View previous topic :: View next topic |
Author |
Message |
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Wed Aug 04, 2010 6:40 am Post subject: Does createthread run "on demand?" |
|
|
Hi folks,
Does the auto-assembler's createthread function spawn a new thread whenever it is called, or does it just happen when the script is first assembled? That is, if I need to trigger an event to happen at some later time, can I spawn a thread with createthread to handle it? I can't tell from the documentation, and all the examples I've seen just use it to execute code from a different context.
Thanks in advance,
adude
|
|
Back to top |
|
|
XaLeX Expert Cheater Reputation: 0
Joined: 19 Aug 2008 Posts: 226
|
Posted: Wed Aug 04, 2010 8:58 am Post subject: |
|
|
To me it looks like some sort of preprocessor directive.
I did some testing and if it's placed in a non executed block, it still spawns the thread.
that is, if you do something like
Code: |
sub:
//something
ret
otherfunc:
jmp out
createthread(sub)
out:
|
sub is executed.
---EDIT: also, it assembles to nothing.
Code: |
label(somelabel)
registersymbol(somelabel)
label(someotherlabel)
registersymbol(someotherlabel)
4038b0:
jmp short 4038bc
somelabel:
createthread(routine)
someotherlabel:
//...
|
both labels are located at 4038B2, that is, after the short jump.
Last edited by XaLeX on Wed Aug 04, 2010 9:08 am; edited 1 time in total |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Wed Aug 04, 2010 9:02 am Post subject: |
|
|
createthrea spawns the thread each time the script is executed.
If you want to make it happen at specific times, you have to do a code injection at a often used location, and there check for the event. And on that event call CreateThread
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Wed Aug 04, 2010 9:39 am Post subject: |
|
|
That was a good way to check, Xalex! Thanks for the taking a look, mate.
Thank you, too, for the suggestion DB. I had to read your response five times before I understood what you meant - but now that I see what you mean, it makes perfect sense. And I would want to still create a thread in such a situation instead of dispatching my own events because of the performance hit incurred by patching in a bunch of junk in a tightly nested loop.
Man, you guys are sharp!
I think that maybe it would be an easier workaround in this case to just let the thread run ad infinitum with booleans to "start" or "stop."
I did come across something that gave me some trouble in solving the problem on my own. I usually do my debugging over a terminal server connection, and createthread seems to do something funny in this case. I don't really understand what's going on. The thread's code gets injected properly, but it never gets executed. Also, if it's assigned to the address list, the check-mark never appears when you enable the script and the disable section never gets executed. It's the first time I've had problems with the TSS setup, and I'm not quite sure how to workaround it. Any ideas?
Thanks a million,
adude
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Wed Aug 04, 2010 9:44 am Post subject: |
|
|
sounds like a security problem
CreateRemoteThread requires administrator rights, and special privilege added to that
Check that the account you use has the rights to setup SeDebugProcess privilege and to fully open processes, including ones that it doesn't own
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Wed Aug 04, 2010 10:20 am Post subject: |
|
|
The account I use is an administrative account local to the machine being debugged. My understanding is that such users are granted SeDebug by default. Would I be able to attach the debugger otherwise? Is there anything I should check, aside from Computer Configuration\Windows Settings\Security Settings\Local Policies\User Rights Assignment in the policy editor?
Thanks DB,
adude
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Wed Aug 04, 2010 10:38 am Post subject: |
|
|
hmm, no idea
as for debugging when that right would be disabled you'd only be able to debug apps you started yourself, or if you'd use the kernel debugger
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Wed Aug 04, 2010 11:16 am Post subject: |
|
|
What you could try is run the application using "run As..." and then run it with the same credentials as the account you use for terminal services.
Most likely there won't be a problem then
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Wed Aug 04, 2010 1:41 pm Post subject: |
|
|
I usually run cheat engine w/ the same credentials as the host machine. I tried it the other way around (running the debugee w/ the debuger's credentials and CE w/ debugger's credentials) and ended up w/ the same result. Running CE and the debugee on the same machine is the only way I've gotten it to work so far.
For what it's worth, this is the script I'm using for testing purposes:
Code: |
[ENABLE]
alloc(mythread,4096)
label(endthread)
registersymbol(endthread)
alloc(onoff,4)
registersymbol(onoff)
createthread(mythread)
registersymbol(mythread)
onoff:
dd 0
mythread:
xor [onoff],1
push 000007d0
call kernel32.Sleep
cmp [endthread],0
je mythread
ret
endthread:
dd 0
[DISABLE]
unregistersymbol(onoff)
dealloc(onoff)
endthread:
dd 1
unregistersymbol(mythread)
|
I expect it to toggle the boolean in "onoff" every half-second. I've been testing it w/ Minesweeper, but I reckon the choice of target is arbitrary as long as it imports kernel32.
Thanks again for considering my problem. Much appreciated, sir.
Cheers,
adude
|
|
Back to top |
|
|
justa_dude Grandmaster Cheater Reputation: 23
Joined: 29 Jun 2010 Posts: 891
|
Posted: Mon Aug 09, 2010 8:08 pm Post subject: |
|
|
Not sure if this is interesting to anyone else, but I just noticed on the documentation page for the CreateRemoteThread function that, "Terminal Services isolates each terminal session by design. Therefore, CreateRemoteThread fails if the target process is in a different session than the calling process."
So much for that, I guess.
Cheers,
adude
|
|
Back to top |
|
|
|