| View previous topic :: View next topic |
| Author |
Message |
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
 Posted: Fri Oct 26, 2007 5:20 am Post subject: [Delphi]Making a simple standalone trainer using Hex / AOB |
 |
|
Hexadecimal / Array Of Byte
Credits:
Renko
Noz
Kas
btw, in this method i used Mahjong Blocks @ ijji to make a trainer, but delphi failed so i made it in C 
Let's begin !
First of all, lets mange that we need to get the pID (Process ID) and the handle of it, after that we can access it's memory and start making modifications .
Before we start, make sure you have opend a new delphi project and this in your GLOBAL var decliration (The first "var" where the TForm is declared)
| Code: | MainForm: TMainForm;
hProcess : THandle;
ProcessID, ThreadID, Rights : DWORD;
WindowTitle : PChar;
BUF : pCHAR;
Write : DWORD;
WindowName : THandle;
ToBeWritten : DWORD; |
thanks to renko for the AOB method
now, to get the pID, we need to target the window, right ?
using the function FindWindowA(); will be simple, it uses to find running apps and them take action by using PostMessageA(); to close/minimize/maximize/simulate keystrokes and more
| Code: | WindowTitle := pCHAR('Mahjong Block');
WindowName := FindWindowA(nil, WindowTitle); |
Now that we have our window !, we need to get its pID and Access it !
| Code: | ThreadId := GetWindowThreadProcessId(WindowName, @ProcessId);
hProcess := OpenProcess(PROCESS_ALL_ACCESS,FALSE,ProcessID); |
now that we got access, we can start patching a address.
| Code: | GetMem(BUF, sizeof(ToBeWritten));
BUF^ := CHR(Sizeof(ToBeWritten)); |
Make a const (Global)
PatchAddy = The address we wanna patch (edit)
NumOfBytes = The Number of bytes we're using (3, right ?!) (3 wont allways work don't be a smart ass, bytes are the uh... *thinks how to explain* is like the modified signature of the assembly  (i guess that'll do it lol)
iNjectArry is just a method using AOB (thanks to renko)
ToBeWritten is the edited Hexadecimal that i added, much more easier.
| Code: | const
PatchAddy = $0042120A;
NumberOfBytes = 3;
// iNJECTArray: Array [0..3] of Byte =($FF,$58,$45,$FF);
ToBeWritten = $FF4558FF; //FF584DFF is the normal address |
You can use VPEx if you wish, but it's not neccesery
| Msdn wrote: | BOOL WINAPI VirtualProtectEx(
__in HANDLE hProcess,
__in LPVOID lpAddress,
__in SIZE_T dwSize,
__in DWORD flNewProtect,
__out PDWORD lpflOldProtect
); |
Finally, we write the memory to the process using WriteProcessMemory();
| Code: | WriteProcessMemory(
hProcess, ptr(PatchAddy),
BUF, NumberOfBytes, Write); |
let's not forget to close the handle
| Code: | FreeMem(BUF);
CloseHandle(hProcess); |
This simple method will not 100% work on everything, use it widly.
i hate delphi for this things...
Source is added
| Description: |
|
| Filesize: |
13.3 KB |
| Viewed: |
12518 Time(s) |
|
Last edited by DeletedUser14087 on Mon Nov 19, 2007 6:30 am; edited 1 time in total |
|
| Back to top |
|
 |
oib111
I post too much
 Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Fri Oct 26, 2007 8:30 am Post subject: |
|
|
Nice tutorial kaspersky. I havn't used delphi in about 6 months and I understood every single thing in this tutorial.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Fri Oct 26, 2007 8:35 am Post subject: |
|
|
| oib111 wrote: | | Nice tutorial kaspersky. I havn't used delphi in about 6 months and I understood every single thing in this tutorial. |
Thanks, btw i forgot to mention, if you want to use the AOB method, replace all the strings "ToBeWritten" to "InjectArray" (Do not include the variable).
|
|
| Back to top |
|
|
h4c0r-BG
Master Cheater
 Reputation: 0
Joined: 29 Nov 2006
Posts: 449
Location: The yogurt country
|
| Posted: Sat Oct 27, 2007 5:45 am Post subject: |
|
|
Nice tutorial Kaspersky! I want to ask what do we "earn" when we use VPEx?
_________________
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Sat Oct 27, 2007 5:53 am Post subject: |
|
|
| h4c0r-BG wrote: | | Nice tutorial Kaspersky! I want to ask what do we "earn" when we use VPEx? |
| Msdn wrote: | | Changes the protection on a region of committed pages in the virtual address space of a specified process. |
I, myself use it to avoid errors in my process
|
|
| Back to top |
|
|
Reak
I post too much
 Reputation: 0
Joined: 15 May 2007
Posts: 3496
|
| Posted: Sat Oct 27, 2007 4:59 pm Post subject: |
|
|
I have to say:
Damn nice, and THX!!!
And btw, I found a lil mistake in the source where it checks if the window is running or not on the Shuffles button:
This:
| Code: | if WindowName = 0 then
begin
MessageDlg('Game Not Running!', mtWarning, [mbOK], 0);
uShuffle.Caption := 'Unlimited Hints [OFF]';
end; |
Should be this:
| Code: | if WindowName = 0 then
begin
MessageDlg('Game Not Running!', mtWarning, [mbOK], 0);
uShuffle.Caption := 'Unlimited Shuffles [OFF]';
end; |
Ohh and the thing above:
This:
| Code: | | uShuffle.Caption := 'Unlimited Hints [ON]'; |
To:
| Code: | | uShuffle.Caption := 'Unlimited Shuffles [ON]'; |
edit:
ohwell, I tried something.
Im using GGles and I try to inject pin typer with this, because its a simple script.
| Code: | [Enable]
//V45 Pin Typer Updated by ReVeNgEx
00488699:
jae 0048025c
[Disable]
00488699:
jbe 0048025c |
I tried this (idk if it's the right way xD)
| Code: | PatchAddy = $00488699;
NumberOfBytes = 3;
iNJECTArray: Array [0..2] of Byte =($0F, $83, $BD);
// ToBeWritten = ; //FF584DFF is the normal address |
But this does something weird (I always check on a engine what it does).
halp pl0x
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Sat Oct 27, 2007 5:47 pm Post subject: |
|
|
Hold on rEakW0n, i'll check it for you.
Edit: ok !, by the look of it, you forgot 1 byte !
7B 
good luck bro !, btw make the Number Of Byte = 4.
|
|
| Back to top |
|
|
Reak
I post too much
Reputation: 0
Joined: 15 May 2007
Posts: 3496
|
| Posted: Sun Oct 28, 2007 3:52 am Post subject: |
|
|
Well me and Kaspersky tried out many things, but we can't get it working, can someone help us?
edit:
So I want to inject pin type in it (as you may know  ).
Well here's the enable part:
| Code: | 00488699:
jae 0048025c |
So is this correct for it?
| Code: | PatchAddy = $00488699;
NumberOfBytes = 6;
iNJECTArray: Array [0..2] of Byte =($49, $42, $45); |
Help please!
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Sun Oct 28, 2007 5:24 am Post subject: |
|
|
omg, NumberOfByte = 4;
and the array isn't correcy :S
|
|
| Back to top |
|
|
Reak
I post too much
Reputation: 0
Joined: 15 May 2007
Posts: 3496
|
| Posted: Sun Oct 28, 2007 7:07 am Post subject: |
|
|
ok so I tried this:
| Code: | PatchAddy = $00488699;
NumberOfBytes = 4;
iNJECTArray: Array [0..2] of Byte =($0f, $83, $6c); |
But its still not working....
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Sun Oct 28, 2007 7:24 am Post subject: |
|
|
| Try using Hexadecimal method and post results
|
|
| Back to top |
|
|
Reak
I post too much
Reputation: 0
Joined: 15 May 2007
Posts: 3496
|
| Posted: Sun Oct 28, 2007 7:39 am Post subject: |
|
|
still not working....I tried out so much things.
I guess we need help from someone else.
|
|
| Back to top |
|
|
DeletedUser14087
I post too much
![]() Reputation: 2
Joined: 21 Jun 2006
Posts: 3069
|
| Posted: Sun Oct 28, 2007 8:18 am Post subject: |
|
|
| rEakW0n wrote: | still not working....I tried out so much things.
I guess we need help from someone else. |
"we" ? i don't need help since i'm not using Delphi for it.
It's you who needs help -.-"
|
|
| Back to top |
|
|
Reak
I post too much
Reputation: 0
Joined: 15 May 2007
Posts: 3496
|
| Posted: Sun Oct 28, 2007 8:19 am Post subject: |
|
|
| Kaspersky wrote: | | rEakW0n wrote: | still not working....I tried out so much things.
I guess we need help from someone else. |
"we" ? i don't need help since i'm not using Delphi for it.
It's you who needs help -.-" |
oh yea...I -.-
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Sun Oct 28, 2007 9:31 am Post subject: |
|
|
| You only need to change the byte at 0048869A from 86 to 83. Any other modifications are pointless.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
