Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


ThreadContextTracker Plugin

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> Plugin development
View previous topic :: View next topic  
Author Message
BanMe
Master Cheater
Reputation: 0

Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA

PostPosted: Mon Jan 26, 2009 9:27 pm    Post subject: ThreadContextTracker Plugin Reply with quote

this is what im working with so far Smile
any further suggestions or optimized implementations will be fully taken into account Very Happy

Code:

//
#define _CRT_SECURE_NO_WARNINGS
#define  _WIN32_WINNT 0x501
//#define WIN32_LEAN_AND_MEAN      
// Windows Header Files:
#include <windows.h>
#include <tlhelp32.h>
#include "example-c.h"

int selfid;
int pluginid=-1;
HANDLE hTarget = 0;
ULONG  hTargetId = 0;
HANDLE ThreadHandleList[20] = {0};
ULONG ThreadIdList[20] = {0};
BOOL IsInitialized = FALSE;
CRITICAL_SECTION cSection;
DWORD orig_OpenThread;
DWORD orig_KernelOpenProcess;

HANDLE Monitor_KernelOpenProcess(DWORD dwAccess,BOOL Inherit,DWORD Pid);
void Hook_API();
void FnPointerChange(int Reserved);

HANDLE CheckThreadHandleInList(DWORD ThreadId)
{
   int i;
   HANDLE hThread = INVALID_HANDLE_VALUE;
   BOOL IdInList = FALSE;
   for(i=0;i<=20;i++)//search forward
   {
      if(ThreadIdList[i] == ThreadId)
      {
         IdInList= TRUE;
         //Exported.ShowMessage("Handle Alread In List");
         return ThreadHandleList[i];
      }
   }
   if(IdInList == FALSE)
   {
      for(i=0;i<=20;i++)//searchbackward
      {
         if(ThreadIdList[i] == 0);
         {
            ThreadIdList[i] = ThreadId;
            hThread = CECT.OpenThread(THREAD_ALL_ACCESS,FALSE,ThreadId);
            if(hThread != INVALID_HANDLE_VALUE)
            {
               ThreadHandleList[i] = hThread;
               //Exported.ShowMessage("Handle Not In List");
               return hThread;
            }
         }
      }
   }
}
void StartThreadContextSnap(HANDLE hThread)
{
   CONTEXT Context = {0};
   char Buffer[255]= {0};
   Context.ContextFlags = CONTEXT_FULL;
   if(CECT.SuspendThread(hThread) != -1)
   {
      if(CECT.GetThreadContext(hThread,&Context) != 0)
      {
         //Exported.ShowMessage("Got Thread Context");
         _itoa(Context.Eip,Buffer,16);
         Exported.ShowMessage(Buffer);
         memset((void*)&Buffer,0,sizeof(Buffer));
         CECT.ResumeThread(hThread);
         return;
      }
   }
   Exported.ShowMessage("Failed Getting Context");
   return;
}
BOOL PoolForTargetThreads(ULONG ProcessId)
{   
   THREADENTRY32 te32;
   HANDLE hSnap,hThread;
   te32.dwSize = sizeof(THREADENTRY32);
   hSnap = CECT.CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD,ProcessId);
   if(hSnap != INVALID_HANDLE_VALUE)
   {
      if(CECT.Thread32First(hSnap,&te32) != FALSE)
      {
         do
         {
            if(te32.th32OwnerProcessID == ProcessId)
            {                 
               hThread = CheckThreadHandleInList(te32.th32ThreadID);
               if(hThread != INVALID_HANDLE_VALUE)
               {
                  //Exported.ShowMessage("Thread Found");
                  StartThreadContextSnap(hThread);
               }
            }
         }while(CECT.Thread32Next(hSnap,&te32) != FALSE);
         return TRUE;
      }
   }
   return FALSE;
}

BOOL APIENTRY DllMain( HANDLE hModule,DWORD ul_reason_for_call,LPVOID lpReserved)
{
   switch (ul_reason_for_call)
   {
      case DLL_PROCESS_ATTACH:
         break;
      case DLL_THREAD_ATTACH:
      case DLL_THREAD_DETACH:
      case DLL_PROCESS_DETACH:
         break;
   }
    return TRUE;
}
BOOL __stdcall GetVersion(PluginVersion *pv , int sizeofpluginversion)
{
   pv->version= 1;
   pv->pluginname = "BaNiMiZeR";
   return TRUE;
}

BOOL __stdcall InitializePlugin(struct ExportedFunctions *ef , int pluginid)
{
   POINTERREASSIGNMENTPLUGIN_INIT init;
   HMODULE dbk32,k32;
   selfid = pluginid;
   Exported = *ef;
   Exported.OpenedProcessHandle = 0;
   Exported.OpenedProcessID = 0;
   dbk32 = GetModuleHandle("dbk32.dll");
   k32 = GetModuleHandle("kernel32.dll");
   if(dbk32 != 0 && k32 != 0)
   {
      CECT.ChangeRegOnBP = (ChangeReg)GetProcAddress(dbk32,"ChangeRegOnBP");
        CECT.ContinueDebugEvent = (ContinueDbg)GetProcAddress(k32,"ContinueDebugEvent");
      CECT.CreateToolhelp32Snapshot = (CreateSnapshot)GetProcAddress(k32,"CreateToolhelp32Snapshot");
      CECT.CreateRemoteThread = (CreateRemote)GetProcAddress(k32,"CreateRemoteThread");
      CECT.DBKResumeProcess = (DBKResProcess)GetProcAddress(dbk32,"DBKResumeProcess");
      CECT.DBKResumeThread = (DBKRes)GetProcAddress(dbk32,"DBKResumeThread");
      CECT.DBKSuspendProcess = (DBKSusProcess)GetProcAddress(dbk32,"DBKSuspendProcess");
      CECT.DBKSuspendThread = (DBKSus)GetProcAddress(dbk32,"DBKSuspendThread");
      CECT.DebugActiveProcess = (DbgActive)GetProcAddress(k32,"DebugActiveProcess");
      CECT.DebugProcess = (DbgProcess)GetProcAddress(dbk32,"DebugProcess");
      CECT.getAlternateDebugMethod = (GetDbgMethod)GetProcAddress(dbk32,"getAlternateDebugMethod");
      CECT.GetCR3 = (GCR3)GetProcAddress(dbk32,"GetCR3");
      CECT.GetCR4 = (GCR4)GetProcAddress(dbk32,"GetCR4");
      CECT.GetDebugportOffset = (GetDbgOffset)GetProcAddress(dbk32,"GetDebugportOffset");
      CECT.GetIDTCurrentThread = (GetIDTThread)GetProcAddress(dbk32,"GetIDTCurrentThread");
      CECT.GetIDTs = (GIDTs)GetProcAddress(dbk32,"GetIDTs");
      CECT.GetKProcAddress = (GetKAddress)GetProcAddress(dbk32,"GetKProcAddress");
      CECT.GetLoadedState = (GetState)GetProcAddress(dbk32,"GetLoadedState");
      CECT.GetPEProcess = (GetProc)GetProcAddress(dbk32,"GetPEProcess");
      CECT.GetPEThread = (GetThread)GetProcAddress(dbk32,"GetPEThread");
      CECT.GetPhysicalAddress = (GetAddress)GetProcAddress(dbk32,"GetPhysicalAddress");
      CECT.GetProcessNameFromID = (GetNameFromID)GetProcAddress(dbk32,"GetProcessNameFromID");
      CECT.GetProcessNameFromPEProcess = (GetNameFromPEProcess)GetProcAddress(dbk32,"GetProcessNameFromPEProcess");
      CECT.GetProcessnameOffset = (GetNameOffset)GetProcAddress(dbk32,"GetProcessnameOffset");
      CECT.GetSDT = (GSDT)GetProcAddress(dbk32,"GetSDT");
      CECT.GetSDTShadow = (GSDTShadow)GetProcAddress(dbk32,"GetSDTShadow");
      CECT.GetThreadContext = (GetContext)GetProcAddress(k32,"GetThreadContext");
      CECT.GetThreadListEntryOffset = (GetThreadListOffset)GetProcAddress(dbk32,"GetThreadListEntryOffset");
      CECT.GetThreadsProcessOffset = (GetThreadsOffset)GetProcAddress(dbk32,"GetThreadsProcessOffset");
      CECT.Heap32ListFirst = (HeapFirst)GetProcAddress(k32,"Heap32ListFirst");
      CECT.Heap32ListNext = (HeapNext)GetProcAddress(k32,"Heap32ListNext");
      CECT.IsValidHandle = (IsValid)GetProcAddress(dbk32,"IsValidHandle");
      CECT.KernelAlloc = (KAlloc)GetProcAddress(dbk32,"KernelAlloc");
      CECT.KernelOpenProcess = (ProcessOpen)GetProcAddress(dbk32,"OP");
      CECT.KernelOpenThread = (ThreadOpen)GetProcAddress(dbk32,"OT");
      CECT.KernelReadProcessMemory = (ReadProc)GetProcAddress(dbk32,"RPM");
      CECT.KernelVirtualAllocEx = (VirtAllocEx)GetProcAddress(dbk32,"VAE");
      CECT.KernelWriteProcessMemory = (WriteProc)GetProcAddress(dbk32,"WPM");
      CECT.MakeWritable = (MkWritable)GetProcAddress(dbk32,"MakeWritable");
      CECT.Module32First = (ModuleFirst)GetProcAddress(k32,"Module32First");
      CECT.Module32Next = (ModuleNext)GetProcAddress(k32,"Module32Next");
      CECT.OpenProcess = (ProcessOpen)GetProcAddress(k32,"OpenProcess");
      CECT.OpenThread = (ThreadOpen)GetProcAddress(k32,"OpenThread");
      CECT.Process32First = (ProcFirst)GetProcAddress(k32,"Process32First");
      CECT.Process32Next = (ProcNext)GetProcAddress(k32,"Process32Next");
      CECT.ProtectMe = (Protect)GetProcAddress(dbk32,"ProtectMe");
      CECT.ReadProcessMemory = (ReadProc)GetProcAddress(k32,"ReadProcessMemory");
      CECT.ResumeThread = (ThreadResume)GetProcAddress(k32,"ResumeThread");
      CECT.RetrieveDebugData = (RetrieveDbgData)GetProcAddress(dbk32,"RetrieveDebugData");
      CECT.setAlternateDebugMethod = (SetDbgMethod)GetProcAddress(dbk32,"setAlternateDebugMethod");
      CECT.SetCR3 = (SCR3)GetProcAddress(dbk32,"SetCR3");
      CECT.SetThreadContext = (SetContext)GetProcAddress(k32,"SetThreadContext");
      CECT.StartProcessWatch = (StartWatch)GetProcAddress(dbk32,"StartProcessWatch");
      CECT.StopDebugging = (PVOID)GetProcAddress(dbk32,"StopDebugging");
      CECT.StopRegisterChange = (PVOID)GetProcAddress(dbk32,"StopRegisterChange");
      CECT.SuspendThread = (ThreadSuspend)GetProcAddress(k32,"SuspendThread");
      CECT.Thread32First = (ThreadFirst)GetProcAddress(k32,"Thread32First");
      CECT.Thread32Next = (ThreadNext)GetProcAddress(k32,"Thread32Next");
      CECT.VirtualAllocEx = (VirtAllocEx)GetProcAddress(dbk32,"VAE");
      CECT.VirtualProtect = (VirtProtect)GetProcAddress(k32,"VirtualProtect");
      CECT.VirtualProtectEx = (VirtProtectEx)GetProcAddress(k32,"VirtualProtectEx");
      CECT.VirtualQueryEx = (VirtQueryEx)GetProcAddress(dbk32,"VQE");
      CECT.WaitForDebugEvent = (WaitDbg)GetProcAddress(k32,"WaitForDebugEvent");
      CECT.WaitForProcessListData = (WaitListData)GetProcAddress(dbk32,"WaitForProcessListData");
      CECT.WriteProcessMemory = (WriteProc)GetProcAddress(k32,"WriteProcessMemory");
   }
   init.callbackroutine = (CEP_PLUGINTYPE4)FnPointerChange;
   pluginid = Exported.RegisterFunction(pluginid, ptFunctionPointerchange, &init);
   Hook_API();
   return TRUE;
}
BOOL __stdcall DisablePlugin(void)
{
   if (pluginid!=-1)
   {
      if (Exported.UnregisterFunction(selfid,pluginid) == FALSE)
      {
         Exported.ShowMessage("Failure to unregister a plugin function"); //nothing to be done about this. the plugin is being set on stand by...
      }
   }
   return TRUE;
}
DWORD PrevPid = 0;
HANDLE Monitor_KernelOpenProcess(DWORD Access,BOOL Inherit,DWORD Pid)
{
   ProcessOpen oOpenProcess;
   //Exported.ShowMessage("Hook_Entered");
   
   hTarget = INVALID_HANDLE_VALUE;
   oOpenProcess = (ProcessOpen)orig_KernelOpenProcess;
   hTarget = oOpenProcess(Access,Inherit,Pid);
   
   if(hTarget != INVALID_HANDLE_VALUE)
   {
      Exported.OpenedProcessHandle = hTarget;
      hTargetId = GetProcessId(hTarget);
      Exported.OpenedProcessID = hTargetId;
      if(PrevPid != hTargetId)
      {
         PoolForTargetThreads(hTargetId);
         PrevPid = hTargetId;
      }
      return hTarget;
   }
   Exported.ShowMessage("Fail");
   return hTarget;
}
void FnPointerChange(int Reserved)
{
   Hook_API();
}
void Hook_API()
{
   if(*(PVOID**)Exported.KernelOpenProcess  != Monitor_KernelOpenProcess)
   {
      orig_KernelOpenProcess = CECT.KernelOpenProcess;
      *(PVOID**)Exported.KernelOpenProcess = Monitor_KernelOpenProcess;
   }
   if(*(PVOID**)Exported.OpenProcess != Monitor_KernelOpenProcess)
   {
      *(PVOID**)Exported.OpenProcess = Monitor_KernelOpenProcess;
   }
}


Still working out the bugs but no BSOD Smile

regards BanMe
Back to top
View user's profile Send private message MSN Messenger
_dan
How do I cheat?
Reputation: 0

Joined: 06 May 2009
Posts: 3

PostPosted: Wed May 06, 2009 9:21 am    Post subject: Reply with quote

Thats very useful, maybe I'll be able to tweak some bugs out as well.
_________________
Cogito Ergo Sum
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> Cheat Engine Source -> Plugin development All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites