Cheat Engine

kittonkicker · Last edited by kittonkicker on Sat Aug 18, 2007 1:34 pm; edited 1 time in total

I recently made a PE for FlyFF.

Since GalaNet decided to buy into iNCA's Packet Editting protection a LONG time ago, I knew I couldn't modify any packets from outside the game...(so an mIRC scripted proxy is out of the question these days!)

Before I coded it, I decided it would be best to hook into the API's it uses to communicate with the server (in this case WSASend/Recv/Socket).

After a failed attempt at modding the actual API (pwned by GameGuard), I decided to localize my efforts and make the game do it for me ^_^.

If anyone else wants to attempt this, here's a few guidelines for doing what I did.

I dunno if you've noticed in OllyDBG, that when there's a call to an API, for example ReadProcessMemory it'll say something like CALL [&kernel32.ReadProcessMemory]. Well, if you look at the ASM, you can see it's really "call dword ptr [someaddress]". If you go to the "someaddress", you'll either see "DD someapi" OR "jmp dword ptr [someaddress]". If you see "DD someapi", then you can just install your hook there, by changing the "someapi" to "newapi". If you see "jmp dword ptr [someaddress]", then "someaddress" is the address which holds the address of the API you're hooking.

So...you'd change the value of "someaddress" to the address of your "newapi".

You would of course, have to define your own API, which does something, and then returns the value you want it to.

This hooking IS done in the program, not in the imported dll.

A redefined API example:

UnLmtD · Posted: Sat Aug 18, 2007 7:16 am Post subject:

Looks like IAT hooking.

kittonkicker · Posted: Sat Aug 18, 2007 7:56 am Post subject:

'Tis!

Noz3001 · Posted: Sat Aug 18, 2007 7:58 am Post subject:

appalsap · Posted: Sat Aug 18, 2007 9:54 am Post subject:

I know this may be shocking to you, but you're not the first person in the world to discover this. Microsoft has provided a library for easily doing this for quite some time now.

http://research.microsoft.com/sn/detours/

kittonkicker · Posted: Sat Aug 18, 2007 10:30 am Post subject:

Lol appal, I knew that others had done this before.

I didn't know microsoft had an APi that could do it for you though!!

nog_lorp · Posted: Sat Aug 18, 2007 1:29 pm Post subject:

You cannot dereference a void pointer, since a void holds no data it would be meaningless (null). (also, compiler wouldn't know data size)

DeltaFlyer · Posted: Sat Aug 18, 2007 3:10 pm Post subject:

appalsap · Posted: Sat Aug 18, 2007 3:16 pm Post subject:

kittonkicker · Posted: Sat Aug 18, 2007 3:22 pm Post subject:

I didn't know you couldn't, I know now though!!