 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Wiw3K
Grandmaster Cheater
 Reputation: 0
Joined: 09 Jul 2006
Posts: 762
Location: Poland.
|
 Posted: Fri Dec 19, 2008 8:44 am Post subject: [VC++]Asm script, take a look |
 |
|
I put asm script in C++ dll but it crash ms in game , take a look.
Script:
| Code: | [enable]
alloc(newmem,2048)
alloc(blaaaa,3670018)
label(originalcode)
loadbinary(blaaaa,Wiw3K.CEM)
newmem:
cmp ecx,00400000
jb originalcode
cmp ecx,00780000
ja originalcode
mov eax,blaaaa
sub eax,00400000
add ecx, eax
originalcode:
mov eax,[ebp+10]
push esi
push edi
jmp 4664E4
004664DF:
jmp newmem
[disable]
004664DF:
mov eax,[ebp+10]
push esi
push edi
dealloc(newmem)
dealloc(blaaaa) |
In My dll:
| Code: | __declspec(naked) void CRC_hook()
{
__asm
{
pop [ReturnMe]
cmp ecx, 0x00400000
jb original
cmp ecx, 0x00780000
ja original
sub ecx, 0x00400000
add ecx, [CRC]
original:
mov eax,[ebp+0x10]
push esi
push edi
push [ReturnMe]
ret
}
} |
then
| Code: | CRC = VirtualAlloc(NULL, 0x00400000, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
memcpy((void *)MEMDUMP, (void *)0x00400000, 0x00400000);
memcpy((void *)CRC, (void *)MEMDUMP, 0x00400000);
CRCdelay:
MSWIN = FindWindow(L"MapleStoryClass",NULL);
if(MSWIN == 0)
{
Sleep(100);
goto CRCdelay;
}
FixMem(GetCurrentProcess(), (void*)CRCADDY, 5, PAGE_EXECUTE_READWRITE, (DWORD*)oldprot);
*(BYTE*)CRCADDY = 0xE8;
*(DWORD*)(CRCADDY + 1) = JMP(CRCADDY, CRC_hook); |
and everything defined. without errors, whats wrong? 
|
|
| Back to top |
|
 |
Zerith
Master Cheater
 Reputation: 1
Joined: 07 Oct 2007
Posts: 468
|
| Posted: Fri Dec 19, 2008 9:10 am Post subject: |
|
|
It always jmps to Original, since you did not specify what to do if nothing jmps.
Probably causing stack corruption.
|
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Fri Dec 19, 2008 9:47 am Post subject: |
|
|
Probably because of:
| Code: | pop [ReturnMe]
push [ReturnMe] |
Not only that it's useless, the compiler probably ignores brackets since you didn't specify the size.
I suggest you using JMP instead. (0xE9 instead of 0xE8 and instead of pop/push/ret use JMP CRCADDY+5)
|
|
| Back to top |
|
|
sponge
I'm a spammer
 Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Fri Dec 19, 2008 5:14 pm Post subject: |
|
|
| Symbol wrote: | Probably because of:
| Code: | pop [ReturnMe]
push [ReturnMe] |
Not only that it's useless, the compiler probably ignores brackets since you didn't specify the size.
I suggest you using JMP instead. (0xE9 instead of 0xE8 and instead of pop/push/ret use JMP CRCADDY+5) |
Not quite. It is incredibly useful if you are actually hooking a call function. (The head of the call.) No one pushes 16 bit values onto the stack anymore. If there is no size, it should be assumed to be a DWORD.
_________________
|
|
| Back to top |
|
|
nog_lorp
Grandmaster Cheater
 Reputation: 0
Joined: 26 Feb 2006
Posts: 743
|
| Posted: Fri Dec 19, 2008 5:30 pm Post subject: |
|
|
Yep, if the assembler is doing its job, should default to whatever the BITS setting indicated (for 32 bit, 32 bit...)
_________________
Mutilated lips give a kiss on the wrist of the worm-like tips of tentacles expanding in my mind
I'm fine accepting only fresh brine you can get another drop of this yeah you wish |
|
| Back to top |
|
|
GMZorita
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 21 Mar 2007
Posts: 1361
|
| Posted: Fri Dec 19, 2008 8:15 pm Post subject: |
|
|
replace
| Code: | memcpy((void *)MEMDUMP, (void *)0x00400000, 0x00400000);
memcpy((void *)CRC, (void *)MEMDUMP, 0x00400000); |
with
| Code: |
memcpy((void *)CRC, (void *)0x400000, 0x00400000); |
_________________
Gone |
|
| Back to top |
|
|
slippppppppp
Grandmaster Cheater
 Reputation: 0
Joined: 08 Aug 2006
Posts: 929
|
| Posted: Sat Dec 20, 2008 12:20 am Post subject: |
|
|
| In the asm script i see a jmp. Your using E8 which is a call, try changing it to E9
|
|
| Back to top |
|
|
sponge
I'm a spammer
Reputation: 1
Joined: 07 Nov 2006
Posts: 6009
|
| Posted: Sat Dec 20, 2008 1:48 am Post subject: |
|
|
| slippppppppp wrote: | | In the asm script i see a jmp. Your using E8 which is a call, try changing it to E9 |
That has nothing to do with it.
_________________
|
|
| Back to top |
|
|
Trucido
Moderator
![]() Reputation: 6
Joined: 08 Sep 2007
Posts: 2792
|
| Posted: Sat Dec 20, 2008 2:16 am Post subject: |
|
|
| Code: | LPVOID CopyModule(__in HMODULE hModule)
{
MODULEINFO ModuleInfo;
LPVOID lpBuffer = NULL
if (GetModuleInformation(GetCurrentProcess(), hModule, &ModuleInfo, sizeof(MODULEINFO)))
{
lpBuffer = VirtualAlloc(NULL, ModuleInfo.SizeOfImage, MEM_COMMIT, PAGE_EXECUTE_READWRITE);
if (lpBuffer != NULL)
{
if (memcpy_s(lpBuffer, ModuleInfo.SizeOfImage, ModuleInfo.lpBaseOfDll, ModuleInfo.SizeOfImage) == 0)
return lpBuffer;
else
VirtualFree(lpBuffer, ModuleInfo.SizeOfImage, MEM_DECOMMIT);
}
}
return NULL;
}
BOOL InitializeCRC_Bypass(void)
{
while (FindWindow(TEXT("MapleStoryClass"), NULL) == NULL) Sleep(100);
lpCRC = CopyModule(GetModuleHandle(TEXT("MapleStory.exe"));
return (lpCRC != NULL) ? HookFunction(X86_CALL, CRC_Function, &CRC_Hook) : FALSE;
} |
_________________
I'm out. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
