| View previous topic :: View next topic |
| Author |
Message |
yoyonerd
Grandmaster Cheater
 Reputation: 0
Joined: 26 Apr 2008
Posts: 699
Location: -->formerly yoyonerd<--
|
 Posted: Thu May 21, 2009 6:33 pm Post subject: [C#]Declare and instantiate variable during runtime? |
 |
|
Is there a way for me to do that?
(I have a faint idea on how to do it, I just want to know if somebody already knows how. It'll save me many hours of blood, sweat, and tears.)
.
EDIT:
Does anyone know if I can use PostMessage to send arrow keys if HackShield Pro is the hack protection.[/b]
_________________
Last edited by yoyonerd on Mon May 25, 2009 1:17 am; edited 1 time in total |
|
| Back to top |
|
 |
talkerzero
Grandmaster Cheater
![]() Reputation: 1
Joined: 24 Jul 2008
Posts: 560
Location: California
|
| Posted: Thu May 21, 2009 6:46 pm Post subject: Re: [C#]How can I instantiate a variable during runtime? |
|
|
| yoyonerd wrote: | | Does anyone know if I can use PostMessage to send arrow keys if HackShield Pro is the hack protection. |
Yes, you can.
|
|
| Back to top |
|
|
yoyonerd
Grandmaster Cheater
Reputation: 0
Joined: 26 Apr 2008
Posts: 699
Location: -->formerly yoyonerd<--
|
| Posted: Thu May 21, 2009 7:06 pm Post subject: Re: [C#]How can I instantiate a variable during runtime? |
|
|
| talker0 wrote: | | yoyonerd wrote: | | Does anyone know if I can use PostMessage to send arrow keys if HackShield Pro is the hack protection. |
Yes, you can. |
So do you know if I can use PostMessage (un-trampoline'd) to make my character move left or right in say a game that was once allowed in this forum.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Thu May 21, 2009 7:20 pm Post subject: Re: [C#]How can I instantiate a variable during runtime? |
|
|
| yoyonerd wrote: | | talker0 wrote: | | yoyonerd wrote: | | Does anyone know if I can use PostMessage to send arrow keys if HackShield Pro is the hack protection. |
Yes, you can. |
So do you know if I can use PostMessage (un-trampoline'd) to make my character move left or right in say a game that was once allowed in this forum. |
PostMessage won't do the trick. Use SendInput with CrippleHS which removes kernel hooks.
|
|
| Back to top |
|
|
yoyonerd
Grandmaster Cheater
Reputation: 0
Joined: 26 Apr 2008
Posts: 699
Location: -->formerly yoyonerd<--
|
| Posted: Thu May 21, 2009 7:57 pm Post subject: |
|
|
Ahh, thank you!
Neckson switching to HackShield Pro really screwed themselves up.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Fri May 22, 2009 5:07 pm Post subject: |
|
|
| yoyonerd wrote: | Ahh, thank you!
Neckson switching to HackShield Pro really screwed themselves up. |
Not really. SendInput was already easy to bypass when GameGuard was still here.
|
|
| Back to top |
|
|
yoyonerd
Grandmaster Cheater
Reputation: 0
Joined: 26 Apr 2008
Posts: 699
Location: -->formerly yoyonerd<--
|
| Posted: Fri May 22, 2009 5:27 pm Post subject: |
|
|
Was it just the regular trampoline bypass?
I never knew SendInput could be used for arrow keys >.>
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Fri May 22, 2009 6:10 pm Post subject: |
|
|
| yoyonerd wrote: | Was it just the regular trampoline bypass?
I never knew SendInput could be used for arrow keys >.> |
SendInput is hooked in kernel mode. So you have two choices: Hop the kernel hook or copy it. I just copied it and registered a new service pointing at my sendinput and it works. Now that we have HS, this isn't needed unless your not using CrippleHS.
|
|
| Back to top |
|
|
yoyonerd
Grandmaster Cheater
Reputation: 0
Joined: 26 Apr 2008
Posts: 699
Location: -->formerly yoyonerd<--
|
| Posted: Fri May 22, 2009 6:15 pm Post subject: |
|
|
| dnsi0 wrote: | | yoyonerd wrote: | Was it just the regular trampoline bypass?
I never knew SendInput could be used for arrow keys >.> |
SendInput is hooked in kernel mode. So you have two choices: Hop the kernel hook or copy it. I just copied it and registered a new service pointing at my sendinput and it works. Now that we have HS, this isn't needed unless your not using CrippleHS. |
Is hopping the kernel hook the same as when we used to hook hop GG? As in trampolining the first 5 bytes?
If it isn't to hard to do, I might just do that instead of using CrippleHS since I can't get the injection code I'm using to work...(I'm using the one that was made in GP+)
Well it works, but when I inject nothing opens up, me thinks it might be vista but I've never really had a problem hacking before.
dnsi0, do you have an MSN or AIM?
_________________
|
|
| Back to top |
|
|
manc
Grandmaster Cheater
 Reputation: 1
Joined: 16 Jun 2006
Posts: 551
|
| Posted: Fri May 22, 2009 8:25 pm Post subject: |
|
|
| yoyonerd wrote: |
Well it works, but when I inject nothing opens up, me thinks it might be vista but I've never really had a problem hacking before. |
Nothin is supposed to come up..it just cripples it silently, no need for an interface.
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sat May 23, 2009 7:06 am Post subject: |
|
|
| yoyonerd wrote: | | dnsi0 wrote: | | yoyonerd wrote: | Was it just the regular trampoline bypass?
I never knew SendInput could be used for arrow keys >.> |
SendInput is hooked in kernel mode. So you have two choices: Hop the kernel hook or copy it. I just copied it and registered a new service pointing at my sendinput and it works. Now that we have HS, this isn't needed unless your not using CrippleHS. |
Is hopping the kernel hook the same as when we used to hook hop GG? As in trampolining the first 5 bytes?
If it isn't to hard to do, I might just do that instead of using CrippleHS since I can't get the injection code I'm using to work...(I'm using the one that was made in GP+)
Well it works, but when I inject nothing opens up, me thinks it might be vista but I've never really had a problem hacking before.
dnsi0, do you have an MSN or AIM? |
Not really. Its actually really REALLY messy... Since Kernel Mode only has a function called MMGetSystemRouteinAddress() it pretty much screwed at getting Win32k.sys's functions. Since that function only retrieves addresses in Ntoskrnl.exe and Hal.dll X.X. So the other way is to retrieve it by KeServiceDescriptorTableShadow (FerrisBullerYourMyHero's Method). However this method FAILs on my computer because I have kaspersky internet security and it hooks SendInput into klif.sys so thats bs... So the method I used was a copied the bytes from the first 2 pushes of the code and just made a scan for it in win32k.sys. And return the address from it. Since not everyone's first 7 bytes are the same (because its PUSH xx then PUSH XXXXXXXX) (The first is the same but the second is not always) So you have to use CopyMemory and copy it into your Naked function. So you need to put like 7 nops there to do that.
My NtUserSendInput's Fist Few Bytes:
| Code: | bf8c31a9 6a18 push 18h
bf8c31ab 68d8d798bf push offset win32k!`string'+0x5b8 (bf98d7d8)
bf8c31b0 e8b3d9f3ff call win32k!_SEH_prolog (bf800b68)
bf8c31b5 8365e400 and dword ptr [ebp-1Ch],0
bf8c31b9 e8fcd8f3ff call win32k!EnterCrit (bf800aba)
bf8c31be 837d101c cmp dword ptr [ebp+10h],1Ch
bf8c31c2 0f85c8000000 jne win32k!NtUserSendInput+0xff (bf8c3290)
bf8c31c8 8b7508 mov esi,dword ptr [ebp+8] |
I don't like this way so I just did:
Allocate some non-paged memory and copied the entire Win32k.sys over XD. Then I used the same method as above to get the address of SendInput then I did this: (SendInput-REadWin32k.sys)+FakeWin32k.sys
That's the new address. So I just registered a new service with that address and have my application all that. It works very well.
|
|
| Back to top |
|
|
yoyonerd
Grandmaster Cheater
Reputation: 0
Joined: 26 Apr 2008
Posts: 699
Location: -->formerly yoyonerd<--
|
| Posted: Sat May 23, 2009 6:33 pm Post subject: |
|
|
Damn, I'm still learning all of this stuff lol.
I've known how to program for a while, but all this low-level stuff is what I'm doing now.
So exciting to me =D
I'm going to guess you use C++ for this stuff though.
BTW, last question, I noticed SendInput does not have a Handle Parameter, does that mean it will only work on the foreground window?
_________________
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sat May 23, 2009 7:55 pm Post subject: |
|
|
| yoyonerd wrote: | Damn, I'm still learning all of this stuff lol.
I've known how to program for a while, but all this low-level stuff is what I'm doing now.
So exciting to me =D
I'm going to guess you use C++ for this stuff though.
BTW, last question, I noticed SendInput does not have a Handle Parameter, does that mean it will only work on the foreground window? |
Yes
|
|
| Back to top |
|
|
NINTENDO
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 02 Nov 2007
Posts: 1371
|
| Posted: Sun May 24, 2009 12:51 pm Post subject: |
|
|
Why would it be benefitable to init a var at runtime?
_________________
Intel over amd yes. |
|
| Back to top |
|
|
yoyonerd
Grandmaster Cheater
Reputation: 0
Joined: 26 Apr 2008
Posts: 699
Location: -->formerly yoyonerd<--
|
| Posted: Mon May 25, 2009 1:17 am Post subject: |
|
|
| Beloved Hero wrote: | | Why would it be benefitable to init a var at runtime? |
I actually meant declare AND instantiate variables at runtime. I was sleepy when I made the thread, now I look like an idiot ._.
If you wanna know, I'm making a macro program, having variables as part of a script would be pretty useful.
_________________
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
