| View previous topic :: View next topic |
| Author |
Message |
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
 Posted: Tue Jun 23, 2009 6:48 am Post subject: Problems transposing Assembly to C++ dll Trainer... |
 |
|
Hey, i'm trying to make my own Dll trainer out of a .CT but im not that good at understanding assembly and i think i did something wrong, cause a few seconds after i activate the hack, my game crashes. And the hack worked when i used it on cheat engine.
EDIT: I used __asm__ and it works now, but the game still crashes after a few secs... help please?
Original Assembly code:
| Code: | [ENABLE]
//Updated by RolfAdolf
//0.53 EMS
0049AFAD:
db 90 90
[DISABLE]
0049AFAD: //75 36 83 7C 24 0C 00 75 19 8B 86 84 20 00 00 FF
db 75 36 |
My Dll Trainer:
| Code: | #include "stdafx.h"
#include <windows.h>
DWORD ThreadID;
// Addresses
//#define aSuperTubi 0x0049AFAD
// Bools
bool bSuperTubi = false;
void Hotkeys()
{
while(1)
{
if(GetAsyncKeyState(VK_NUMPAD1) == -32767)
{
if(bSuperTubi == false){
MessageBox( 0, "Super Tubi active. :3 ", "Franc[e]sco's trainer", MB_ICONEXCLAMATION | MB_OK );
//*(WORD*)aSuperTubi = 0x9090;
_asm
{
mov eax, 0x0049AFAD
mov word ptr [eax], 0x9090
}
bSuperTubi = true;
}
else
{
bSuperTubi = false;
MessageBox( 0, "Super Tubi inactive. :3 ", "Franc[e]sco's trainer", MB_ICONEXCLAMATION | MB_OK );
//*(WORD*)aSuperTubi = 0x7536;
_asm
{
mov eax, 0x0049AFAD
mov word ptr [eax], 0x7536
}
}
}
Sleep(100);
}
}
BOOL APIENTRY DllMain(HINSTANCE hDll, DWORD callReason, LPVOID lpReserved) {
if( callReason == DLL_PROCESS_ATTACH ) {
MessageBox( 0, "I'm inside. :3 ", "Franc[e]sco's trainer", MB_ICONEXCLAMATION | MB_OK );
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&Hotkeys, 0, 0, &ThreadID);
}
else if( callReason == DLL_PROCESS_DETACH ) {
ExitThread(ThreadID);
}
return 1;
} |
|
|
| Back to top |
|
 |
Anden100
Grandmaster Cheater
![]() Reputation: 0
Joined: 20 Apr 2007
Posts: 668
|
| Posted: Tue Jun 23, 2009 7:48 am Post subject: |
|
|
Enabling:
| Code: | | *(WORD*)0x0049AFAD = 0x9090; |
Disabling:
| Code: | | *(WORD*)0x0049AFAD = 0x3675; |
(note that the values are backwards, db 75 36 == 0x3675) |
|
| Back to top |
|
|
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
| Posted: Tue Jun 23, 2009 7:58 am Post subject: |
|
|
| Anden100 wrote: | Enabling:
| Code: | | *(WORD*)0x0049AFAD = 0x9090; |
Disabling:
| Code: | | *(WORD*)0x0049AFAD = 0x3675; |
(note that the values are backwards, db 75 36 == 0x3675) |
It works but it still crashes after a few seconds... the game window disappears but the process remains and i have to close it manually |
|
| Back to top |
|
|
manc
Grandmaster Cheater
 Reputation: 1
Joined: 16 Jun 2006
Posts: 551
|
| Posted: Tue Jun 23, 2009 8:50 am Post subject: |
|
|
Let's use this script to set an example:
| Code: |
Full Godmode
[ENABLE]
0084FF44:
db 0F 84 04 12 00 00
[DISABLE]
0084FF44:
db 0F 85 04 12 00 00
|
db stands for define byte, and it's basically writing the bytes right after DB to the address 84FF44.
There are 6 bytes altogether, so the easiest way is to first write 4 bytes using the type cast DWORD,
then write the last 2 bytes using WORD as declared in Section 1.
Here is an example;
| Code: |
*(DWORD*)(0x0084FF44) = 0x0F840412;
*(WORD*)(0x0084FF44+4) = 0x0000;
|
You might be confused with the +4 part, basically, if we don't add that, we wuld just be overwriting the
first two bytes with the last two bytes. So then we have to add the bytes onto where we left off.
Anyways...to end a process, open task manager (ctrl+alt+del) and go to processes, highlight it, and press the button to end it
_________________
|
|
| Back to top |
|
|
shhac
Expert Cheater
![]() Reputation: 0
Joined: 30 Oct 2007
Posts: 108
|
| Posted: Tue Jun 23, 2009 8:55 am Post subject: |
|
|
| manc wrote: | | Code: | Full Godmode
[ENABLE]
0084FF44:
db 0F 84 04 12 00 00
[DISABLE]
0084FF44:
db 0F 85 04 12 00 00 |
| Code: | *(DWORD*)(0x0084FF44) = 0x0F840412;
*(WORD*)(0x0084FF44+4) = 0x0000; |
|
Those bytes are the wrong way around, should be | Code: | | *(DWORD*)(0x0084FF44) = 0x1204840F; |
|
|
| Back to top |
|
|
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
| Posted: Tue Jun 23, 2009 9:02 am Post subject: |
|
|
Err but mine is just 2 bytes so just 1 WORD should do the job. And it works but the game crashes after a few seconds...
New source:
| Code: | #include "stdafx.h"
#include <windows.h>
DWORD ThreadID;
// Bools
bool bSuperTubi = false;
void Hotkeys()
{
while(1)
{
if(GetAsyncKeyState(VK_NUMPAD1) == -32767)
{
if(bSuperTubi == false){
MessageBox( 0, "Super Tubi active. :3 ", "Franc[e]sco's trainer", MB_ICONEXCLAMATION | MB_OK );
*(WORD*)0x0049AFAD = 0x9090;
bSuperTubi = true;
}
else
{
bSuperTubi = false;
MessageBox( 0, "Super Tubi inactive. :3 ", "Franc[e]sco's trainer", MB_ICONEXCLAMATION | MB_OK );
*(WORD*)0x0049AFAD = 0x3675;
}
}
Sleep(100);
}
}
BOOL APIENTRY DllMain(HINSTANCE hDll, DWORD callReason, LPVOID lpReserved) {
if( callReason == DLL_PROCESS_ATTACH ) {
MessageBox( 0, "I'm inside. :3 ", "Franc[e]sco's trainer", MB_ICONEXCLAMATION | MB_OK );
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&Hotkeys, 0, 0, &ThreadID);
}
else if( callReason == DLL_PROCESS_DETACH ) {
ExitThread(ThreadID);
}
return 1;
} |
|
|
| Back to top |
|
|
shhac
Expert Cheater
![]() Reputation: 0
Joined: 30 Oct 2007
Posts: 108
|
| Posted: Tue Jun 23, 2009 9:53 am Post subject: |
|
|
does it still crash if you inject but don't activate?
After activating it, look to see how the opcode and the opcodes immediatly preceeding/following it are, too. |
|
| Back to top |
|
|
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
| Posted: Tue Jun 23, 2009 10:04 am Post subject: |
|
|
| shhac wrote: | does it still crash if you inject but don't activate?
After activating it, look to see how the opcode and the opcodes immediatly preceeding/following it are, too. |
You mean that i should debug it with like OllyDBG?
EDIT: By the way it doesnt crash if i don't activate the hack |
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Tue Jun 23, 2009 11:14 am Post subject: |
|
|
shouldn't you use VirtualProtect to change the memory's protection or something?
maybe that's why it's crashing?! |
|
| Back to top |
|
|
Franc[e]sco
Expert Cheater
![]() Reputation: 0
Joined: 22 Mar 2008
Posts: 190
|
| Posted: Tue Jun 23, 2009 11:31 am Post subject: |
|
|
| 1qaz wrote: | shouldn't you use VirtualProtect to change the memory's protection or something?
maybe that's why it's crashing?! |
Hmm i dont think so... cause when i activate the hack it actually works, meaning that it edited the memory succesfully and correctly, but then it crashes after a few secs
EDIT: It actually was VirtualProtect... i only need a bypass now cause it gives Hacking Threat detected...  thanks everyone for the help |
|
| Back to top |
|
|
Pro-surf
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 02 Dec 2007
Posts: 1415
Location: Under Ur Bed , Moauahauha
|
| Posted: Wed Jun 24, 2009 9:27 am Post subject: |
|
|
DWORD Hack = 0x0049AFAD;
*(WORD*)Hack = 0x9090 // Nop
and for the disable part
I suggest you to use memory copy function but you can do it like this i guess
*(WORD*)Hack = 0x3675 // Original bytes
Btw you should find the tubi pointer you know ..
does not require any bypass
_________________
ProsTrain VIP |..........| - 80% Done  im close to the finish line
 |
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Wed Jun 24, 2009 10:15 am Post subject: |
|
|
Pro-Surf: That's 2 nops.
Save yourself a boolean and just do..
*(WORD*)0x0049AFAD ^= 0xA6E5; |
|
| Back to top |
|
|
Pro-surf
Grandmaster Cheater Supreme
Reputation: 0
Joined: 02 Dec 2007
Posts: 1415
Location: Under Ur Bed , Moauahauha
|
| Posted: Wed Jun 24, 2009 10:40 am Post subject: |
|
|
btw what is that stuff about VirtualProtect ?
_________________
ProsTrain VIP |..........| - 80% Done im close to the finish line
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Wed Jun 24, 2009 10:42 am Post subject: |
|
|
| Pro-surf wrote: | | btw what is that stuff about VirtualProtect ? |
To change the memory address's page protection ;3 |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
