Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


createFileA, from AA fail

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking
View previous topic :: View next topic  
Author Message
hiring_dude
Newbie cheater
Reputation: 0

Joined: 28 Nov 2010
Posts: 20
PostPosted: Sat Nov 19, 2011 7:06 pm    Post subject: createFileA, from AA fail Reply with quote
thanks to Google cache (hope everything isn't too much broken Sad ):

Hi everybody,
i'm trying to log data retrieved from different part of the process, and log those game statistics after each game over into a log file.
unfortunately i can get createFile to give me an handle and write something to disc even with a basic example.

note : i'm using IDA for decompilation, the Tabbed code section come from it even if it was "carrefully" checked for my needs..
I have no antivirus (win7), and code here from the AA script is longer i just put here where it fail.
am i missing something ?
(sorry for my engrish)

Code:
//------------------- PROCEDURE WRITE DATA  ---------------------
filepath:
db 'log.txt',0

text_to_write:
db 'hello world from cheat engine AA injection !\n',0
// ^   *   *   *   *   *   *   *   *   *   *   *   *   *
0041365E: // adresse ou le code est modifié
jmp proc_write_data_to_log_file
nop
nop
nop
nop
nop
nop
nop
proc_write_data_to_log_file_return:
/*-----------------------------*/
proc_write_data_to_log_file:
pushf  // just in case
push eax
push ebx
push ecx
push edx
                push    ebp
                mov     ebp, esp
                sub     esp, 80        // Integer Subtraction
                push    edi
                push    esi
               // call    sub_4013B0      ; Call Procedure
                lea     edi, [ebp-60] // Buffer  Load Effective Address
                mov     esi, text_to_write //
                cld                     // Clear Direction Flag
                mov     ecx, 0F
                rep movsd               // Move Byte(s) from String to String
                movsb                   // Move Byte(s) from String to String
                mov     [ebp-64], 49    //nNumberOfBytesToWrite = -64
                mov     [ebp-68], 0    //NumberOfBytesWritten = -68
                mov     [ebp-6C], 0    //  var_6C
                add     esp, 0FFFFFFFC // Add
                push    0               // hTemplateFile
                push    80             //; dwFlagsAndAttributes
                push    4               //; dwCreationDisposition
                push    0               //; lpSecurityAttributes
                push    0               //; dwShareMode
                push    40000000       //; dwDesiredAccess
                push    filepath
                call    dword ptr [00467124]    // ; Call Procedure CreateFileA
                add     esp, 4         // ; Add
                mov     eax, eax
                mov     [ebp-4], eax     //hObject
                push    2               //; dwMoveMethod
                push    0              // ; lpDistanceToMoveHigh
                push    0               //; lDistanceToMove
                mov     eax, [ebp-4]  //
                push    eax             //; hFile
                call    dword ptr [00467130] // ; Call Procedure SetFilePointer
                mov     [ebp-6C], eax
                add     esp, 0FFFFFFF4 //; Add
                push    0               //; lpOverlapped
                lea     eax, [ebp-68] //;
                push    eax             //; lpNumberOfBytesWritten
                mov     eax, [ebp-64]
                push    eax             //; nNumberOfBytesToWrite
                lea     eax, [ebp-60] //; Load Effective Address
                push    eax             //; lpBuffer
                mov     eax, [ebp-4]    //  hObject
                push    eax             //; hFile
                call    dword ptr [0046712C]       //; Call Procedure WriteFile
                add     esp, 0C        //; Add
                mov     eax, eax
                mov     [ebp-6C], eax
                add     esp, 0FFFFFFF4  //; Add
                mov     eax, [ebp-4]     //hObject
                push    eax              //; hObject
                call    dword ptr [004670E0]      // ; Call Procedure CloseHandle
                add     esp, 0C         //; Add
                xor     eax, eax         //; Logical Exclusive OR
                lea     esp, [ebp-88]   // Load Effective Address
                pop     esi
                pop     edi
                leave                    // High Lev
pop edx
pop ecx
pop ebx
pop eax
popf

/************************************************************************************************************
[size=150]Wiccaan [/size]replied :
Code:
                push    0               // hTemplateFile
                push    80             //; dwFlagsAndAttributes
                push    4               //; dwCreationDisposition
                push    0               //; lpSecurityAttributes
                push    0               //; dwShareMode
                push    40000000       //; dwDesiredAccess
                push    filepath
                call    dword ptr [00467124]    // ; Call Procedure CreateFileA

Share mode is 0, try setting it to ( FILE_SHARE_READ | FILE_SHARE_WRITE ) which is: 0x00000003
Also double check that your call address is correct for the API.

If it continues to fail, try adding a call to GetLastError after you call CreateFileA and see what the returned error code is. You can find the error information for the returned error code here:
[msdn link removed because of posting limitation (??)]
/************************************************************************************************************
so finally i tried your advises.
the calls are correct since the debugger show me step by step where EIP is going. and it match the winAPI adress.
i added the getlastError right after createFileA and i always get 998(3E6) : ERROR_NOACCESS
i don't understand since the host process can open a COM communication..
is there another easier way to trace log data from cheatengine or am i doing it wrong ?
i also tried with DLL injection.. but that's another story..
Back to top
View user's profile Send private message
atom0s
Moderator
Reputation: 205

Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
PostPosted: Sun Nov 27, 2011 10:54 am    Post subject: Reply with quote
If you are getting access errors then make sure the file isn't already in-use and that the app has the right access to the file before you trying opening it.
_________________
- Retired.
Back to top
View user's profile Send private message Visit poster's website
hiring_dude
Newbie cheater
Reputation: 0

Joined: 28 Nov 2010
Posts: 20
PostPosted: Mon Nov 28, 2011 11:32 am    Post subject: Reply with quote
well finally i gived up trying to access IO through AA,
lua do it right and far more simply Wink
thanks !
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General Gamehacking All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites