 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
 Posted: Sun Jul 20, 2008 12:48 pm Post subject: Use .exe instead of .dll |
 |
|
Testing .dlls kills ne, so im making my trainer into an .exe
Im currently working on making the hack pintype into C++ so... this is what I got so far.
| Code: | DWORD PinType = 0x49DDE7;
*(DWORD*)PinType = 0x0F836F24FEFF; |
However, it gives an error. I know that this error is sue to the fact that it is not modifying maple story's memory.
I am wondering how to attach an .exe to a game. Or do I need to make it into a .dll to give it direct access?
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8589
Location: 127.0.0.1
|
| Posted: Sun Jul 20, 2008 1:16 pm Post subject: |
|
|
You can't use direct pointers like that to write to another processes memory. Pointers like that are for the current process only, which means when you attempt to do that in your .exe, you are attempting to write to the memory inside your trainer, not the game.
You will need to use WriteProcessMemory instead.
_________________
- Retired. |
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sun Jul 20, 2008 1:19 pm Post subject: |
|
|
| I see. Do I need to bypass WriteProcessMemory as well?
|
|
| Back to top |
|
|
oib111
I post too much
 Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Sun Jul 20, 2008 1:19 pm Post subject: |
|
|
You can't do that unless you're injecting a DLL, because (you pointed this out) you don't have direct access. You can though use WPM (oops Wiccaan beat me to it).
| Code: |
BOOL WPM(char *ProcessName, BYTE *writemem, int numbytes, LPVOID Address) {
HANDLE hProcess;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
Process32First(hSnapshot, &pe32);
do {
if(strcmp(ProcessName, pe32.szExeFile) == 0) {
hProcess = OpenProcess(PROCESS_VM_WRITE, NULL, pe32.th32ProcessID);
WriteProcessMemory(hProcess, Address, writemem, numbytes, NULL);
CloseHandle(hSnapshot);
return TRUE;
}
} while(Process32Next(hSnapshot, &pe32));
CloseHandle(hSnapshot);
return FALSE;
}
BYTE writemem[] = {0x0F, 0x08, 0x36, 0xF2, 0x4F, 0xEF, 0x0F};
WPM("MapleStory.exe", 0x49DDE7, writemem, 7);
|
And yes, you have to bypass WPM. Although, I'm not aware of any bypasses at the moment. You could always make a GUI and then your .exe file injects the dll and you use piping to communicate.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
Last edited by oib111 on Sun Jul 20, 2008 1:24 pm; edited 1 time in total |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8589
Location: 127.0.0.1
|
| Posted: Sun Jul 20, 2008 1:22 pm Post subject: |
|
|
| kitterz wrote: | | I see. Do I need to bypass WriteProcessMemory as well? |
Depends on the process.
_________________
- Retired. |
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Sun Jul 20, 2008 1:25 pm Post subject: |
|
|
| Wiccaan wrote: | | kitterz wrote: | | I see. Do I need to bypass WriteProcessMemory as well? |
Depends on the process. |
It's MapleStory, so its hooked. WPM is hooked in kernelmode right?
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sun Jul 20, 2008 1:25 pm Post subject: |
|
|
| oib111 wrote: | You can't do that unless you're injecting a DLL, because (you pointed this out) you don't have direct access. You can though use WPM (oops Wiccaan beat me to it).
| Code: |
BOOL WPM(char *ProcessName, BYTE *writemem, int numbytes, LPVOID Address) {
HANDLE hProcess;
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL);
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
Process32First(hSnapshot, &pe32);
do {
if(strcmp(ProcessName, pe32.szExeFile) == 0) {
hProcess = OpenProcess(PROCESS_VM_WRITE, NULL, pe32.th32ProcessID);
WriteProcessMemory(hProcess, Address, writemem, numbytes, NULL);
CloseHandle(hSnapshot);
return TRUE;
}
} while(Process32Next(hSnapshot, &pe32));
CloseHandle(hSnapshot);
return FALSE;
}
BYTE writemem[] = {0x0F, 0x08, 0x36, 0xF2, 0x4F, 0xEF, 0x0F};
WPM("MapleStory.exe", 0x49DDE7, writemem, 7);
|
And yes, you have to bypass WPM. Although, I'm not aware of any bypasses at the moment. You could always make a GUI and then your .exe file injects the dll and you use piping to communicate. |
Ok. Thank you for your imput. I thought about the .exe injecting the .dll. I think I will do that, then.
@Wiccaan, The process is MapleStory, so I think I would need to bypass it.
Thank you both of you for your help.
|
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Sun Jul 20, 2008 1:57 pm Post subject: |
|
|
ummm... if the exe is injecting the dll, then nothing really changed did it?
_________________
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Sun Jul 20, 2008 2:09 pm Post subject: |
|
|
| sponge wrote: | | ummm... if the exe is injecting the dll, then nothing really changed did it? |
I think before they just injected the dll themselves, and there was no GUI. This time the exe injects it, and there's GUI to control the trainer (you use piping to communicate).
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Jul 20, 2008 2:16 pm Post subject: |
|
|
No way, you can do what I do lately, make an exe with a .reloc section so it can inject itself. This requires you to re-code a bit of the PE loader however. This also gets rid of a lot of detectability issues as you are manually loading the file into the process.
Rather fun. 
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Sun Jul 20, 2008 2:25 pm Post subject: |
|
|
Lol, example?
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Jul 20, 2008 2:26 pm Post subject: |
|
|
| oib111 wrote: | | Lol, example? |
Lol, no.
|
|
| Back to top |
|
|
kitterz
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 24 Dec 2007
Posts: 1268
|
| Posted: Sun Jul 20, 2008 2:40 pm Post subject: |
|
|
| Flyte wrote: | | oib111 wrote: | | Lol, example? |
Lol, no. |
Lol, why not? 
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Sun Jul 20, 2008 2:42 pm Post subject: |
|
|
| Dark Byte wrote: |
as muminoi posted at http://forum.cheatengine.org/viewtopic.php?p=22436#22436 :
Here is list of APIs that first 5 bytes change
kernel32.dll Change=12
CreateProcessInternalW
DebugActiveProcess
GetProcAddress
LoadLibraryExW
MapViewOfFile
MapViewOfFileEx
MoveFileW
OpenProcess
ReadProcessMemory
VirtualProtect
VirtualProtectEx
WriteProcessMemory
user32.dll Change=11
GetWindowThreadProcessId
PostMessageA
PostMessageW
SendInput
SendMessageA
SendMessageW
SetCursorPos
SetWindowsHookExA
SetWindowsHookExW
keybd_event
mouse_event
ntdll.dll Change=10
NlsMbOemCodePageTag
NtOpenProcess
NtQuerySystemInformation
NtSuspendThread
NtTerminateThread
RtlGetNativeSystemInformation
ZwOpenProcess
ZwQuerySystemInformation
ZwSuspendThread
ZwTerminateThread
|
Doesn't this mean you can just hookhop WPM and RPM?
| Code: |
DWORD RPM = (DWORD)GetProcAddress(LoadLibrary("KERNEL32.DLL"), "ReadProcessMemory")+5;
DWORD WPM = (DWORD)GetProcAddress(LoadLibrary("KERNEL32.DLL"), "WriteProcessMemory")+5;
_declspec(naked) BOOL WINAPI ReadProcessMemoryX(HANDLE hProcess, LPVOID lpAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesRead) {
_asm {
mov edi, edi
push ebp
mov ebp, esp
jmp[RPM]
}
}
_declspec(naked) BOOL WINAPI WriteProcessMemory(HANDLE hProcess, LPVOID lpAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T *lpNumberOfBytesWritten) {
_asm {
mov edi, edi
push ebp
mov ebp, esp
jmp[RPM]
}
}
|
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
sponge
I'm a spammer
Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Sun Jul 20, 2008 2:45 pm Post subject: |
|
|
no.
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
