 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
doggyx
How do I cheat?
![]() Reputation: 0
Joined: 08 Jul 2013
Posts: 8
|
 Posted: Tue Jul 09, 2013 8:50 am Post subject: [C++] Injecting DLL to memory hack |
 |
|
Hi all,
I'm trying to make a DLL hack for Cube World. Currently I have one in C#, but I need to write all the opcode bytes to the memory and it's really tiresome. That's why I want to give C++ a try, since inline ASM is awesome!
I'm a real rookie, so please don't be too harsh  .
So in this Cube World game, the player base can be found like this:
- ("Cube.exe"+0x3691C8) + 0x394
Then for example the health, which is a float, is at player base + 0x16C:
- dwPlayerBase + 0x16C
So what I tried in C++ already, is to try to get the player base and check the health. If it's not zero, stop the loop. Then we know we're ingame.
| Code: |
#include <Windows.h>
#define CUBEBASE 0x905A4D
BOOL ingame = false;
void detectIngame()
{
BOOL loop = true;
while(loop)
{
DWORD dwPlayerBase = *(DWORD*)(*(DWORD*)(CUBEBASE+0x3691C8) + 0x394);
DWORD dwHPAddress = *(DWORD*)(dwPlayerBase + 0x16C);
if(*(float*)dwHPAddress != 0)
loop = false;
}
}
int __stdcall DllMain( HINSTANCE instance, DWORD reason, LPVOID reserved ) {
if ( reason == DLL_PROCESS_ATTACH )
{
DisableThreadLibraryCalls( reinterpret_cast< HMODULE >( instance ) );
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)detectIngame, NULL, NULL, NULL);
}
return 1;
}
|
But it just crashes when I inject it. It runs the thread just fine (I checked and it got executed), but it crashes when I try to read the health. I have no clue what I'm doing wrong. I'm not even writing to the memory, so VirtualProtect wouldn't be needed, would it?
As I said, I'm really new with this, so any help is appreciated!
Thanks
Edit:
I read a bit more on this topic and found out that I was doing it completely wrong. I updated the memory reading as I now think is correct, but it's still crashing. Any clues?
I also thought maybe I have to include the base of the process? But still crashes
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Tue Jul 09, 2013 2:02 pm Post subject: |
|
|
It sounds like your offsets are wrong or being read incorrectly.
You can attach Visual Studio to the process and debug your DLL as well. (Debug -> Attach To Process) which will let you set breakpoints and step through your code to find where the crash is at.
_________________
- Retired. |
|
| Back to top |
|
|
doggyx
How do I cheat?
![]() Reputation: 0
Joined: 08 Jul 2013
Posts: 8
|
| Posted: Tue Jul 09, 2013 3:32 pm Post subject: |
|
|
I was using the Express edition so couldn't attach it. Downloaded Ultimate edition (Dreamspark ftw) and found out the memory was read protected.
| Code: |
DWORD oldProtect;
VirtualProtect((LPVOID)0xBD91C8, sizeof(DWORD), PAGE_EXECUTE_READWRITE, &oldProtect);
DWORD* tmp1 = (DWORD*)0xBD91C8;
VirtualProtect((LPVOID)0xBD91C8, sizeof(DWORD), oldProtect, &oldProtect);
VirtualProtect((LPVOID)(*tmp1+0x394), sizeof(DWORD), PAGE_EXECUTE_READWRITE, &oldProtect);
DWORD* dwPlayerBase = (DWORD*)(*tmp1+0x394);
VirtualProtect((LPVOID)(*tmp1+0x394), sizeof(DWORD), oldProtect, &oldProtect);
VirtualProtect((LPVOID)(*dwPlayerBase+0x16C), sizeof(DWORD), PAGE_EXECUTE_READWRITE, &oldProtect);
float* dwHPAdd = (float*)(*dwPlayerBase+0x16C);
VirtualProtect((LPVOID)(*dwPlayerBase+0x16C), sizeof(DWORD), oldProtect, &oldProtect);
float hp = *dwHPAdd;
*dwHPAdd = 2000;
|
This works just fine  . And indeed, the base was wrong.
This is solved. Thanks
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
