectMe.exe" on here, please feel free to scan it with your personal antivirus/antispyware along with this online scanner:
virusscan.jotti.org.
Here are the results from the exe scan I performed:
MD5: 17635dda99f862aa3bd9e7858a083bdf
A-Squared
Found nothing
AntiVir
Found nothing
ArcaVir
Found nothing
Avast
Found nothing
AVG Antivirus
Found nothing
BitDefender
Found nothing
ClamAV
Found nothing
CPsecure
Found nothing
Dr.Web
Found nothing
F-Prot Antivirus
Found nothing
F-Secure Anti-Virus
Found nothing
G DATA
Found nothing
Ikarus
Found nothing
Kaspersky Anti-Virus
Found nothing
NOD32
Found nothing
Norman Virus Control
Found nothing
Panda Antivirus
Found nothing
Sophos Antivirus
Found nothing
VirusBuster
Found nothing
VBA32
Found nothing
Last edited by GRPsuper9 on Thu Jan 01, 2009 4:59 pm; edited 1 time in total |
|
| Back to top |
|
 |
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Thu Jan 01, 2009 4:58 pm Post subject: |
|
|
just write it as expected, it's just bytes that makes up the opcodes.
sub dx, 1 = 66 83 EA 01
add dx, 2 = 66 83 C2 02
use pointers, like you're already doing, or you can try memset.
|
|
| Back to top |
|
|
GRPsuper9
Newbie cheater
![]() Reputation: 0
Joined: 04 Feb 2007
Posts: 16
|
| Posted: Thu Jan 01, 2009 5:04 pm Post subject: |
|
|
| slovach wrote: | just write it as expected, it's just bytes that makes up the opcodes.
sub dx, 1 = 66 83 EA 01
add dx, 2 = 66 83 C2 02
use pointers, like you're already doing, or you can try memset. |
I dont know how to write it as expected though  . And instead of setting a value, like I have in the minesweeper example, how would I set the asm code? And just as an fyi, that code is not mine, I didn't write it, I just took it, and learned what I could from it.
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Thu Jan 01, 2009 5:30 pm Post subject: |
|
|
| Code: |
*(WORD*)0x00401c24 ^= 0x0328;
|
|
|
| Back to top |
|
|
GRPsuper9
Newbie cheater
![]() Reputation: 0
Joined: 04 Feb 2007
Posts: 16
|
| Posted: Thu Jan 01, 2009 5:38 pm Post subject: |
|
|
| _void_ wrote: | | Code: |
*(WORD*)0x00401c24 ^= 0x0328;
|
|
Thanks. Now where exactly would I put this in my code?
| Code: |
#include <windows.h>
BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwMsg, LPVOID lpReserved)
{
switch( dwMsg )
{
case DLL_PROCESS_ATTACH:
*(WORD*)0x00401c24 ^= 0x0328;
return TRUE;
}
return TRUE;
} |
And what does 0328 mean? And instead of typing hex, could I possibly use instead of the 0x0328?
And may I also ask what the "^" means in *(WORD*)0x00401c24 ^= 0x0328;?
Dont flame, im new 
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Thu Jan 01, 2009 6:32 pm Post subject: |
|
|
| ^ = xor
|
|
| Back to top |
|
|
GRPsuper9
Newbie cheater
![]() Reputation: 0
Joined: 04 Feb 2007
Posts: 16
|
| Posted: Thu Jan 01, 2009 6:47 pm Post subject: |
|
|
I dont quite understand how I would change the opcodes of the address with that website. From your own perspective, which method would be easier and better to use? Pointer Method or Memset?
EDIT:
Ive looked at memset also, but I still dont understand it. Could you write an example for me to learn off of? This is the first time I've ever coded with C++.
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Thu Jan 01, 2009 7:15 pm Post subject: |
|
|
i meant memcpy actually, oops.
read the site i linked.
example with pointers.
step through it in the debugger, and check the address that HeapAlloc returns, and it will become clear.
| Code: | #include <Windows.h>
#include <iostream>
int main ()
{
byte numbers[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
byte* p;
p = numbers;
//allocate 8 bytes of memory
void* offset = (void*)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 8);
offset = p;
HeapFree(GetProcessHeap(), 0, offset);
return 0;
} |
|
|
| Back to top |
|
|
GRPsuper9
Newbie cheater
![]() Reputation: 0
Joined: 04 Feb 2007
Posts: 16
|
| Posted: Thu Jan 01, 2009 7:40 pm Post subject: |
|
|
| slovach wrote: | i meant memcpy actually, oops.
read the site i linked.
example with pointers.
step through it in the debugger, and check the address that HeapAlloc returns, and it will become clear.
| Code: | #include <Windows.h>
#include <iostream>
int main ()
{
byte numbers[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
byte* p;
p = numbers;
//allocate 8 bytes of memory
void* offset = (void*)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 8);
offset = p;
HeapFree(GetProcessHeap(), 0, offset);
return 0;
} |
|
Your main function is int main. How would it work through a dll? Im really confused  . When I tried to build it in order to debug it, it gave me an error saying it failed or something.
But im guessing | Code: | | void* offset = (void*)HeapAlloc(GetProcessHeap(), HEAP_ZERO_MEMORY, 8); |
Assigns the current address to GetProcessHeap and then | Code: | | HeapFree(GetProcessHeap(), 0, offset); |
nulls it? Although if im right about it nulling it, I dont understand how I would replace it with something I want.
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Thu Jan 01, 2009 8:09 pm Post subject: |
|
|
it was an example of using pointers, and how you can accomplish what you want with them.
http://msdn.microsoft.com/en-us/library/aa366597(VS.85).aspx
| Quote: | | If the function succeeds, the return value is a pointer to the allocated memory block. |
http://msdn.microsoft.com/en-us/library/aa366701(VS.85).aspx
I'm allocating some memory (8 bytes worth, and setting them all to 0) so I have to place to use in my example... but you already have a place to work with. HINT HINT NUDGE NUDGE
|
|
| Back to top |
|
|
GRPsuper9
Newbie cheater
![]() Reputation: 0
Joined: 04 Feb 2007
Posts: 16
|
| Posted: Thu Jan 01, 2009 9:10 pm Post subject: |
|
|
| Honestly, im still very confused haha. Its kind of complicated to learn it by yourself when you've never really had any experience with the language.
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
|
| Back to top |
|
|
GRPsuper9
Newbie cheater
![]() Reputation: 0
Joined: 04 Feb 2007
Posts: 16
|
| Posted: Thu Jan 01, 2009 10:17 pm Post subject: |
|
|
I dont see anything on those sites that deal with changing the actual asm code, just changing the value of a pointer, which is not what I want at all. If im wrong, let me know and let me know where in those sites to look.
All I read about was about different kinds of pointers and how to assign values onto them and use them in mathematical equations.
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Thu Jan 01, 2009 10:39 pm Post subject: |
|
|
What you need is not how to modify the memory of another process, but HOW TO PROGRAM IN C++. There is no fucking point in learning only a certain aspect of programming, especially a more difficult aspect, if you're to stubborn to learn the basics.
So go read what slovach posted, take some time to get used to the language, learn.
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
