Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


last C++ question..
Goto page Previous  1, 2, 3  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
lurc
Grandmaster Cheater Supreme
Reputation: 2

Joined: 13 Nov 2006
Posts: 1900

PostPosted: Thu Apr 10, 2008 2:49 pm    Post subject: Reply with quote

A Hook means that when the API is called it is redirected somehow, be it modification of the IAT or simple call at hte beggining of the API. Usually checks for something like a parameter containing information about the targeted process,dc,etc.

If it does contain that information it doesnt allow the API to be sent.

It is easily bypassed using the hook hop method. adding 5 bytes to the ProcAddy for the API your sending. Or even making a copy of the dll and creating a function wrapper that jumps to the imported function in the copied dll instead of using the direct api.

_________________
Back to top
View user's profile Send private message
AwayTheWInd
Master Cheater
Reputation: 0

Joined: 11 Sep 2007
Posts: 450

PostPosted: Thu Apr 10, 2008 3:17 pm    Post subject: Reply with quote

um..ok..i didnt get a word of that, but gunbound wont let me draw on top of it. i can draw on top of other stuff but not gunbound. is there anyway i can fix this or is gameguard/directx blocking me?

edit: ok i somewhat understand, so how could i use the "hook hop" method?

_________________
Back to top
View user's profile Send private message
lurc
Grandmaster Cheater Supreme
Reputation: 2

Joined: 13 Nov 2006
Posts: 1900

PostPosted: Thu Apr 10, 2008 5:21 pm    Post subject: Reply with quote

Assign a DWORD the return of GetProcAddress and then + 5 at the end of it.

then make a delcspec(naked) function that has the exact skeleton as the API your choosing and rewrite the first 5 bytes you jumped and jump to the DWORD you defined above as the GetProcAddress+5

Example: a wrapper hook hop for PostMessageA

Code:
DWORD dwPostMessage = (DWORD)GetProcAddress( LoadLibrary( _T("user32.dll") ), "PostMessageA" ) + 5;
declspec(naked) BOOL WINAPI PostMessageAW( HWND hWnd, UINT Message, WPARAM wParam, LPARAM lParam )
{
    _asm
    {
        mov edi,edi
        push ebp
        mov ebp,esp
        jmp dword ptr ds:[dwPostMessage]
    }
}


Edit:

Btw, this method ONLY works for a USER-MODE hook. If the API is hooked in kernel-mode then you have to create a driver.

_________________
Back to top
View user's profile Send private message
AwayTheWInd
Master Cheater
Reputation: 0

Joined: 11 Sep 2007
Posts: 450

PostPosted: Fri Apr 11, 2008 2:31 pm    Post subject: Reply with quote

um...how do i do this using the TextOut function?


edit: i tried this


DWORD dwTextOut = (DWORD)GetProcAddress( LoadLibrary( _T("user32.dll") ), "TextOutA" ) + 5;
declspec(naked) TextOut(aGunBound,50,42,buffer,size);


yeh retarded way of copying >.> and i got these errors:

C:\Documents and Settings\Owner\Desktop\KalBot0aix\KalBot0aix.cpp(37) : error C2065: '_T' : undeclared identifier
C:\Documents and Settings\Owner\Desktop\KalBot0aix\KalBot0aix.cpp(3Cool : error C2065: 'declspec' : undeclared identifier
C:\Documents and Settings\Owner\Desktop\KalBot0aix\KalBot0aix.cpp(3Cool : error C2065: 'naked' : undeclared identifier
C:\Documents and Settings\Owner\Desktop\KalBot0aix\KalBot0aix.cpp(3Cool : error C2146: syntax error : missing ';' before identifier 'TextOutA'

_________________
Back to top
View user's profile Send private message
lurc
Grandmaster Cheater Supreme
Reputation: 2

Joined: 13 Nov 2006
Posts: 1900

PostPosted: Fri Apr 11, 2008 9:03 pm    Post subject: Reply with quote

-_-.

You just cant copy my example and replace the words a bit.

1. TextOut is NOT located in user32.dll, if you searched it up you'd see its located in gdi32.dll
2. _T is a macro for UNICODE, its located in tchar.h and if ur not using a UNICODE Charecter Set for your project then you can just get rid of it.
3. My bad with the declspec(naked) theres an Undersqort before it.

_delcspec(naked) should work.

4. Your not calling it like a function -_-, your creating your own new wrapper function...

Get the Parameters and type of function that TextOut is and then make a new function with the same skeleton.

_________________
Back to top
View user's profile Send private message
Sinok
Cheater
Reputation: 0

Joined: 21 Mar 2008
Posts: 34

PostPosted: Sat Apr 12, 2008 1:00 am    Post subject: Reply with quote

lurc wrote:
-_-.

You just cant copy my example and replace the words a bit.

1. TextOut is NOT located in user32.dll, if you searched it up you'd see its located in gdi32.dll
2. _T is a macro for UNICODE, its located in tchar.h and if ur not using a UNICODE Charecter Set for your project then you can just get rid of it.
3. My bad with the declspec(naked) theres an Undersqort before it.

_delcspec(naked) should work.

4. Your not calling it like a function -_-, your creating your own new wrapper function...

Get the Parameters and type of function that TextOut is and then make a new function with the same skeleton.

I can't believe you're actually helping him, he copies your code and asks you why it won't work for him. Neutral
Clearly he doesn't know what he's doing :\
Back to top
View user's profile Send private message
AwayTheWInd
Master Cheater
Reputation: 0

Joined: 11 Sep 2007
Posts: 450

PostPosted: Sun Apr 13, 2008 7:41 am    Post subject: Reply with quote

k..um i know i said i would return in a week, but i got it working of a macromedia flash program. still cant get it working on gunbound though. must i add 5 bytes?
Back to top
View user's profile Send private message
lurc
Grandmaster Cheater Supreme
Reputation: 2

Joined: 13 Nov 2006
Posts: 1900

PostPosted: Sun Apr 13, 2008 8:46 am    Post subject: Reply with quote

AwayTheWInd wrote:
k..um i know i said i would return in a week, but i got it working of a macromedia flash program. still cant get it working on gunbound though. must i add 5 bytes?


Yes, you do if you want to bypass it with this method, because the first 5 bytes are changed by GameGuard to jump to a check they have. This is what blocks the API. So obviously we want to jump the call -.-

_________________
Back to top
View user's profile Send private message
AwayTheWInd
Master Cheater
Reputation: 0

Joined: 11 Sep 2007
Posts: 450

PostPosted: Sun Apr 13, 2008 9:32 am    Post subject: Reply with quote

um..im not sure if uve noticed but its not gameguard blocking it but the directx... wellt hats from my observations..


edit: iwas tricked by macromedia flash o.O!
well i only have one error left...

__declspec(naked)BOOL WINAPI myTextOutA(HDC,int,int,LPCTSTR,int);


C:\Documents and Settings\Owner\Desktop\HookHop\HookHop.cpp(17) : error C2488: 'myTextOutA' : 'naked' can only be applied to function definitions


Last edited by AwayTheWInd on Sun Apr 13, 2008 1:17 pm; edited 1 time in total
Back to top
View user's profile Send private message
AwayTheWInd
Master Cheater
Reputation: 0

Joined: 11 Sep 2007
Posts: 450

PostPosted: Sun Apr 13, 2008 1:27 pm    Post subject: Reply with quote

if i try to use typedef int(balh)(blahblahvlbahblah)


i use anohter dll with

blah = loadlibrary(hook.dll);

um i think u other stand it ahs the oter HHPtr stuff in it. as soon as i inject it into a process it crashes
Back to top
View user's profile Send private message
lurc
Grandmaster Cheater Supreme
Reputation: 2

Joined: 13 Nov 2006
Posts: 1900

PostPosted: Sun Apr 13, 2008 3:41 pm    Post subject: Reply with quote

Get rid of the ; at the end and make it a function, not a prototype. _declspec definitions cant be used as a prototype.
_________________
Back to top
View user's profile Send private message
AwayTheWInd
Master Cheater
Reputation: 0

Joined: 11 Sep 2007
Posts: 450

PostPosted: Sun Apr 13, 2008 5:02 pm    Post subject: Reply with quote

um this is my whole code.

#include "stdafx.h"
#define WIN32_LEAN_AND_MEAN
#include <windows.h>

BOOL bWantsExit = FALSE;

HINSTANCE hInst;
DWORD Hook;

int main()
{
hInst = LoadLibrary("gdi32.dll");
Hook = (DWORD)GetProcAddress(hInst,"TextOutA") + 5;
__declspec(naked) BOOL WINAPI myTextOutA(HDC,int,int,LPCTSTR,int)
{
__asm
{
mov edi, edi
push ebp
mov ebp, esp
jmp [Hook]

}
}
return 0;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwMsg, LPVOID lpReserved)
{
UNREFERENCED_PARAMETER( hModule );
UNREFERENCED_PARAMETER( lpReserved );

switch( dwMsg )
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls( hModule );
CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)main, NULL, 0, 0 );
return TRUE;
case DLL_PROCESS_DETACH:
bWantsExit = TRUE;
return TRUE;
}
return TRUE;
}

i get this error:

C:\Documents and Settings\Owner\Desktop\HookHop\HookHop.cpp(1Cool : error C2601: 'myTextOutA' : local function definitions are illegal
Back to top
View user's profile Send private message
lurc
Grandmaster Cheater Supreme
Reputation: 2

Joined: 13 Nov 2006
Posts: 1900

PostPosted: Sun Apr 13, 2008 5:07 pm    Post subject: Reply with quote

You defined the entire wrapper function WITHIN main. Move the function out of it so its on its own outside the code.
_________________
Back to top
View user's profile Send private message
AwayTheWInd
Master Cheater
Reputation: 0

Joined: 11 Sep 2007
Posts: 450

PostPosted: Sun Apr 13, 2008 5:32 pm    Post subject: Reply with quote

damn..i feel so dumb when im doing this hookhop stuff.. first time..

C:\Documents and Settings\Owner\Desktop\HookHop\HookHop.cpp(12) : error C2447: missing function header (old-style formal list?)

{
hInst = LoadLibrary("gdi32.dll");
Hook = (DWORD)GetProcAddress(hInst,"TextOutA") + 5;
__declspec(naked) BOOL WINAPI myTextOutA(HDC,int,int,LPCTSTR,int)
}
int main()
{
__asm
{
mov edi, edi
push ebp
mov ebp, esp
jmp [Hook]

}
return 0;
}
Back to top
View user's profile Send private message
lurc
Grandmaster Cheater Supreme
Reputation: 2

Joined: 13 Nov 2006
Posts: 1900

PostPosted: Sun Apr 13, 2008 6:25 pm    Post subject: Reply with quote

oh now you moved the function header out but left the entire actual function in the main...

the inline asm is part of the declspec(naked) -_-

All your dll work goes IN MAIN.

the ONLY thing in your _declspec(naked) wrapper is the inline asm -_-

Go Learn the basics of C++. PLEASE!

_________________
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Goto page Previous  1, 2, 3  Next
Page 2 of 3

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites