Kukudum
How do I cheat?
![]() Reputation: 0
Joined: 07 Mar 2009
Posts: 3
|
 Posted: Sun Mar 22, 2009 10:52 am Post subject: c++ dll edit array of bytes |
 |
|
I've been searching for a way to edit an array of bytes (96 bytes total) in a target process - a game called Rakion (the game is protected by GameGuard).
Since there was an undetected injector released I figured I'll just make a dll.
I found a tutorial on how to make the dll (or rather the source of the dll) but it's written in the Delphi language. I don't know much about Delphi but I understand what's going on.
Here's what i do in cheat engine
There should have been urls to screenshots here but it doesn't let me
Just remove the space between the "h" and "ttp"
h ttp://img220.imageshack.us/my.php?image=15003268.jpg
h ttp://img106.imageshack.us/my.php?image=46321771.jpg
Here is the source of the dll - Delphi
He uses a different address and value (edits another thing but that doesn't matter)
| Code: |
library Nak2Dragon;
uses
Windows;
const
N:dword=$353E49C8;
CellArray:Array[0..95] of Byte = ($04, $00, $40, $35, $00, $00, $00, $00, $08, $00, $40, $35, $00, $00, $00, $00, $20, $36, $3E, $35, $01, $00, $00, $00, $28, $00, $40, $35, $01, $00, $00, $00, $8C, $7B, $31, $35, $58, $73, $2F, $35, $63, $04, $00, $00, $60, $39, $3E, $35, $80, $67, $10, $35, $A0, $64, $10, $35, $B0, $64, $10, $35, $C0, $64, $10, $35, $E0, $64, $10, $35, $F0, $64, $10, $35, $00, $65, $10, $35, $D0, $64, $10, $35, $01, $00, $00, $00, $FF, $FF, $FF, $FF, $C0, $69, $10, $35, $58, $73, $2F, $35);
Procedure celladdress2cellarray;
var
j:Integer;
begin
VirtualProtectEx(GetCurrentProcess,ptr(N),96,PAGE_EXECUTE_READWRITE,nil);
while(true) do
for j := 0 To Length(CellArray) do
PByte(N + j)^:=CellArray[j];
end;
var
x:cardinal;
Begin
CreateThread(nil,0,@celladdress2cellarray,nil,0,x);
if x=0 then
MessageBox(0, 'Cannot Inject.', 'Failed!', MB_OK or MB_ICONERROR) else
MessageBox(0, 'Nak -> Dragon Created By Andre', 'gamersNeeds.net', MB_OK);
end.
|
So I do the same thing (or that's what I think atleast) in a C++ project
I create a thread named blabla and do my stuff there. The problem is that I crash.. the game works fine until I summon (it accesses that address).. I must be doing something waaayy off but since I'm new to this I don't really get what's wrong.
| Code: |
BYTE newdata[96]={0x4C, 0xDF, 0x40, 0x35, 0x00, 0x00, 0x00, 0x00, 0x50, 0xDF, 0x40, 0x35, 0x00, 0x00, 0x00, 0x00, 0x70, 0x12, 0x3F, 0x35, 0x06, 0x00, 0x00, 0x00, 0x70, 0xDF, 0x40, 0x35, 0x02, 0x00, 0x00, 0x00, 0xC8, 0xB2, 0x32, 0x35, 0x68, 0xB3, 0x30, 0x35, 0x77, 0x04, 0x00, 0x00, 0xD0, 0x15, 0x3F, 0x35, 0x40, 0x2B, 0x10, 0x35, 0x60, 0x26, 0x10, 0x35, 0x70, 0x26, 0x10, 0x35, 0x80, 0x26, 0x10, 0x35, 0xA0, 0x26, 0x10, 0x35, 0xB0, 0x26, 0x10, 0x35, 0xC0, 0x26, 0x10, 0x35, 0x90, 0x26, 0x10, 0x35, 0x01, 0x00, 0x00, 0x00, 0xFF, 0xFF, 0xFF, 0xFF, 0xC0, 0x36, 0x10, 0x35, 0x68, 0xB3, 0x30, 0x35};
VirtualProtectEx(GetCurrentProcess, (LPVOID)0x353F1220, 96, PAGE_EXECUTE_READWRITE, NULL);
for (int nInc=0; nInc < 95; nInc++)
{
*(BYTE*)(0x353F1220 + nInc) = newdata[nInc]; //crash :S
}
|
The full source of my dll is in the attachment
P.S: please excuse my english as it is not my native language 
and thank you for reading this looong post 
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
Reputation: 0
. Otherwise i have to write 96 bytes - 24 DWORDs if I'm not mistaken. I only do this function once so I guess it doesn't slow me that bad (I'm gonna change it once I figure out what's wrong)
. I just want to write the bytes to that address 