| View previous topic :: View next topic |
| Author |
Message |
dnsi0 I post too much
Reputation: 0
Joined: 04 Jan 2007 Posts: 2674
|
Posted: Thu Dec 06, 2007 6:18 pm Post subject: [Test Release] Visual Basic Engine Not Detected By GG |
|
|
This should by in the maple section but... I prob would get lots of flame... T.T
I started this engine with so much help from Wiccaan. He was the one that introduced Auto Assembly Into this engine.
I will be adding a searching function and Memory View later.
The currant engine can only hold 5 addresses and 5 scripts but I will update later.
It does not have save yet either.
Features:
Process Watcher
Auto Assembly - Enable and Disable Scripts
Memory Editing
Memory Freezing
Credits:
Dnsi0 (Me) for creating this engine
Wiccaan for giving me the DLLs for AutoASM
Dark Byte for creating AutoASM
Edit 1: I made it so that the engine doesn't crash because you had a few 0s at the beginning of the address.
Last edited by dnsi0 on Fri Dec 07, 2007 3:51 pm; edited 1 time in total |
|
| Back to top |
|
 |
dadypop Master Cheater
Reputation: 0
Joined: 23 Dec 2005 Posts: 362 Location: [email protected]
|
Posted: Thu Dec 06, 2007 6:23 pm Post subject: |
|
|
Seeing as to how it's a "UCE", what rev does it bypass?
_________________
| prohacker53 wrote: | | hello i see this 2x exp card so i byed two of the same and when it was time i only get 2x exp and not 4x????? must i activate something because i only get 2 exp for for example a snail when i should get 4???? |
LAWLZ PWNED. |
|
| Back to top |
|
 |
dnsi0 I post too much
Reputation: 0
Joined: 04 Jan 2007 Posts: 2674
|
Posted: Thu Dec 06, 2007 6:35 pm Post subject: |
|
|
| Rev 1121
|
|
| Back to top |
|
 |
GMZorita Grandmaster Cheater Supreme
Reputation: 0
Joined: 21 Mar 2007 Posts: 1361
|
Posted: Thu Dec 06, 2007 6:39 pm Post subject: |
|
|
wow sweet
all you need now is search and memory view
+rep
_________________
Gone |
|
| Back to top |
|
 |
dnsi0 I post too much
Reputation: 0
Joined: 04 Jan 2007 Posts: 2674
|
Posted: Thu Dec 06, 2007 6:47 pm Post subject: |
|
|
| Ty for the rep. And yes im working on searching right now. Mem View is harder...
|
|
| Back to top |
|
 |
Blader I post too much
Reputation: 2
Joined: 19 Jan 2007 Posts: 2049
|
Posted: Thu Dec 06, 2007 6:51 pm Post subject: |
|
|
I suggest you make things neater and add a table/list so it's easier to see your current addresses or w/e
Btw, add errorhandlers, you're missing them
_________________
|
|
| Back to top |
|
 |
dnsi0 I post too much
Reputation: 0
Joined: 04 Jan 2007 Posts: 2674
|
Posted: Thu Dec 06, 2007 6:57 pm Post subject: |
|
|
| Darn... I got to go to dinner. Yea it gives errors...
|
|
| Back to top |
|
 |
crackers Expert Cheater
Reputation: 0
Joined: 30 Jun 2006 Posts: 193
|
Posted: Thu Dec 06, 2007 7:00 pm Post subject: |
|
|
giving errors or not good job + rep
_________________
|
|
| Back to top |
|
 |
Bannedjsin95 Grandmaster Cheater Supreme
Reputation: 0
Joined: 11 Oct 2007 Posts: 1499
|
Posted: Thu Dec 06, 2007 7:13 pm Post subject: |
|
|
when i hooked onto minesweeper and tried an addy, the value did not show up. then i got runtime error 13 lol
gj on it, though. hope it goes well =]
_________________
|
|
| Back to top |
|
 |
Hieroglyphics I post too much
Reputation: 0
Joined: 06 Dec 2007 Posts: 2007 Location: Your bedroom
|
Posted: Thu Dec 06, 2007 8:07 pm Post subject: |
|
|
can u make a pic tut plz but put it in ms section
_________________
|
|
| Back to top |
|
 |
hcavolsdsadgadsg I'm a spammer
Reputation: 26
Joined: 11 Jun 2007 Posts: 5801
|
Posted: Thu Dec 06, 2007 8:23 pm Post subject: |
|
|
| thank god all i have to do is breathe and it will crash.
|
|
| Back to top |
|
 |
maxjojo Master Cheater
Reputation: 0
Joined: 05 Nov 2007 Posts: 459 Location: Taiwan
|
Posted: Thu Dec 06, 2007 8:47 pm Post subject: |
|
|
In some view point delphi is batter then vb6 when you are making a UCE, because of some type is buildin delphi. If you want to make UCE by VB6, you need to delcear the type manually.
for example: in delphi , after you write "uses tlhelp32", you could use tagProcessentry32 directly, code sample below:
| Quote: |
procedure TForm1.GetPEProcessData;
var ths: thandle;
pe32: tagProcessentry32;
|
the tagProcessentry32 in VC:
| Quote: |
PROCESSENTRY32 結構如下:
typedef struct tagPROCESSENTRY32 {
DWORD dwSize; // 結構大小;
DWORD cntUsage; // 此進程的引用計數;
DWORD th32ProcessID; // 進程ID;
DWORD th32DefaultHeapID; // 進程默認堆ID;
DWORD th32ModuleID; // 進程模塊ID;
DWORD cntThreads; // 此進程開啟的線程計數;
DWORD th32ParentProcessID;// 父進程ID;
LONG pcPriClassBase; // 線程優先權;
DWORD dwFlags; // 保留;
char szExeFile[MAX_PATH]; // 進程全名;
} PROCESSENTRY32;
|
Convert it to vb6:
| Quote: |
Public Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type
|
reference MY process watch program written by VB6:
Runtime screen:
How to load ME Dll in vb 6?
Maybe you could try to use "LoadLibrary" to load the API,
reference:
http://www.google.com.tw/search?hl=zh-TW&q=vb+loadlibrary
How to correctly use ME Dll in vb 6?
open UCE suorce (ce 5.3 or buffy.zip) ,
Watch the function how to work in NewKernelHandler.pas.
in my appliction first column is processID ,
second is appliction name,
third is Threads counter.
At present, this sample code didn't load the DLL and driver of ME,
but it's possible to load dll and driver of ME.
by the way, my UCE's dll and driver also is undetected. I feel that let your UCE dll and driver undetected is more easy the the main appliction.
I made my dll and driver undetected by using "SystemcallRetriever" load my driver to memory, than use maplestory to detect it. After detected, use "Kernelmodule unloader" to unload my driver. Rebuild my driver after comment or uncommet some code, change the type of code.
modify driver.c example:
in "case IOCTL_CE_QUERY_VIRTUAL_MEMORY:" .
modify GetMemoryRegionData() sub in file memscan.c,
add + N value, than run original command , than dec -N value, than your GetMemoryRegionData() function pass the detect:
| Quote: |
if (!((PPDE->P==0) && (PPDE->A2==0)))
{
if (PPDE->PS==1)
{
if (*regiontype==PAGE_EXECUTE_READ)
{
if ((PPDE->RW==0) || ((PPDE->P==0) && (PPDE->A2==1)) ) //paged to disk, I gues it's read-only
{
// for undetect... start.
*memorysize+=17;
*memorysize+=PAGE_SIZE_LARGE;
*memorysize-=17;
// for undetect... End.
}
else
break; //not the same protection so let's quit
}
if (*regiontype==PAGE_EXECUTE_READWRITE)
{
if ((PPDE->RW==1) && (PPDE->P==1) ) //only if it's present in memory.
{
// for undetect... start.
*memorysize+=16;
*memorysize+=PAGE_SIZE_LARGE;
*memorysize-=16;
// for undetect... End.
}
else
break;
}
if (*regiontype==PAGE_NOACCESS)
{
if ((PPDE->P==0) && (PPDE->A2==0))
{
// for undetect... start.
*memorysize+=15;
*memorysize+=PAGE_SIZE_LARGE;
*memorysize-=15;
// for undetect... End.
}
else
break;
}
}
else
{
//the 4MB bit wasn't set
//this means that we'll have to look through the PTEa PTE follows
BOOLEAN EverythingOK=TRUE;
while ((UINT_PTR)PPTE<((((UINT_PTR)(PPDE)+PTESize)-0xc0000000)/PTESize*0x1000)) //while the current PTE isn't in the memorylocation of the next PDE check the memory
{
if (*regiontype==PAGE_NOACCESS)
{
if ((PPTE->P==0) && (PPTE->A2==0)) //not readable so
{
// for undetect... start.
*memorysize+=0x300;
*memorysize-=0x200;
*memorysize+=0x900; // for undetect... end.
}
else
{
EverythingOK=FALSE;
break; //the memory I found IS accessible
}
}
if (*regiontype==PAGE_EXECUTE_READWRITE)
{
if ((PPTE->RW==1) || ((PPTE->P==1) || (PPTE->A2==1) ))
{
// for undetect... start.
*memorysize+=0x300;
*memorysize-=0x200;
*memorysize+=0x900; // for undetect... end.
//*memorysize+=0x1000; //writable or paged
}
else
{
EverythingOK=FALSE;
break;
}
}
if (*regiontype==PAGE_EXECUTE_READ)
{
if ((PPTE->RW==0) || ((PPTE->P==0) && (PPTE->A2==1) )) //read only or paged to disk (lets assume that the protection follows (just a gues)
{
// for undetect... start.
*memorysize+=0x400;
*memorysize-=0x200;
*memorysize+=0x800; // for undetect... end.
//*memorysize+=0x1000;
}
else
{
//if it's writable
//or if it's not paged and the global bit is on
//then it isn't read-only
EverythingOK=FALSE;
break;
}
}
(UINT_PTR)PPTE=(UINT_PTR)PPTE+PTESize;
}
if (!EverythingOK) break;
}
}
else
{
//4MB of non paged memory
if (*regiontype==PAGE_NOACCESS)
{
// for undetect... start.
*memorysize+=13;
*memorysize+=PAGE_SIZE_LARGE; //increase the size of page_noaccess memory with 4 MB
*memorysize-=13;
// for undetect... end.
}
else
break; //no, the previous wasn't PAGE_NOACCESS so break with the current length
}
(UINT_PTR)PPDE=(UINT_PTR)PPDE+PTESize;
(UINT_PTR)PPTE=((UINT_PTR)(PPDE)-0xc0000000)/PTESize*0x1000; //point to the first PTE of the new PDE
|
reference from : http://forum.cheatengine.org/viewtopic.php?t=81663
_________________
Max ^_^)y |
|
| Back to top |
|
 |
Mattraks How do I cheat?
Reputation: 0
Joined: 21 Oct 2007 Posts: 0 Location: IRAQ!
|
Posted: Thu Dec 06, 2007 8:51 pm Post subject: |
|
|
And you need to be able to debug registers but real nice
_________________
FOR ALLAH! |
|
| Back to top |
|
 |
overshark Newbie cheater
Reputation: 0
Joined: 30 Nov 2007 Posts: 15
|
Posted: Thu Dec 06, 2007 9:09 pm Post subject: |
|
|
| we can change debug register on that?
|
|
| Back to top |
|
 |
Thlump Grandmaster Cheater
Reputation: 0
Joined: 26 Aug 2007 Posts: 964 Location: 206.51.226.121
|
Posted: Thu Dec 06, 2007 10:35 pm Post subject: |
|
|
Maxjojo is right. Delphi 7 is a better program to use than VB6. VB6 is a bad language, because you don't get much power unlike C++.
_________________
| Symbol wrote: | LOL!
Then its not a UCE, its UWF. (Undetected Windows Form. WITH BUTTONS! ) |
|
|
| Back to top |
|
 |
|