 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
FalkonZenX
How do I cheat?
![]() Reputation: 0
Joined: 31 Mar 2007
Posts: 7
Location: Brasil
|
 Posted: Thu Mar 03, 2011 7:15 pm Post subject: Help with Trainer in Delphi 7 |
 |
|
My trainer not working 
Program for Test:
h t t p : / / w w w.fergonez.net/files/adivinhe.rar
Image of the program in OllyDBG
h t t p : / / img856.imageshack.us/i/adivinhe.png/
Purpose of the trainer:
Change in memory, with program runing
00401061 75 16 JNZ SHORT adivinhe.00401079
to
00401061 74 16 JE SHORT adivinhe.00401079
Code in Delphi (Not Work)
| Code: |
procedure TForm1.Button3Click(Sender: TObject);
const MyVal_ON : WORD = ($7416);
var
PID: integer;
card: Cardinal;
Handle: integer;
Buf: byte;
BytesReadWrite: Cardinal;
sizex:integer;
begin
sizex:=strtoint(combobox1.text);
GetWindowThreadProcessId(FindWindow('Aplicativo de estudo', nil), @PID);
Handle := OpenProcess(PROCESS_ALL_ACCESS, false, PID);
WriteProcessMemory(Handle, Ptr($00401061), @MyVal_ON, strtoint(combobox1.text), card);
end;
|
P.S.:
 Combobox1. text:= 1, 2,3 or 4...
Not of Error!
Does not work!
Please, help-me... |
|
| Back to top |
|
 |
Xblade Of Heaven
Master Cheater
 Reputation: 0
Joined: 16 Oct 2005
Posts: 395
Location: DEAD
|
| Posted: Thu Mar 03, 2011 10:02 pm Post subject: |
|
|
hi mate, i try help you but my english no is cool.
you need read the bytes and make writable the code using VirtualProtectEx funtion.
regards
PD: and try PID: Cardinal.
_________________
Welcome to the Hell.
 |
|
| Back to top |
|
|
Innovation
Grandmaster Cheater
![]() Reputation: 12
Joined: 14 Aug 2008
Posts: 617
|
| Posted: Fri Mar 04, 2011 8:38 pm Post subject: |
|
|
| Code: | procedure TForm1.Button3Click(Sender: TObject);
const
EnablingBytes: Word = $7416;
var
Status: String;
ProcessIdentifier: Cardinal;
ProcessHandle: THandle;
NumberOfBytesWritten: Cardinal;
begin
GetWindowThreadProcessId(FindWindow('Aplicativo de estudo', nil), @ProcessIdentifier);
ProcessHandle := OpenProcess(PROCESS_VM_WRITE or PROCESS_VM_OPERATION, false, ProcessIdentifier);
if(ProcessHandle <> nil) then
begin
if(WriteProcessMemory(ProcessHandle, Ptr($00401061), @EnablingBytes, SizeOf(EnablingBytes), @NumberOfBytesWritten)) then
begin
Status := 'The memory was successfully modified.';
end
else
begin
Status := 'WriteProcessMemory failed.';
end;
CloseHandle(ProcessHandle);
end
else
begin
Status := 'OpenProcess failed.';
end;
ShowMessage(Status);
end; |
Please be aware that this assumes that you have the SeDebugPrivilege privilege and that this is for 32-bit execution. Make sure that the parameters you use for the call to FindWindow are correct; the class name is the first parameter, and the window name is the second.
Last edited by Innovation on Thu Apr 19, 2012 5:32 pm; edited 1 time in total |
|
| Back to top |
|
|
FalkonZenX
How do I cheat?
![]() Reputation: 0
Joined: 31 Mar 2007
Posts: 7
Location: Brasil
|
| Posted: Sat Mar 05, 2011 12:04 am Post subject: |
|
|
I changed to:
| Code: |
procedure TForm1.Button4Click(Sender: TObject);
const
EnablingBytes: Word = $7416;
var
Status: String;
ProcessIdentifier: Cardinal;
ProcessHandle: THandle;
NumberOfBytesWritten: Cardinal;
begin
GetWindowThreadProcessId(FindWindow('Aplicativo de estudo', nil), @ProcessIdentifier);
ProcessHandle := OpenProcess(PROCESS_VM_WRITE or PROCESS_VM_OPERATION, false, ProcessIdentifier);
if (ProcessHandle <> 0) then
begin
if (WriteProcessMemory(ProcessHandle, Ptr($00401061), @EnablingBytes, SizeOf(EnablingBytes), NumberOfBytesWritten)) then
begin
Status := 'The memory was successfully modified.';
end
else
begin
Status := 'WriteProcessMemory failed.';
end;
CloseHandle(ProcessHandle);
end
else
begin
Status := 'OpenProcess failed.';
end;
ShowMessage(Status);
end;
|
if (ProcessHandle <> 0) then
...
if (WriteProcessMemory(ProcessHandle, Ptr($00401061), @EnablingBytes, SizeOf(EnablingBytes), NumberOfBytesWritten)) then
Result:
Msg "OpenProcess failed." |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sat Mar 05, 2011 9:28 am Post subject: |
|
|
Set a breakpoint on the OpenProcess line and check that ProcessIdentifier has a valid value. GetWindowThreadProcessId might be failing because of your FindWindow call inside of it. (Could be wrong class name.)
_________________
- Retired. |
|
| Back to top |
|
|
FalkonZenX
How do I cheat?
![]() Reputation: 0
Joined: 31 Mar 2007
Posts: 7
Location: Brasil
|
| Posted: Sat Mar 05, 2011 2:39 pm Post subject: |
|
|
I solved the FindWindow.
| Code: |
procedure TForm1.Button5Click(Sender: TObject);
const
EnablingBytes: Word = $7416;
var
Status: String;
ProcessIdentifier: integer;
ProcessHandle: THandle;
NumberOfBytesWritten: Cardinal;
begin
GetWindowThreadProcessId(FindWindow(nil, 'Aplicativo de estudo'), @ProcessIdentifier);
ProcessHandle := OpenProcess(PROCESS_VM_WRITE or PROCESS_VM_OPERATION, false, ProcessIdentifier);
if (ProcessHandle <> 0) then
begin
if (WriteProcessMemory(ProcessHandle, Ptr($00401061), @EnablingBytes, SizeOf(EnablingBytes), NumberOfBytesWritten)) then
begin
Status := 'The memory was successfully modified.';
end
else
begin
Status := 'WriteProcessMemory failed.';
end;
CloseHandle(ProcessHandle);
end
else
begin
Status := 'OpenProcess failed.';
end;
ShowMessage(Status); |
But the application of error after editing the memory!
In OllyDBG:
00401061 75 16 JNZ SHORT adivinhe.00401079
should I change by:
00401061 74 16 JE SHORT adivinhe.00401079
But in Delphi must be wrong:
EnablingBytes: Word = $ 7416;
Ptr ($ 00401061)
Just missing define these addresses, because the program is locked! When edited in Olly, works as usual. |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sat Mar 05, 2011 6:36 pm Post subject: |
|
|
Try using VirtualProtectEx first to give yourself access to the memory.
_________________
- Retired. |
|
| Back to top |
|
|
Innovation
Grandmaster Cheater
![]() Reputation: 12
Joined: 14 Aug 2008
Posts: 617
|
| Posted: Sun Mar 06, 2011 1:22 pm Post subject: |
|
|
| Code: | procedure TForm1.Button3Click(Sender: TObject);
const
EnablingBytes: Word = $7416;
var
Status: String;
TokenHandle: THandle;
TokenPrivileges: TOKEN_PRIVILEGES;
WindowHandle: HWnd;
ProcessIdentifier: Cardinal;
ProcessHandle: THandle;
NumberOfBytesWritten: Cardinal;
begin
if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, TokenHandle)) then
begin
if(LookupPrivilegeValue(nil, SE_DEBUG_NAME, TokenPrivileges.Privileges[0].Luid) <> 0) then
begin
TokenPrivileges.PrivilegeCount := 1;
TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
if(AdjustTokenPrivileges(TokenHandle, false, TokenPrivileges, SizeOf(TokenPrivileges), nil, nil) <> 0) then
begin
WindowHandle := FindWindow(nil, 'Aplicativo de estudo');
if(Windowhandle <> 0) then
begin
GetWindowThreadProcessId(WindowHandle, @ProcessIdentifier);
ProcessHandle := OpenProcess(PROCESS_VM_WRITE or PROCESS_VM_OPERATION, false, ProcessIdentifier);
if(ProcessHandle <> 0) then
begin
if(WriteProcessMemory(ProcessHandle, Ptr($00401061), @EnablingBytes, SizeOf(EnablingBytes), NumberOfBytesWritten)) then
begin
Status := 'The memory was successfully modified.';
end
else
begin
Status := 'WriteProcessMemory failed.';
end;
CloseHandle(ProcessHandle);
end
else
begin
Status := 'OpenProcess failed.';
end;
end
else
begin
Status := 'FindWindow failed.';
end;
end
else
begin
Status := 'AdjustTokenPrivileges failed.';
end;
end
else
begin
Status := 'LookupPrivilegeValue failed.';
end;
CloseHandle(TokenHandle);
end
else
begin
Status := 'OpenProcessToken failed.';
end;
ShowMessage(Status);
end; |
You may wish to divide the code into separate functions.
| FalkonZenX wrote: | if (ProcessHandle <> 0) then
...
if (WriteProcessMemory(ProcessHandle, Ptr($00401061), @EnablingBytes, SizeOf(EnablingBytes), NumberOfBytesWritten)) then |
Please excuse my mistakes; I coded it in quick reply, and I didn't have a compiler to test it with. "THandle" was understood by me to be defined as the Windows API data type "HANDLE" is, while instead an integer. Also, the last parameter in WriteProcessMemory, lpNumberOfBytesWritten, seems to not be declared as a pointer in Delphi's Windows API package. It has been some time since I last used Delphi.
| Wiccaan wrote: | | Try using VirtualProtectEx first to give yourself access to the memory. |
Doesn't WriteProcessMemory still automatically change the page protection? |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
| Posted: Sun Mar 06, 2011 2:24 pm Post subject: |
|
|
| Innovation wrote: |
| Wiccaan wrote: | | Try using VirtualProtectEx first to give yourself access to the memory. |
Doesn't WriteProcessMemory still automatically change the page protection? |
It's supposed to, but DEP and/or Page Guards can prevent WriteProcessMemory from working. Along with the varied access, as MSDN suggests.
The entire area to be written to must be accessible, and if it is not accessible, the function fails.
_________________
- Retired. |
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25779
Location: The netherlands
|
| Posted: Sun Mar 06, 2011 2:46 pm Post subject: |
|
|
easiest example of this:
cheat engine memory view and open the tutorial
Go to address 00400500 in the memory browser and edit that and you'll notice it won't work.
You first have to rightclick and choose the option to make it writable
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Krähne
Expert Cheater
 Reputation: 0
Joined: 06 Jun 2010
Posts: 108
Location: Inside of my Kernel
|
| Posted: Sun Mar 06, 2011 3:21 pm Post subject: |
|
|
| Dark Byte wrote: | easiest example of this:
cheat engine memory view and open the tutorial
Go to address 00400500 in the memory browser and edit that and you'll notice it won't work.
You first have to rightclick and choose the option to make it writable |
Yes... but when that happen, what's the count of bytes that unprotect? (i was supossed is: VirtualProtectEx, or not?). |
|
| Back to top |
|
|
Innovation
Grandmaster Cheater
![]() Reputation: 12
Joined: 14 Aug 2008
Posts: 617
|
| Posted: Sun Mar 06, 2011 3:30 pm Post subject: |
|
|
| Code: | procedure TForm1.Button3Click(Sender: TObject);
const
Address: Cardinal = $00401061;
EnablingBytes: Word = $7416;
var
Status: String;
TokenHandle: THandle;
TokenPrivileges: TOKEN_PRIVILEGES;
WindowHandle: HWnd;
ProcessIdentifier: Cardinal;
ProcessHandle: THandle;
OldProtection: Cardinal;
NumberOfBytesWritten: Cardinal;
begin
if(OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES or TOKEN_QUERY, TokenHandle)) then
begin
if(LookupPrivilegeValue(nil, SE_DEBUG_NAME, TokenPrivileges.Privileges[0].Luid) <> 0) then
begin
TokenPrivileges.PrivilegeCount := 1;
TokenPrivileges.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED;
if(AdjustTokenPrivileges(TokenHandle, false, TokenPrivileges, SizeOf(TokenPrivileges), nil, nil) <> 0) then
begin
WindowHandle := FindWindow(nil, 'Aplicativo de estudo');
if(Windowhandle <> 0) then
begin
GetWindowThreadProcessId(WindowHandle, @ProcessIdentifier);
ProcessHandle := OpenProcess(PROCESS_VM_WRITE or PROCESS_VM_OPERATION, false, ProcessIdentifier);
if(ProcessHandle <> 0) then
begin
if(VirtualProtectEx(ProcessHandle, Ptr(Address), SizeOf(EnablingBytes), PAGE_EXECUTE_READWRITE, @OldProtection)) then
begin
if(WriteProcessMemory(ProcessHandle, Ptr(Address), @EnablingBytes, SizeOf(EnablingBytes), NumberOfBytesWritten)) then
begin
VirtualProtectEx(ProcessHandle, Ptr(Address), SizeOf(EnablingBytes), OldProtection, @OldProtection);
Status := 'The memory was successfully modified.';
end
else
begin
Status := 'WriteProcessMemory failed.';
end;
end
else
begin
Status := 'VirtualProtectEx failed.';
end;
CloseHandle(ProcessHandle);
end
else
begin
Status := 'OpenProcess failed.';
end;
end
else
begin
Status := 'FindWindow failed.';
end;
end
else
begin
Status := 'AdjustTokenPrivileges failed.';
end;
end
else
begin
Status := 'LookupPrivilegeValue failed.';
end;
CloseHandle(TokenHandle);
end
else
begin
Status := 'OpenProcessToken failed.';
end;
ShowMessage(Status);
end; |
I wasn't thinking. Again, you may wish to divide the code into separate functions.
| DaasCook wrote: | | Yes... but when that happen, what's the count of bytes that unprotect? (i was supossed is: VirtualProtectEx, or not?). |
| MSDN wrote: | dwSize [in]
The size of the region whose access protection attributes are changed, in bytes. The region of affected pages includes all pages containing one or more bytes in the range from the lpAddress parameter to (lpAddress+dwSize). This means that a 2-byte range straddling a page boundary causes the protection attributes of both pages to be changed. |
|
|
| Back to top |
|
|
walterh78
How do I cheat?
![]() Reputation: 0
Joined: 17 Nov 2011
Posts: 2
|
| Posted: Thu Nov 17, 2011 3:56 pm Post subject: |
|
|
Hi guys. Innovation your code works fine in Windows XP. But fails in VirtualProtectEx when run in Windows 7.
How can fix the code to run on this OS? |
|
| Back to top |
|
|
crapped
How do I cheat?
![]() Reputation: 0
Joined: 14 Nov 2011
Posts: 8
|
| Posted: Thu Nov 24, 2011 10:41 pm Post subject: |
|
|
u could making class function for token privilege and place it in ur program source before run..
begin
XPFix.FixOn(SE_DEBUG_NAME, true);
if TAboutBox.execute = True then
Application.Initialize;
Application.CreateForm(TForm1, Form1);
Application.Run;
end. |
|
| Back to top |
|
|
walterh78
How do I cheat?
![]() Reputation: 0
Joined: 17 Nov 2011
Posts: 2
|
| Posted: Thu Nov 24, 2011 11:44 pm Post subject: |
|
|
| Crapped: You put the call to XPFix.FixOn in dpr file. But, where is XPFix defined? |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
