| View previous topic :: View next topic |
| Author |
Message |
thejhorse
Newbie cheater
 Reputation: 0
Joined: 18 Sep 2008
Posts: 22
|
 Posted: Tue Jan 06, 2009 3:13 am Post subject: Screencapture to GG games protect by thejhorse |
 |
|
English
Many people ask me: how can I read the screen of a game if GetPixel, GetDC API are locked and dont working, it dont hard, GameGuard does not protect what is Hook function to shell system level, the following example is written in VB6 and many aimbot work with it, personal use VC++ or Delphi.
How this work
1.- Well, run the project
2.- go to a game
3.- in the game press Alt Key(Alt key is a Hot key to capture screen)
In this example i move the screen capture to a Picture Control, there you will can manipulate the information to get the data, for example in gunbound u can get the wind power, wind angle, shoot angle, etc, etc
Spanish
Muchas personas me preguntan: Como puedo capturar la pantalla de juegos que estan protegidos con GameGuard, esto no es complicado, GG no protege las funciones de Hook a nivel de sistema, este codigo en este codigo fuente yo les muestro como usar esta funcion en Visual Basic 6(aunque odio trabajar en este lenguaje)
En este ejemplo yo transfiero la data de captura a un control Picture, desde ahi ustedes pueden empezar a manipular libremente la data, y asi sacar informacion de la imagen capurada, como puede ser: La fuerza del viento, Angulo del viento, Angulo de disparo, etc, etc
Como esto trabaja
1.- Ejecute el proyecto
2.- Entre al juego
3.- En el juego presione la tecla ALT(Para capturar la pantalla)
Enjoy it 
_________________
No Fear...
Last edited by thejhorse on Mon Jan 12, 2009 8:04 pm; edited 2 times in total |
|
| Back to top |
|
 |
nwongfeiying
Grandmaster Cheater
![]() Reputation: 2
Joined: 25 Jun 2007
Posts: 695
|
| Posted: Tue Jan 06, 2009 4:14 pm Post subject: |
|
|
| And you put it in Spanish, why?
|
|
| Back to top |
|
|
thejhorse
Newbie cheater
Reputation: 0
Joined: 18 Sep 2008
Posts: 22
|
| Posted: Tue Jan 06, 2009 5:31 pm Post subject: |
|
|
well beacuse my main languaje is Spanish
_________________
No Fear... |
|
| Back to top |
|
|
nwongfeiying
Grandmaster Cheater
![]() Reputation: 2
Joined: 25 Jun 2007
Posts: 695
|
| Posted: Tue Jan 06, 2009 5:37 pm Post subject: |
|
|
| Good reason :p
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Tue Jan 06, 2009 7:44 pm Post subject: |
|
|
| Isn't most of all GDI APIs are hooked via user-mode? If so, can't you just use the 5 bytes bypass?
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Tue Jan 06, 2009 7:48 pm Post subject: |
|
|
GetDC() isn't even hooked by GG.
GetPixel is. I know this cause I used GetDC and GetPixel when I made my auto potion for maplestory.
|
|
| Back to top |
|
|
kill1212
Newbie cheater
![]() Reputation: 0
Joined: 30 May 2008
Posts: 12
|
| Posted: Tue Jan 06, 2009 9:48 pm Post subject: |
|
|
in ring0 i have found that NtUserPostMessage is hooked only.
My list of hooks:
in kernelmode...
| Code: | SSDT: NO HOOKS
DETOUR KERNEL API:
NtDeviceIoControlFile
NtOpenProcess
NtOpenSection
NtProtectVirtualMemory
NtReadVirtualMemory
NtWriteFile
NtWriteVirtualMemory
KeStackAttachProcess
KeAttachProcess
SSDT SHADOW:
NtUserPostMessage
|
in usermode...
| Code: | IAT: NO HOOKS
DETOUR API:
CreateProcessInternalW -> kernel32.dll
DebugActiveProcess -> kernel32.dll
GetProcAddress -> kernel32.dll
LoadLibraryExW -> kernel32.dll
MapViewOfFile -> kernel32.dll
MapViewOfFileEx -> kernel32.dll
MoveFileW -> kernel32.dll
OpenProcess -> kernel32.dll - why they are hooking it in usermode ?
ReadProcessMemory -> kernel32.dll
VirtualProtect -> kernel32.dll
VirtualProtectEx -> kernel32.dll
WriteProcessMemory -> kernel32.dll
NtDeviceIoControlFile -> ntdll.dll
NtLoadDriver -> ntdll.dll
NtOpenProcess -> ntdll.dll
NtProtectVirtualMemory -> ntdll.dll
NtQuerySystemInformation -> ntdll.dll
NtReadVirtualMemory -> ntdll.dll
NtSuspendProcess -> ntdll.dll
NtSuspendThread -> ntdll.dll
NtTerminateProcess -> ntdll.dll - lol
NtTreminateThread -> ntdll.dll
NtWriteVirtualMemory -> ntdll.dll
GetNativeSystemInformation -> ntdll.dll |
in usermode - GDI:
| Code: | GetWindowThreadProcessId -> user32.dll
PostMessageA -> user32.dll
PostMessageW -> user32.dll
SendInput -> user32.dll
SendMessageA -> user32.dll
SendMessageW -> user32.dll
SetCursorPos -> user32.dll
SetWindowHookExA -> user32.dll
SetWindowHookExW -> user32.dll
keybd_event -> user32.dll - lame
mouse_event -> user32.dll - lame again :D |
that makes me laugh why they are doing hook on ReadProcessMemory and NtReadVirtualProcessMemory ... and why they are doing hook on keybd_event if they have hooked SendInput. Why hooking ReadProcessMemory in usermode when have hooked NtWriteVirtualMemory in kernelmode....
and they are not hooking GetPixel now because they used anti-input hooks like SendInput Hook etc
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
