 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Smanettone83
Expert Cheater
 Reputation: 3
Joined: 21 Feb 2011
Posts: 146
Location: Italia
|
 Posted: Sun Feb 26, 2012 9:45 am Post subject: Problem with array of byte |
 |
|
hi guys and sorry for my bad english. i've a problem. i've this array of byte for infinite ammo in Doom3
| Code: |
Original: Array [1..9] Of Byte = ($89,$44,$B1,$14,$A1,$14,$EE,$F5,$0E);
InfiniteAmmo: Array [1..9] Of Byte ($E9,$49,$52,$D6,$FF,$90,$90,$90,$90);
|
and
Now i've this code in delphi:
| Code: |
procedure ChangePrivilege(szPrivilege: PChar; fEnable: Boolean);
var
NewState: TTokenPrivileges;
luid: TLargeInteger;
hToken: THandle;
ReturnLength: DWord;
begin
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, hToken);
LookupPrivilegeValue(nil, szPrivilege, luid);
NewState.PrivilegeCount := 1;
NewState.Privileges[0].Luid := luid;
if (fEnable) then
NewState.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else
NewState.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, NewState, SizeOf(NewState), nil, ReturnLength);
CloseHandle(hToken);
end;
Function GetProcessID(Const ExeFileName: string; var ProcessId: integer;Const ProcessNo :Integer = 1): boolean;
begin
result := false;
temp:=1;
FSnapshotHandle := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0);
FProcessEntry32.dwSize := Sizeof(FProcessEntry32);
ContinueLoop := Process32First(FSnapshotHandle, FProcessEntry32);
while integer(ContinueLoop) <> 0 do
begin
if (StrIComp(PChar(ExtractFileName(FProcessEntry32.szExeFile)), PChar(ExeFileName)) = 0)
or (StrIComp(FProcessEntry32.szExeFile, PChar(ExeFileName)) = 0) then
begin
If Temp = ProcessNo then
begin
ProcessId:= FProcessEntry32.th32ProcessID;
result := true;
break;
end else inc(Temp);
end;
ContinueLoop := Process32Next(FSnapshotHandle, FProcessEntry32);
end;
CloseHandle(FSnapshotHandle);
end;
procedure WriteArray(Address: Cardinal; ChangeValues: array of byte);
Begin
if GetProcessID('Doom3.exe', PidID, 1) then
Begin
PidHandle:= OpenProcess(PROCESS_ALL_ACCESS,False,PidId);
ChangePrivilege('SeDebugPrivilege', True);
WriteProcessMemory(PidHandle, Pointer(Address), @ChangeValues, SizeOf(ChangeValues), Written);
Closehandle(PidHandle);
End;
End;
procedure TForm1.Button1Click(Sender: TObject);//restore code
begin
if GetProcessID('Doom3.exe', PidID, 1) then Begin
WriteArray($0EB8ADB2,ORIGINAL);
end;
end;
procedure TForm1.Button2Click(Sender: TObject); //apply patch
begin
if GetProcessID('Doom3.exe', PidID, 1) then Begin
WriteArray($0EB8ADB2,INFINITEAMMO);
end;
end;
|
my problem is: when i apply restore code it's ok... but when i try to apply array for infinite ammo games crash. Why?
_________________
|
|
| Back to top |
|
 |
Smanettone83
Expert Cheater
Reputation: 3
Joined: 21 Feb 2011
Posts: 146
Location: Italia
|
| Posted: Mon Feb 27, 2012 6:05 pm Post subject: |
|
|
I've tried to use virtualProtectEx in my code but not work....
| Code: |
function WriteArray(Address: Cardinal; ChangeValues: array of byte):boolean;
var old: DWord;
Begin
if GetProcessID('Doom3.exe', PidID, 1) then
Begin
PidHandle:= OpenProcess(PROCESS_ALL_ACCESS,False,PidId);
ChangePrivilege('SeDebugPrivilege', True);
VirtualProtectEx(PidHandle, pointer(address), 4, PAGE_EXECUTE_READWRITE, @old);
WriteProcessMemory(PidHandle, Pointer(Address), @ChangeValues, SizeOf(ChangeValues), Written);
VirtualProtectEx(PidHandle, pointer(address), 4, old, @old);
Closehandle(PidHandle);
End;
End;
|
when i apply new array of byte the game crash... anybody can help me? please... 
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Mon Feb 27, 2012 6:45 pm Post subject: |
|
|
Changevalues is a pointer to a dynamic array of byte object
Use @changevalues[0] to specify the first byte of that array
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Smanettone83
Expert Cheater
Reputation: 3
Joined: 21 Feb 2011
Posts: 146
Location: Italia
|
| Posted: Tue Feb 28, 2012 10:49 am Post subject: |
|
|
| Dark Byte wrote: | Changevalues is a pointer to a dynamic array of byte object
Use @changevalues[0] to specify the first byte of that array |
thanks for your reply Dark Byte,
i've replaced old code with this:
| Code: |
function WriteArray(Address: Cardinal; ChangeValues: array of byte):boolean;
var
old: DWord;
Begin
if GetProcessID('Doom3.exe', PidID, 1) then
Begin
PidHandle:= OpenProcess(PROCESS_ALL_ACCESS,False,PidId);
ChangePrivilege('SeDebugPrivilege', True);
VirtualProtectEx(PidHandle, pointer(address), 4, PAGE_EXECUTE_READWRITE, @old);
WriteProcessMemory(PidHandle, Pointer(Address), @ChangeValues[0], SizeOf(ChangeValues), Written);
VirtualProtectEx(PidHandle, pointer(address), 4, old, @old);
Closehandle(PidHandle);
End;
End;
|
... but won't work... where i'm wrong?
thanks...
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Tue Feb 28, 2012 11:21 am Post subject: |
|
|
instead of SizeOf(ChangeValues) use Length(ChangeValues) else it only writes 4 bytes
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Smanettone83
Expert Cheater
Reputation: 3
Joined: 21 Feb 2011
Posts: 146
Location: Italia
|
| Posted: Tue Feb 28, 2012 12:10 pm Post subject: |
|
|
| Dark Byte wrote: | | instead of SizeOf(ChangeValues) use Length(ChangeValues) else it only writes 4 bytes |
i'm sorry Dark Byte... but also with length(ChangeValues) it won't work.... i've tried to apply the code for test it with simple game of windows (Solitary) for decrease the time but nothing... not work. Where is the problem? this is actual code:
| Code: |
function WriteArray(Address: Cardinal; ChangeValues: array of byte):boolean;
var
old: DWord;
Begin
if GetProcessID('Doom3.exe', PidID, 1) then
Begin
PidHandle:= OpenProcess(PROCESS_ALL_ACCESS,False,PidId);
ChangePrivilege('SeDebugPrivilege', True);
VirtualProtectEx(PidHandle, pointer(address), 4, PAGE_EXECUTE_READWRITE, @old);
WriteProcessMemory(PidHandle, Pointer(Address), @ChangeValues[0], Length(ChangeValues), Written);
VirtualProtectEx(PidHandle, pointer(address), 4, old, @old);
Closehandle(PidHandle);
End;
End;
|
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 471
Joined: 09 May 2003
Posts: 25830
Location: The netherlands
|
| Posted: Tue Feb 28, 2012 1:02 pm Post subject: |
|
|
I just rechecked your whole post.
I think you just blindly copied the changed bytes of an aa script without understanding what it does
My guess there is an alloc part in the script and the script replaces the original bytes with a call (e8 xx xx xx) to the new script
this isn't going to be easy. You'll have to do the allocation yourself and write the code that the script wrote in it's allocated region as well
And you must keep in mind the relative distances of calls and jumps (target-origin-5)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Smanettone83
Expert Cheater
Reputation: 3
Joined: 21 Feb 2011
Posts: 146
Location: Italia
|
| Posted: Tue Feb 28, 2012 1:33 pm Post subject: |
|
|
| Dark Byte wrote: | I just rechecked your whole post.
I think you just blindly copied the changed bytes of an aa script without understanding what it does
My guess there is an alloc part in the script and the script replaces the original bytes with a call (e8 xx xx xx) to the new script
this isn't going to be easy. You'll have to do the allocation yourself and write the code that the script wrote in it's allocated region as well
And you must keep in mind the relative distances of calls and jumps (target-origin-5) |
thanks... it will be hard for me... i know well Delphi but i'm a noob with assembly...is there a post where i can find an explanation about your theory? Thanks alot...
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
