| View previous topic :: View next topic |
| Author |
Message |
talkerzero
Grandmaster Cheater
![]() Reputation: 1
Joined: 24 Jul 2008
Posts: 560
Location: California
|
 Posted: Sun Sep 06, 2009 9:06 am Post subject: |
 |
|
NoMercy:
| Code: | | #include <windows.h> |
|
|
| Back to top |
|
 |
NoMercy
Master Cheater
![]() Reputation: 1
Joined: 09 Feb 2009
Posts: 289
|
| Posted: Sun Sep 06, 2009 9:10 am Post subject: |
|
|
| Code: | #include <windows.h>
#define JMP(frm,to) (((int)to - (int)frm)-5)
DWORD First = 0x005b91f1;
DWORD Second = 0x005b91f1;
DWORD Address = 0x0051E1A7;
*(BYTE*)Address = 0xe9;
*(DWORD*)(Address+1) = JMP(Address,UnlimitedCheck); |
all ready have that, thanks at least
Last edited by NoMercy on Sun Sep 06, 2009 9:20 am; edited 1 time in total |
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Sun Sep 06, 2009 9:14 am Post subject: |
|
|
| NoMercy wrote: | | Code: | #include <windows.h>
#define JMP(frm,to) (((int)to - (int)frm)-5)
DWORD First = 0x005b91f1;
DWORD Second = 0x005b91f1;
DWORD Address = 0x0051E1A7;
*(BYTE*)Address = 0xe9;
*(DWORD*)(Address+1) = JMP(Address,UnlimitedCheck); |
all ready have that |
where is your entry point/main.. ?
|
|
| Back to top |
|
|
igoticecream
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 23 Apr 2006
Posts: 1807
Location: 0x00400000
|
| Posted: Tue Sep 15, 2009 7:03 pm Post subject: |
|
|
| I think it is preferable to use the byte 0xE8 (call) for the detour, and return with a simple ret
|
|
| Back to top |
|
|
namek303
Grandmaster Cheater
 Reputation: 0
Joined: 05 Jun 2006
Posts: 709
|
| Posted: Sun Oct 04, 2009 10:40 am Post subject: |
|
|
Ive been playing with this a bit, included windows.h
but i'm still getting this error.
error C2400: inline assembler syntax error in 'opcode'; found 'Address'
which points to this line
| Code: | | DWORD Address = 0x007E62FA; |
error C2400: inline assembler syntax error in 'opcode'; found '*'
and this that points to this line
| Code: | | *(BYTE*)Address = 0xe9; |
error C2400: inline assembler syntax error in 'opcode'; found '*'
and this points to
| Code: | | *(DWORD*)(Address+1) |
Also this is how im doing it.
| Code: | if (CH_fasthealth == 1){
__asm
{
DWORD Address = 0x007E62FA;
*(BYTE*)Address = 0xe9; // defining jump opcode
*(DWORD*)(Address+1) = JMP(Address,myCodeCave);
}
}
|
Does that seem right?
Thanks btw 
BTW this is the script i'm trying to convert.
| Code: | [ENABLE]
alloc(DrakoSpeed,16)
label(ReturnSpeed)
label(SpeedValue)
registersymbol(SpeedValue)
007E62FA: //D9 40 08 5F 5E C3 8B 0D
jmp DrakoSpeed
ReturnSpeed:
DrakoSpeed:
fld dword ptr [SpeedValue]
pop edi
pop esi
jmp ReturnSpeed
SpeedValue:
db 00 00 20 41
[DISABLE]
dealloc(DrakoSpeed)
unregistersymbol(SpeedValue)
007E62FA:
fld dword ptr [eax+08]
pop edi
pop esi |
would be nice if someone made a FULL tutorial on AA converting. (would have saved me more time. i would do it but i feel im still learning how to convert it properly. or if u know a good tut besides this link. let me know) thanks
_________________
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Sun Oct 04, 2009 11:58 am Post subject: |
|
|
dude..
you cannot use C++ commands in inline assembly lol
| Code: |
*(BYTE*)Address = 0xe9;
// etc
|
isn't familiar to assembly syntax
that's C++ syntax which tells the program to move one byte to Address 0xe9
and right after that move a whole dword value to address + 1
if u wanna make that in inline assembly use the following
| Code: |
DWORD Address = 0x007E62FA;
__asm
{
push eax
push ebx
mov eax,Address
mov ebx,MyCodeCave
sub ebx,eax
sub ebx,5
mov byte ptr ds:[eax],0xe9
mov dword ptr ds:[eax+1],ebx
add Address,5
}
|
hope u got the idea
|
|
| Back to top |
|
|
namek303
Grandmaster Cheater
Reputation: 0
Joined: 05 Jun 2006
Posts: 709
|
| Posted: Sun Oct 04, 2009 12:16 pm Post subject: |
|
|
Something like (this is off the top of my head btw, thats why u dont see the includes)
| Code: |
__declspec(naked) void myCodeCave ()
{
__asm
{
fld dword ptr [eax+11];
pop edi;
pop esi ;
}
}
Main{
DWORD Address = 0x007E62FA;
__asm
{
push eax;
push ebx;
mov eax,Address;
mov ebx,myCodeCave;
sub ebx,eax;
sub ebx,5;
mov byte ptr ds:[eax],0xe9;
mov dword ptr ds:[eax+1],ebx;
add Address,5;
}
}
} |
_________________
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Mon Oct 05, 2009 1:53 am Post subject: |
|
|
you shouldn't put ; at the end of assembly commands
and right after your asm code is done you suppose to return to the original code
| Code: |
__declspec(naked) void myCodeCave ()
{
__asm
{
fld dword ptr [eax+11]
pop edi
pop esi
jmp dword ptr ds:[Address]
}
}
|
|
|
| Back to top |
|
|
namek303
Grandmaster Cheater
Reputation: 0
Joined: 05 Jun 2006
Posts: 709
|
| Posted: Mon Oct 05, 2009 9:24 am Post subject: |
|
|
Thank you
I have one more question. is there any know tool or site to convert this
_________________
|
|
| Back to top |
|
|
smartz993
I post too much
 Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Mon Oct 05, 2009 2:16 pm Post subject: |
|
|
| namek303 wrote: | Thank you
I have one more question. is there any know tool or site to convert this
|
| Code: | | *(DWORD*)address = 0x41200000; |
|
|
| Back to top |
|
|
namek303
Grandmaster Cheater
Reputation: 0
Joined: 05 Jun 2006
Posts: 709
|
| Posted: Mon Oct 05, 2009 3:26 pm Post subject: |
|
|
Ah ok makes sense. converted it to float and gave me 10. perfect thank u.
_________________
|
|
| Back to top |
|
|
NoMercy
Master Cheater
![]() Reputation: 1
Joined: 09 Feb 2009
Posts: 289
|
| Posted: Wed Oct 07, 2009 7:16 am Post subject: |
|
|
i failed again, ive got this
but i get huge error when i test it
| Code: | void __declspec(naked) __stdcall PinUnRan ()
{
__asm
{
add eax,edx
push edx
shr edx,0x1
cmp edx,0x09
je zeroAlign
ja continueCompare
inc edx
jmp continueCompare
zeroAlign:
mov edx,0x0
continueCompare:
mov [eax],edx
pop edx
cmp byte ptr [eax],0x0a
}
}
void PinUnRanDomizer (HWND hWnd)
{
char PinClean [32];
//Clean
SetDlgItemText(hWnd, IDC_PINUN , "On" );
memcpy (PinClean, (void*)PinAdress,11);
//Code Cave Blink
*(BYTE*)PinAdress = 0xE9;
*(DWORD*)(PinAdress + 1) = JMP(PinAdress, PinUnRan);
//Wait
while (!PinUnRanDomizerExit)
Sleep (100);
//Off
SetDlgItemText(hWnd, IDC_PINUN , "Off" );
memcpy ((void*)PinAdress,PinClean,11);
} |
btw it compiles without problems
and could some1 explain this:
| Code: | | *(BYTE*) and *(DWORD*) |
i know how to use, but i wanna know wut it excalty does
thanks at least
|
|
| Back to top |
|
|
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Wed Oct 07, 2009 7:54 am Post subject: |
|
|
DWORD = 4 Bytes
BYTE = Well.. 1 Byte
|
|
| Back to top |
|
|
NoMercy
Master Cheater
![]() Reputation: 1
Joined: 09 Feb 2009
Posts: 289
|
| Posted: Wed Oct 07, 2009 8:03 am Post subject: |
|
|
| Noz3001 wrote: | DWORD = 4 Bytes
BYTE = Well.. 1 Byte |
i was that far
but why do u do *(DWORD*)?
no idea why it doesnt work?
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Wed Oct 07, 2009 11:26 am Post subject: |
|
|
| NoMercy wrote: | i failed again, ive got this
but i get huge error when i test it
| Code: | void __declspec(naked) __stdcall PinUnRan ()
{
__asm
{
add eax,edx
push edx
shr edx,0x1
cmp edx,0x09
je zeroAlign
ja continueCompare
inc edx
jmp continueCompare
zeroAlign:
mov edx,0x0
continueCompare:
mov [eax],edx
pop edx
cmp byte ptr [eax],0x0a
}
}
void PinUnRanDomizer (HWND hWnd)
{
char PinClean [32];
//Clean
SetDlgItemText(hWnd, IDC_PINUN , "On" );
memcpy (PinClean, (void*)PinAdress,11);
//Code Cave Blink
*(BYTE*)PinAdress = 0xE9;
*(DWORD*)(PinAdress + 1) = JMP(PinAdress, PinUnRan);
//Wait
while (!PinUnRanDomizerExit)
Sleep (100);
//Off
SetDlgItemText(hWnd, IDC_PINUN , "Off" );
memcpy ((void*)PinAdress,PinClean,11);
} |
btw it compiles without problems
and could some1 explain this:
| Code: | | *(BYTE*) and *(DWORD*) |
i know how to use, but i wanna know wut it excalty does
thanks at least |
what kind of error do you get?
perhaps you should remove __stdcall from function declaration
i don't think it fits to those kinds of functions
or it could be because you're writing to the memory address (PinAddress) but not specifying for what process
i guess the easiest way is to create it as dll file and inject it to your current process
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
