 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Ridor
Newbie cheater
![]() Reputation: 0
Joined: 28 Feb 2008
Posts: 14
|
 Posted: Fri Feb 29, 2008 10:35 pm Post subject: Vista MineSweeper Hook Help |
 |
|
HI, I'm trying to practice hooks and I can't seem to get one to work even for vista's minesweeper...
Here is my code which is based on Systat's code he show'd me:
| Code: |
#include <windows.h>
#include <detours.h>
void (__fastcall *ShowAbout_orig)();
void __fastcall ShowAbout() {
MessageBox(NULL, "Hook Successful","About",MB_OK);
}
int WINAPI DllMain(HINSTANCE hInst,DWORD reason,LPVOID reserved)
{
switch(reason)
{
case DLL_PROCESS_ATTACH:
ShowAbout_orig=(void(__fastcall*)())DetourFunction((PBYTE)0x0101FED4,(PBYTE)ShowAbout);
break;
case DLL_PROCESS_DETACH:
break;
}
return true;
}
|
Here is the IDA Pro entry where I got the address if you can read the image:
I'm guessing the problem has something do with the function being in a structure/class. If that is the problem, how do I go about fixing it?
|
|
| Back to top |
|
 |
systat
Advanced Cheater
 Reputation: 0
Joined: 15 Feb 2008
Posts: 54
|
| Posted: Sat Mar 01, 2008 3:56 am Post subject: |
|
|
Hmm, you cant get it work probably because starting addresses of functions are different on Vista, press on Functions tab in IDA,
there find function DoAbout(), click on that function, so that it is selected, and press ctrl+e, there you should see starting address of function, something like .text:01003D1D, so the starting address of that function is 0x01003D1D in hex, now if starting address is different in vista is different than this, then you should change this code
| Code: | | DoAbout_orig=(void(__fastcall*)())DetourFunction((PBYTE)0x01003D1D,(PBYTE)DoAbout); |
to
| Code: | | DoAbout_orig=(void(__fastcall*)())DetourFunction((PBYTE)0xYOURSTARTINGADDRESS,(PBYTE)DoAbout); |
_________________
uuuuuuuuuuuuu |
|
| Back to top |
|
|
Ridor
Newbie cheater
![]() Reputation: 0
Joined: 28 Feb 2008
Posts: 14
|
| Posted: Sat Mar 01, 2008 6:32 am Post subject: |
|
|
| systat wrote: | Hmm, you cant get it work probably because starting addresses of functions are different on Vista, press on Functions tab in IDA,
there find function DoAbout(), click on that function, so that it is selected, and press ctrl+e, there you should see starting address of function, something like .text:01003D1D, so the starting address of that function is 0x01003D1D in hex, now if starting address is different in vista is different than this, then you should change this code
| Code: | | DoAbout_orig=(void(__fastcall*)())DetourFunction((PBYTE)0x01003D1D,(PBYTE)DoAbout); |
to
| Code: | | DoAbout_orig=(void(__fastcall*)())DetourFunction((PBYTE)0xYOURSTARTINGADDRESS,(PBYTE)DoAbout); |
|
I did change the address, see the the address in my code example? and then look at the one in the image. They are the same.
Mine is 0101FED4 according to IDA Pro, but it don't work. It doesn't hook the function. It does load the library though because I can see it in the library list for the process and I can put a messagebox under the detourfunction() function and it will pop up the message box when I inject the DLL using the same icon as minesweeper.
|
|
| Back to top |
|
|
systat
Advanced Cheater
Reputation: 0
Joined: 15 Feb 2008
Posts: 54
|
| Posted: Sat Mar 01, 2008 6:49 am Post subject: |
|
|
It seems you opened different version of minesweeper, just go to start->run->WINMINE
do that, this is my screenshot of IDA, your DoAbout functionis completely different function than my.
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sat Mar 01, 2008 9:47 am Post subject: |
|
|
I just wrote this real quick for Windows XP, but should work just the same for Vista, all you should have to do is fix the address which is very easy to do:
| Code: |
#include <windows.h>
#include <tchar.h>
#include "Detours/detours.h"
//
// DoAbout() Address --- Change As Needed For Your Version
// of Minesweeper.
//
#define DOABOUT_ADDRESS 0x01003D1D
//---------------------------------------------------------------------------------------------------------
// @Function: DoMyAbout
// @Purpose : Hooked About function that will be injected into Minesweeper.
// @Returns : Nothing
// @Params : Nothing
//---------------------------------------------------------------------------------------------------------
void __stdcall DoMyAbout()
{
MessageBox( 0, _T("This is my hooked about box."), _T("Hooked About"), MB_OK|MB_ICONINFORMATION );
}
//---------------------------------------------------------------------------------------------------------
// @Function: DllMain
// @Purpose : Main dll entry point. First function called.
// @Returns : Boolean
// @Params : HMODULE, DWORD, LPVOID
//---------------------------------------------------------------------------------------------------------
BOOL APIENTRY DllMain( HMODULE hModule, DWORD dwReason, LPVOID lpReserved )
{
UNREFERENCED_PARAMETER( lpReserved );
switch( dwReason )
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls( hModule );
DetourFunction( (PBYTE)DOABOUT_ADDRESS, (PBYTE)DoMyAbout );
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
} |
Project attached so refresh if you need to. Already compiled in the release folder which includes WinJect and my version of Minesweeper that was on my system.
_________________
- Retired. |
|
| Back to top |
|
|
systat
Advanced Cheater
Reputation: 0
Joined: 15 Feb 2008
Posts: 54
|
| Posted: Sat Mar 01, 2008 2:41 pm Post subject: |
|
|
Wiccan, your code doesnt work when i try sometihng like this(Minesweeper freeze), why?
| Code: | #include <windows.h>
#include <detours.h>
#define GAMEOVER_ADDRESS 0x0100347C
#define DOABOUT_ADDRESS 0x01003D1D
int __stdcall MyGameOver(int x)
{
return MyGameOver(x);
}
void __stdcall MyDoAbout()
{
MyGameOver(1);
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD dwReason, LPVOID lpReserved )
{
UNREFERENCED_PARAMETER( lpReserved );
switch( dwReason )
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls( hModule );
DetourFunction( (PBYTE)DOABOUT_ADDRESS, (PBYTE)MyDoAbout );
DetourFunction( (PBYTE)GAMEOVER_ADDRESS, (PBYTE)MyGameOver );
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
} |
GameOver is recursive.
_________________
uuuuuuuuuuuuu |
|
| Back to top |
|
|
Ridor
Newbie cheater
![]() Reputation: 0
Joined: 28 Feb 2008
Posts: 14
|
| Posted: Sat Mar 01, 2008 2:56 pm Post subject: |
|
|
| systat wrote: | It seems you opened different version of minesweeper, just go to start->run->WINMINE
do that, this is my screenshot of IDA, your DoAbout functionis completely different function than my.
|
There is no winmine on vista. I opened the vista version of minesweeper which is minesweeper.exe. They completely rewrote the game for vista. I'm not trying to get yours working, I'm trying to get mine working for the vista version. I got the start address for the ShowAboutDialog function and hooked it like you did yours in your minesweeper hook, but mine isn't working.
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sat Mar 01, 2008 3:09 pm Post subject: |
|
|
| systat wrote: | Wiccan, your code doesnt work when i try sometihng like this(Minesweeper freeze), why?
| Code: | #include <windows.h>
#include <detours.h>
#define GAMEOVER_ADDRESS 0x0100347C
#define DOABOUT_ADDRESS 0x01003D1D
int __stdcall MyGameOver(int x)
{
return MyGameOver(x);
}
void __stdcall MyDoAbout()
{
MyGameOver(1);
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD dwReason, LPVOID lpReserved )
{
UNREFERENCED_PARAMETER( lpReserved );
switch( dwReason )
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls( hModule );
DetourFunction( (PBYTE)DOABOUT_ADDRESS, (PBYTE)MyDoAbout );
DetourFunction( (PBYTE)GAMEOVER_ADDRESS, (PBYTE)MyGameOver );
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
} |
GameOver is recursive. |
I would assume it is freezing because you are doing...
| Code: | int __stdcall MyGameOver(int x)
{
return MyGameOver(x);
} |
You are creating an endless loop. This will just keep calling that function over and over again. If you are simply trying to "proxy" the function, you will need to make a call back to the original GameOver function, and not call yours again.
_________________
- Retired. |
|
| Back to top |
|
|
systat
Advanced Cheater
Reputation: 0
Joined: 15 Feb 2008
Posts: 54
|
| Posted: Sat Mar 01, 2008 3:47 pm Post subject: |
|
|
I send you a PM, can you plz reply?*
_________________
uuuuuuuuuuuuu |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sun Mar 02, 2008 6:59 am Post subject: |
|
|
| systat wrote: | | I send you a PM, can you plz reply?* |
If you were referring to me, I didn't get any PM.
On a side note, Ridor and I worked on this a bit off the forums last night, I downloaded the emulated version of the Vista games and got the hook I wrote above to work fine simply by changing the address. But, it would not work for Ridor's actual Vista system.
I have never touched Vista enough to say anything about this, but I would say it looks like the injection is being blocked. We tried using VirtualProtect to adjust the rights of the memory location it would be writing the detour but that didn't help either.
From what I can see, my guess is something is blocking it from working on Vista, or, theres something in Detours that doesn't work on Vista applications?
Not too sure though.
_________________
- Retired. |
|
| Back to top |
|
|
samuri25404
Grandmaster Cheater
 Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Sun Mar 02, 2008 9:02 am Post subject: |
|
|
Hmm... Why might that be, Wicc?
BECAUSE VISTA = PHAILURE.
Unfortunately, some games require Vista (like Halo 2, for example); if you can avoid upgrading to Vista, anyone, then do so--it's gonna make your life a hell of a lot easier.
_________________
|
|
| Back to top |
|
|
charch84
How do I cheat?
![]() Reputation: 0
Joined: 25 Mar 2008
Posts: 7
|
| Posted: Sat Apr 05, 2008 2:16 pm Post subject: |
|
|
I get this error when I try to use Wiccan's code:
| Quote: | | error C3861: 'DetourFunction': identifier not found |
|
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sat Apr 05, 2008 3:51 pm Post subject: |
|
|
| charch84 wrote: | I get this error when I try to use Wiccan's code:
| Quote: | | error C3861: 'DetourFunction': identifier not found |
|
You need the Detours lib and header from Microsofts Research center. You need version 1.5 for those functions as the newer versions of Detours changed some.
I uploaded the compiled version of 1.5 here:
http://home.comcast.net/~wiccaan/downloads/Detours.rar
_________________
- Retired. |
|
| Back to top |
|
|
charch84
How do I cheat?
![]() Reputation: 0
Joined: 25 Mar 2008
Posts: 7
|
| Posted: Sat Apr 05, 2008 7:44 pm Post subject: |
|
|
| Wiccaan wrote: | | charch84 wrote: | I get this error when I try to use Wiccan's code:
| Quote: | | error C3861: 'DetourFunction': identifier not found |
|
You need the Detours lib and header from Microsofts Research center. You need version 1.5 for those functions as the newer versions of Detours changed some.
I uploaded the compiled version of 1.5 here:
http://home.comcast.net/~wiccaan/downloads/Detours.rar |
Thank you  It works now.
|
|
| Back to top |
|
|
virusinfektion
How do I cheat?
![]() Reputation: 0
Joined: 06 May 2008
Posts: 8
|
| Posted: Wed Mar 04, 2009 12:54 pm Post subject: |
|
|
Bumping an old thread, but im new to hooking and well ive read over this thread and need some help. Could somebody please tell me what im doing wrong?
Im getting these compile errors, and I cant seem to figure out why.
| Code: | 1>MSVCRTD.lib(crtexew.obj) : error LNK2019: unresolved external symbol _WinMain@16 referenced in function ___tmainCRTStartup
1>C:\Users\Paul\Documents\Visual Studio 2008\Projects\Minesweeper\Debug\Minesweeper.exe : fatal error LNK1120: 1 unresolved externals
|
| Code: |
#include <windows.h>
#include <detours.h>
void (__stdcall *StartAboutDialog_o)(int x);
void __stdcall StartAboutDialog(int x)
{
MessageBox(NULL,L"Detour Success.",L"Detour.", MB_OK|MB_ICONINFORMATION);
return StartAboutDialog(x);
}
int WINAPI DllMain(HINSTANCE hInst,DWORD reason,LPVOID reserved)
{
switch(reason)
{
case DLL_PROCESS_ATTACH:
StartAboutDialog_o = (void(__stdcall *)(int))DetourFunction((PBYTE)0x0101FD9D,(PBYTE)StartAboutDialog);
break;
case DLL_PROCESS_DETACH:
DetourFunction((PBYTE)0x0101FD9D,(PBYTE)StartAboutDialog);
break;
}
return true;
}
|
Im using Visual Studio 2008 and Vista 32bit for my operating system btw
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
