Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Test Release] Visual Basic Engine Not Detected By GG
Goto page 1, 2, 3  Next
 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
dnsi0
I post too much
Reputation: 0

Joined: 04 Jan 2007
Posts: 2674

PostPosted: Thu Dec 06, 2007 6:18 pm    Post subject: [Test Release] Visual Basic Engine Not Detected By GG Reply with quote

This should by in the maple section but... I prob would get lots of flame... T.T

I started this engine with so much help from Wiccaan. He was the one that introduced Auto Assembly Into this engine.

I will be adding a searching function and Memory View later.
The currant engine can only hold 5 addresses and 5 scripts but I will update later.
It does not have save yet either.

Features:
Process Watcher
Auto Assembly - Enable and Disable Scripts
Memory Editing
Memory Freezing

Credits:
Dnsi0 (Me) for creating this engine
Wiccaan for giving me the DLLs for AutoASM
Dark Byte for creating AutoASM

Edit 1: I made it so that the engine doesn't crash because you had a few 0s at the beginning of the address.



The Extension 'rar' was deactivated by an board admin, therefore this Attachment is not displayed.



Last edited by dnsi0 on Fri Dec 07, 2007 3:51 pm; edited 1 time in total
Back to top
View user's profile Send private message
dadypop
Master Cheater
Reputation: 0

Joined: 23 Dec 2005
Posts: 362
Location: [email protected]

PostPosted: Thu Dec 06, 2007 6:23 pm    Post subject: Reply with quote

Seeing as to how it's a "UCE", what rev does it bypass?
_________________
prohacker53 wrote:
hello i see this 2x exp card so i byed two of the same and when it was time i only get 2x exp and not 4x????? must i activate something because i only get 2 exp for for example a snail when i should get 4????


LAWLZ PWNED.
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
dnsi0
I post too much
Reputation: 0

Joined: 04 Jan 2007
Posts: 2674

PostPosted: Thu Dec 06, 2007 6:35 pm    Post subject: Reply with quote

Rev 1121
Back to top
View user's profile Send private message
GMZorita
Grandmaster Cheater Supreme
Reputation: 0

Joined: 21 Mar 2007
Posts: 1361

PostPosted: Thu Dec 06, 2007 6:39 pm    Post subject: Reply with quote

wow sweet
all you need now is search and memory view
+rep

_________________
Gone
Back to top
View user's profile Send private message
dnsi0
I post too much
Reputation: 0

Joined: 04 Jan 2007
Posts: 2674

PostPosted: Thu Dec 06, 2007 6:47 pm    Post subject: Reply with quote

Ty for the rep. And yes im working on searching right now. Mem View is harder...
Back to top
View user's profile Send private message
Blader
I post too much
Reputation: 2

Joined: 19 Jan 2007
Posts: 2049

PostPosted: Thu Dec 06, 2007 6:51 pm    Post subject: Reply with quote

I suggest you make things neater and add a table/list so it's easier to see your current addresses or w/e

Btw, add errorhandlers, you're missing them Confused

_________________
Back to top
View user's profile Send private message
dnsi0
I post too much
Reputation: 0

Joined: 04 Jan 2007
Posts: 2674

PostPosted: Thu Dec 06, 2007 6:57 pm    Post subject: Reply with quote

Darn... I got to go to dinner. Yea it gives errors...
Back to top
View user's profile Send private message
crackers
Expert Cheater
Reputation: 0

Joined: 30 Jun 2006
Posts: 193

PostPosted: Thu Dec 06, 2007 7:00 pm    Post subject: Reply with quote

giving errors or not good job + rep
_________________
Back to top
View user's profile Send private message Yahoo Messenger
Bannedjsin95
Grandmaster Cheater Supreme
Reputation: 0

Joined: 11 Oct 2007
Posts: 1499

PostPosted: Thu Dec 06, 2007 7:13 pm    Post subject: Reply with quote

when i hooked onto minesweeper and tried an addy, the value did not show up. then i got runtime error 13 lol

gj on it, though. hope it goes well =]

_________________

Back to top
View user's profile Send private message
Hieroglyphics
I post too much
Reputation: 0

Joined: 06 Dec 2007
Posts: 2007
Location: Your bedroom

PostPosted: Thu Dec 06, 2007 8:07 pm    Post subject: Reply with quote

can u make a pic tut plz but put it in ms section
_________________

Back to top
View user's profile Send private message AIM Address MSN Messenger
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5801

PostPosted: Thu Dec 06, 2007 8:23 pm    Post subject: Reply with quote

thank god all i have to do is breathe and it will crash.
Back to top
View user's profile Send private message
maxjojo
Master Cheater
Reputation: 0

Joined: 05 Nov 2007
Posts: 459
Location: Taiwan

PostPosted: Thu Dec 06, 2007 8:47 pm    Post subject: Reply with quote

In some view point delphi is batter then vb6 when you are making a UCE, because of some type is buildin delphi. If you want to make UCE by VB6, you need to delcear the type manually.

for example: in delphi , after you write "uses tlhelp32", you could use tagProcessentry32 directly, code sample below:
Quote:

procedure TForm1.GetPEProcessData;
var ths: thandle;
pe32: tagProcessentry32;


the tagProcessentry32 in VC:
Quote:

PROCESSENTRY32 結構如下:
typedef struct tagPROCESSENTRY32 {
DWORD dwSize; // 結構大小;
DWORD cntUsage; // 此進程的引用計數;
DWORD th32ProcessID; // 進程ID;
DWORD th32DefaultHeapID; // 進程默認堆ID;
DWORD th32ModuleID; // 進程模塊ID;
DWORD cntThreads; // 此進程開啟的線程計數;
DWORD th32ParentProcessID;// 父進程ID;
LONG pcPriClassBase; // 線程優先權;
DWORD dwFlags; // 保留;
char szExeFile[MAX_PATH]; // 進程全名;
} PROCESSENTRY32;

Convert it to vb6:
Quote:

Public Type PROCESSENTRY32
dwSize As Long
cntUsage As Long
th32ProcessID As Long
th32DefaultHeapID As Long
th32ModuleID As Long
cntThreads As Long
th32ParentProcessID As Long
pcPriClassBase As Long
dwFlags As Long
szExeFile As String * MAX_PATH
End Type


reference MY process watch program written by VB6:
Quote:

Filename: getPE.20071130.zip
Filesize: 10KB
Description: max vb @ 2007-11-30
Direct Link: http://www.badongo.com/file/5357531

Runtime screen:


How to load ME Dll in vb 6?
Maybe you could try to use "LoadLibrary" to load the API,

reference:
http://www.google.com.tw/search?hl=zh-TW&q=vb+loadlibrary

How to correctly use ME Dll in vb 6?
open UCE suorce (ce 5.3 or buffy.zip) ,
Watch the function how to work in NewKernelHandler.pas.

in my appliction first column is processID ,
second is appliction name,
third is Threads counter.

At present, this sample code didn't load the DLL and driver of ME,
but it's possible to load dll and driver of ME.

by the way, my UCE's dll and driver also is undetected. I feel that let your UCE dll and driver undetected is more easy the the main appliction.

I made my dll and driver undetected by using "SystemcallRetriever" load my driver to memory, than use maplestory to detect it. After detected, use "Kernelmodule unloader" to unload my driver. Rebuild my driver after comment or uncommet some code, change the type of code.

modify driver.c example:
in "case IOCTL_CE_QUERY_VIRTUAL_MEMORY:" .
modify GetMemoryRegionData() sub in file memscan.c,
add + N value, than run original command , than dec -N value, than your GetMemoryRegionData() function pass the detect:
Quote:

if (!((PPDE->P==0) && (PPDE->A2==0)))
{
if (PPDE->PS==1)
{
if (*regiontype==PAGE_EXECUTE_READ)
{
if ((PPDE->RW==0) || ((PPDE->P==0) && (PPDE->A2==1)) ) //paged to disk, I gues it's read-only
{
// for undetect... start.
*memorysize+=17;
*memorysize+=PAGE_SIZE_LARGE;
*memorysize-=17;
// for undetect... End.
}
else
break; //not the same protection so let's quit
}

if (*regiontype==PAGE_EXECUTE_READWRITE)
{
if ((PPDE->RW==1) && (PPDE->P==1) ) //only if it's present in memory.
{
// for undetect... start.
*memorysize+=16;
*memorysize+=PAGE_SIZE_LARGE;
*memorysize-=16;
// for undetect... End.
}
else
break;
}

if (*regiontype==PAGE_NOACCESS)
{
if ((PPDE->P==0) && (PPDE->A2==0))
{
// for undetect... start.
*memorysize+=15;
*memorysize+=PAGE_SIZE_LARGE;
*memorysize-=15;
// for undetect... End.
}
else
break;
}


}
else
{
//the 4MB bit wasn't set
//this means that we'll have to look through the PTEa PTE follows
BOOLEAN EverythingOK=TRUE;
while ((UINT_PTR)PPTE<((((UINT_PTR)(PPDE)+PTESize)-0xc0000000)/PTESize*0x1000)) //while the current PTE isn't in the memorylocation of the next PDE check the memory
{
if (*regiontype==PAGE_NOACCESS)
{
if ((PPTE->P==0) && (PPTE->A2==0)) //not readable so
{
// for undetect... start.
*memorysize+=0x300;
*memorysize-=0x200;
*memorysize+=0x900;
// for undetect... end.
}
else
{
EverythingOK=FALSE;
break; //the memory I found IS accessible
}


}

if (*regiontype==PAGE_EXECUTE_READWRITE)
{
if ((PPTE->RW==1) || ((PPTE->P==1) || (PPTE->A2==1) ))
{
// for undetect... start.
*memorysize+=0x300;
*memorysize-=0x200;
*memorysize+=0x900;
// for undetect... end.
//*memorysize+=0x1000; //writable or paged
}
else
{
EverythingOK=FALSE;
break;
}


}

if (*regiontype==PAGE_EXECUTE_READ)
{
if ((PPTE->RW==0) || ((PPTE->P==0) && (PPTE->A2==1) )) //read only or paged to disk (lets assume that the protection follows (just a gues)
{
// for undetect... start.
*memorysize+=0x400;
*memorysize-=0x200;
*memorysize+=0x800;
// for undetect... end.
//*memorysize+=0x1000;
}
else
{
//if it's writable
//or if it's not paged and the global bit is on
//then it isn't read-only
EverythingOK=FALSE;
break;
}
}
(UINT_PTR)PPTE=(UINT_PTR)PPTE+PTESize;
}

if (!EverythingOK) break;

}
}
else
{
//4MB of non paged memory
if (*regiontype==PAGE_NOACCESS)
{
// for undetect... start.
*memorysize+=13;
*memorysize+=PAGE_SIZE_LARGE; //increase the size of page_noaccess memory with 4 MB
*memorysize-=13;
// for undetect... end.
}
else
break; //no, the previous wasn't PAGE_NOACCESS so break with the current length
}

(UINT_PTR)PPDE=(UINT_PTR)PPDE+PTESize;
(UINT_PTR)PPTE=((UINT_PTR)(PPDE)-0xc0000000)/PTESize*0x1000; //point to the first PTE of the new PDE


reference from : http://forum.cheatengine.org/viewtopic.php?t=81663

_________________
Max ^_^)y
Back to top
View user's profile Send private message
Mattraks
How do I cheat?
Reputation: 0

Joined: 21 Oct 2007
Posts: 0
Location: IRAQ!

PostPosted: Thu Dec 06, 2007 8:51 pm    Post subject: Reply with quote

And you need to be able to debug registers but real nice
_________________
FOR ALLAH!
Back to top
View user's profile Send private message AIM Address Yahoo Messenger
overshark
Newbie cheater
Reputation: 0

Joined: 30 Nov 2007
Posts: 15

PostPosted: Thu Dec 06, 2007 9:09 pm    Post subject: Reply with quote

we can change debug register on that?
Back to top
View user's profile Send private message
Thlump
Grandmaster Cheater
Reputation: 0

Joined: 26 Aug 2007
Posts: 964
Location: 206.51.226.121

PostPosted: Thu Dec 06, 2007 10:35 pm    Post subject: Reply with quote

Maxjojo is right. Delphi 7 is a better program to use than VB6. VB6 is a bad language, because you don't get much power unlike C++.
_________________
Symbol wrote:
LOL!
Then its not a UCE, its UWF. (Undetected Windows Form. WITH BUTTONS! Laughing )
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Goto page 1, 2, 3  Next
Page 1 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites