| View previous topic :: View next topic |
| Author |
Message |
mgostIH
Expert Cheater
 Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
 Posted: Sat Jan 09, 2016 11:30 am Post subject: Question about Remote Threads |
 |
|
So, I was testing new ways for developing hacks that runs without having an external process opened.
I thought about creating remote threads on some allocated memory in which an asm script would do all the "magic".
I have no problem at coding asm x86 or using windows APIs, but I have no clue on how to stop a thread safely without stopping it externally.
Debugging it with Cheat Engine breakpoints would always lead to a crash, and using ret and the end of the script was doing a fine job of "closing" the thread.
I wondered about how this was happening, so I programmed a little script for testing it out and I saw the ret was going to start this procedure:
| Code: | push eax
call dword ptr [kernel32.dll+10704] { ->ntdll.RtlExitUserThread }
|
I was wondering, is this something Cheat Engine automatically sets?
If not, do I have to set some specific parameters using CreateRemoteThread() from Windows.h or do i have to hardcode it inside the asm script?
I hope for a complete answer. Thanks.
_________________
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25785
Location: The netherlands
|
| Posted: Sat Jan 09, 2016 12:12 pm Post subject: |
|
|
this happens with CreateRemoteThread()
You just have to make sure that your stack pointer (ESP/RSP ) is exactly the same as when the thread started when ret is called (and the return address hasn't been tampered with)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
mgostIH
Expert Cheater
Reputation: 3
Joined: 01 Jan 2016
Posts: 159
|
| Posted: Sat Jan 09, 2016 1:12 pm Post subject: |
|
|
| Dark Byte wrote: | this happens with CreateRemoteThread()
You just have to make sure that your stack pointer (ESP/RSP ) is exactly the same as when the thread started when ret is called (and the return address hasn't been tampered with) |
Oh, thanks a lot! I couldn't find this info elsewhere.
Anyway, is debugging created remote threadst possible? Every time I try it seems to crash my game.
_________________
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25785
Location: The netherlands
|
| Posted: Sat Jan 09, 2016 4:09 pm Post subject: |
|
|
yes. use the windows debugger as that is the only one that can set a breakpoint on newly created threads
then just set a breakpoint and create the thread
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
