| View previous topic :: View next topic |
| Author |
Message |
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
 Posted: Sat Apr 12, 2008 12:58 pm Post subject: Writing memory only to the main module? >_> |
 |
|
Why can't I write memory to other modules, like user32? I can only write memory to the main module (process.exe) but I wanna hook an API... I tried calling VirtualProtect, doesn't help... =|
How come I can write memory to user32 (PostMessageA =\) using CE or OllyDBG? 
|
|
| Back to top |
|
 |
Robotex
Master Cheater
 Reputation: 0
Joined: 05 Sep 2006
Posts: 378
Location: The pizza country!
|
| Posted: Sat Apr 12, 2008 1:54 pm Post subject: |
|
|
within your injected dll
HMODULE hModule = GetModuleHandle("user32.dll");
FARPROC dwAddress = GetProcAddress(hModule, "PostMessageA");
<do your hooks/detours>
_________________
ASM/C++ Coder
Project Speranza lead developer |
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Sat Apr 12, 2008 1:55 pm Post subject: |
|
|
I know that.. .. read what I said, I said "I can't write memory", not "I can't find addresses of other modules"... 
|
|
| Back to top |
|
|
Robotex
Master Cheater
Reputation: 0
Joined: 05 Sep 2006
Posts: 378
Location: The pizza country!
|
| Posted: Sat Apr 12, 2008 2:12 pm Post subject: |
|
|
hmm dunno 
I use this function for detouring and it works here
| Code: |
void* CDetour::Detour(LPCTSTR Module, LPCTSTR Function, LPVOID NewFunction, size_t len)
{
if(!Module || !Function || m_Detoured)
return NULL;
m_FuncAddress = reinterpret_cast<BYTE*>(GetProcAddress(GetModuleHandle(Module), Function));
BYTE* oFunc = reinterpret_cast<BYTE*>(malloc(len+5));
DWORD dwOldProt;
if(!VirtualProtect(m_FuncAddress, len, PAGE_READWRITE, &dwOldProt))
return NULL;
memcpy(m_OriginalBytes, m_FuncAddress, len);
memcpy(oFunc, m_FuncAddress, len);
oFunc += len;
oFunc[0] = 0xE9; // JMP
*(DWORD*)(oFunc+1) = (DWORD)(m_FuncAddress + len - oFunc) - 5;
m_FuncAddress[0] = 0xE9;
*(DWORD*)(m_FuncAddress + 1) = (DWORD)((BYTE*)NewFunction - m_FuncAddress) - 5;
if(!VirtualProtect(m_FuncAddress, len, dwOldProt, &dwOldProt))
return NULL;
m_NewAddress = (oFunc - len);
m_len = len;
return m_NewAddress;
}
|
_________________
ASM/C++ Coder
Project Speranza lead developer |
|
| Back to top |
|
|
HalfPrime
Grandmaster Cheater
![]() Reputation: 0
Joined: 12 Mar 2008
Posts: 532
Location: Right there...On your monitor
|
| Posted: Sat Apr 12, 2008 2:25 pm Post subject: |
|
|
| MAybe gg's doing something, try it on just a regular program.
|
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Sat Apr 12, 2008 4:13 pm Post subject: |
|
|
No gameguard on notepad...
But I found 2 other ways to do it, first one is to scan the main module for calls to the API and the second won't work for everything, just for MapleStory, I found 3 addresses that I'll need to hook, the rest can call the API normally.  (just need to do something on a specific call, not every call  )
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
