Metick How do I cheat? Reputation: 0
Joined: 27 Dec 2023 Posts: 1
|
Posted: Wed Dec 27, 2023 1:55 pm Post subject: Plugin development Hooking Kernel pointers |
|
|
Hi, So i've been trying to make a plugin for CE that allows me ot use my DMA to read, write, scan memory ect.
It works fine when i hook OpenProcess, ReadProcessMemory, WriteProcessMemory & VirtualQueryEx.
I just have a small issue, It always says that there is no memory available when scanning memory, likely due to abad implementation of Virtual Query. I've spend way too many hours trying to fix the issue, and haven't been able to fix it.
So i saw the with kernel there is a option that we don't require virtual query. but when i hook any of the kernel functions it "crashes" like it doesn't get past anywhere. neither does it hook them despite me doing 1;1 with how i do the non-kernel functions.
here is my code:
Code: | auto open_process = ef->OpenProcess;
auto read_process_memory = ef->ReadProcessMemory;
auto write_process_memory = ef->WriteProcessMemory;
auto virtual_query = ef->VirtualQueryEx;
//kernel
auto kernel_open_process = ef->KernelOpenProcess;
auto kernel_read_process_memory = ef->KernelReadProcessMemory;
auto kernel_write_process_memory = ef->KernelWriteProcessMemory;
auto kernel_load_dbk = ef->loadDBK32;
auto kernel_load_if_needed = ef->loaddbvmifneeded;
auto kernel_is_valid_handle = ef->IsValidHandle;
printf("Hooking Open Process 0x%p\n", open_process);
*(DWORD_PTR*)(open_process) = (DWORD_PTR)&hk_open_process;
printf("Hooking Read 0x%p\n", read_process_memory);
*(DWORD_PTR*)(read_process_memory) = (DWORD_PTR)&hk_read;
printf("Hooking Write 0x%p\n", write_process_memory);
*(DWORD_PTR*)(write_process_memory) = (DWORD_PTR)&hk_write;
printf("Hooking Virtual Query 0x%p\n", virtual_query);
*(DWORD_PTR*)(virtual_query) = (DWORD_PTR)&hk_virtual_query;
//kernel functions crash
printf("Hooking Kernel Open Process 0x%p\n", kernel_open_process);
*(DWORD_PTR*)(kernel_open_process) = (DWORD_PTR)&hk_open_process;
printf("Hooking Kernel Read 0x%p\n", kernel_read_process_memory);
*(DWORD_PTR*)(kernel_read_process_memory) = (DWORD_PTR)&hk_read;
printf("Hooking Kernel Write 0x%p\n", kernel_write_process_memory);
*(DWORD_PTR*)(kernel_write_process_memory) = (DWORD_PTR)&hk_write;
printf("Hooking Kernel Load 0x%p\n", kernel_load_dbk);
*(DWORD_PTR*)(kernel_load_dbk) = (DWORD_PTR)&hk_loaddbk32;
printf("Hooking Kernel Load if needed 0x%p\n", kernel_load_if_needed);
*(DWORD_PTR*)(kernel_load_if_needed) = (DWORD_PTR)&hk_loaddbk32_if_needed;
printf("Hooking Kernel is valid handle 0x%p\n", kernel_is_valid_handle);
*(DWORD_PTR*)(kernel_is_valid_handle) = (DWORD_PTR)&hk_is_valid_handle; | [/code]
Does anyone know the issue ;/
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25288 Location: The netherlands
|
Posted: Wed Dec 27, 2023 4:21 pm Post subject: |
|
|
The kernel* functions are obsolete and not exported in the plugin anymore. They are NULL now. (Still accessible readable from Lua but not writable)
If you wish to use your own driver for kernelmode access just hook OpenProcess and ReadProcessMemory and make it go through your routine
If you have to you can also implement QueryVirtualEx but it has to behave like the windows QueryVirtualEx, including the return value matching exactly what is expected
Also, don't forget to register a plugintype4 callback so you can rehook the pointers when they change (e.g. going to settings and clicking ok)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|