 |
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
vmv Cheater
Reputation: 0
Joined: 29 Jun 2013 Posts: 32
|
Posted: Mon Jul 01, 2013 11:58 pm Post subject: |
|
|
[quote="TsTg"] Quote: |
MyMemory = VirtualAllocEx (hProc, NULL, 0x1000, 0x1000, 0x40); // here is an error, "a value of type LPVOID cannot be assigned to an entity tipe of int." |
Sorry, the syntax of VirtualAllocEx is this:
LPVOID WINAPI VirtualAllocEx(
_In_ HANDLE hProcess, //Process Handle
_In_opt_ LPVOID lpAddress, //Set to NULL
_In_ SIZE_T dwSize, //Allocation size, use 0x1000
_In_ DWORD flAllocationType, //,MEM_COMMIT|MEM_RESERVE
_In_ DWORD flProtect //use 0x40 for PAGE_EXECUTE_READWRITE
);
the return value is the allocation base address, or 0 if failed.
also, set DWORD MyMemory instead of int MyMemory, i guess that should be:
Code: | DWORD MyMemory = 0;
LPVOID MyMemory = VirtualAllocEx (hProc, NULL, 0x1000, ,MEM_COMMIT|MEM_RESERVE, 0x40);
|
Still get some errors:
1>line(29): error C2040: 'MyMemory' : 'LPVOID' differs in levels of indirection from 'DWORD'
1>line(49): error C2440: '=' : cannot convert from 'DWORD' to 'int'
It's working like this: Code: | DWORD MyMemory = 0;
MyMemory = (DWORD)VirtualAllocEx (hProc, NULL, 1024, MEM_COMMIT|MEM_RESERVE, PAGE_EXECUTE_READWRITE);
newValue = MyMemory + 4;
WriteProcessMemory (hProc, (void*)MyMemory, &newValue, sizeof(newValue), NULL);
newValue = 0x04EA80C7;
WriteProcessMemory (hProc, (void*)(MyMemory +4 ), &newValue, sizeof(newValue), NULL);
newValue = 0x03840000;
WriteProcessMemory (hProc, (void*)(MyMemory +8 ), &newValue, sizeof(newValue), NULL);
newValue = 0xE58B0000;
WriteProcessMemory (hProc, (void*)(MyMemory +12 ), &newValue, sizeof(newValue), NULL);
newValue = 0x0008C25D;
WriteProcessMemory (hProc, (void*)(MyMemory +16 ), &newValue, sizeof(newValue), NULL);
newValue = 0x25FF;
WriteProcessMemory (hProc, (void*)newAddress, &newValue, 2, NULL);
newValue = MyMemory;
WriteProcessMemory (hProc, (void*)(newAddress + 2), &newValue, 4, NULL); |
Now it is working awesome ...no crash anymore and if map changes i just need to change my weapon to get back to 900/1200 value.
Is there any way to simplify this code for further implementation, how Dark Byte suggested...for other address(value) to be added ?
And to disable it i add this lines to the end ? : Code: | /*int oldValue = 0xEA908966;
WriteProcessMemory (hProc, (void*)newAddress, &oldValue, sizeof(oldValue), NULL);
oldValue = 0x000004;
WriteProcessMemory (hProc, (void*)(newAddress + 4), &oldValue, 3, NULL);*/ | ...now is commented, but i will test all posible variants
Thank you, |
|
Back to top |
|
 |
TsTg Master Cheater
Reputation: 5
Joined: 12 Dec 2012 Posts: 340 Location: Somewhere....
|
Posted: Tue Jul 02, 2013 12:41 am Post subject: |
|
|
Create an Array containing the Enable code bytes(fill it with the code cave's 16 hex bytes, no reverse order), and another array for the Disable code bytes, then in just one call to WriteProcessMemory (with lpBuffer is the pointer of your array start, and size is the same array's size(16), this should write the full code cave, use another call to make the redirection, and for the disable you can use the code you asked about above, or use one WriteProcessMemory call (with lpBuffer is the pointer to your disable array, and size is 7 bytes). |
|
Back to top |
|
 |
vmv Cheater
Reputation: 0
Joined: 29 Jun 2013 Posts: 32
|
Posted: Tue Jul 02, 2013 6:50 am Post subject: |
|
|
I can't fix it....my head is a mess
Code: | DWORD newAddress = dllBase + 0x17CC7D;
BYTE newValue[] = { 0x90,0x90,0x90,0x90,0x90,0x90,0x90 };
WriteProcessMemory (hProc, (void*)newAddress, &newValue, sizeof(newValue), NULL);
DWORD MyMemory = (DWORD)VirtualAllocEx (hProc, NULL, 0x1000, MEM_COMMIT|MEM_RESERVE, 0x40);
BYTE StartAddress[] = { 0xC7,0x80,0xEA,0x04, 0x00,0x00,0xB0,0x04, 0x00,0x00,0x8B,0xE5, 0x5D,0xC2,0x08,0x00 };
WriteProcessMemory (hProc, (void*)newAddress, newValue + 4, sizeof(newValue), NULL);
BYTE Redirect[] = { 0xFF,0x25 };
WriteProcessMemory (hProc, (void*)newAddress, &newValue, 2, NULL);
WriteProcessMemory (hProc, (void*)(newAddress + 2), &MyMemory, 4, NULL); |
It's crashing often.... "Access Violation in module Unknown at 0023:f067c003."
Still hard for me to understand all of it.
Thank you, |
|
Back to top |
|
 |
TsTg Master Cheater
Reputation: 5
Joined: 12 Dec 2012 Posts: 340 Location: Somewhere....
|
Posted: Wed Jul 03, 2013 1:33 am Post subject: |
|
|
You totally messed up with it, this line is not needed:
Code: | BYTE newValue[] = { 0x90,0x90,0x90,0x90,0x90,0x90,0x90 };
WriteProcessMemory (hProc, (void*)newAddress, &newValue, sizeof(newValue), NULL); |
then, this line is what crashes the game, as these bytes are to be written in the ALLOCATED MEMORY and NOT IN newAddress, that line is:
Code: |
WriteProcessMemory (hProc, (void*)newAddress, newValue + 4, sizeof(newValue), NULL);
|
The following code should work and have all you need:
Code: | DWORD TargetAddress = dllBase + 0x17CC7D;
DWORD MyMemory = (DWORD)VirtualAllocEx (hProc, NULL, 0x1000, MEM_COMMIT|MEM_RESERVE, 0x40);
BYTE MyCodeBytes[] = { 0xC7,0x80,0xEA,0x04, 0x00,0x00,0xB0,0x04, 0x00,0x00,0x8B,0xE5, 0x5D,0xC2,0x08,0x00 };
WriteProcessMemory (hProc, (void*) (MyMemory+4), &MyCodeBytes, 16, NULL);
newValue = MyMemory + 4;
WriteProcessMemory (hProc, (void*)MyMemory, &newValue, sizeof(newValue), NULL);
newValue = 0x25FF;
WriteProcessMemory (hProc, (void*)TargetAddress, &newValue, 2, NULL);
newValue = MyMemory;
WriteProcessMemory (hProc, (void*)(TargetAddress + 2), &newValue, 4, NULL); |
then to disable hack, use this:
Code: | BYTE OriginalCodeBytes[] = { 0x66,0x89,0x90,0xEA, 0x04,0x00,0x00 };
WriteProcessMemory (hProc, (void*) TargetAddress, &OriginalCodeBytes, 7, NULL); |
|
|
Back to top |
|
 |
vmv Cheater
Reputation: 0
Joined: 29 Jun 2013 Posts: 32
|
Posted: Wed Jul 03, 2013 2:23 am Post subject: |
|
|
"newValue = MyMemory + 4;" new value is unidentified if i don't declare the old code :
Code: | int newValue = 0x90909090;
WriteProcessMemory (hProc, (void*)newAddress, &newValue, sizeof(newValue), NULL);
WriteProcessMemory (hProc, (void*)(newAddress + 4), &newValue, 3, NULL); |
Is this need it anymore ? |
|
Back to top |
|
 |
TsTg Master Cheater
Reputation: 5
Joined: 12 Dec 2012 Posts: 340 Location: Somewhere....
|
Posted: Wed Jul 03, 2013 2:27 am Post subject: |
|
|
ok then define it, say int newValue = 0;
(put the definition at the code beginning)
and yes those line are not needed |
|
Back to top |
|
 |
vmv Cheater
Reputation: 0
Joined: 29 Jun 2013 Posts: 32
|
Posted: Wed Jul 03, 2013 2:33 am Post subject: |
|
|
Ok,i will try this way soon enough...thank you
One last question.... how did you came up with this addresses :
// C7 80 EA 04 00 00 B0 04 00 00 8B E5 5D C2 08 00
I'm trying to understand how to calculate them exactly for a new address to make on my own ..
Thank you, |
|
Back to top |
|
 |
TsTg Master Cheater
Reputation: 5
Joined: 12 Dec 2012 Posts: 340 Location: Somewhere....
|
Posted: Wed Jul 03, 2013 2:53 am Post subject: |
|
|
If you take a look at the code in cheat enigne, you should see the bytes as in the picture.
from there you can notice the bytes of the code are C7 80 EA 04 00 00 B0 04 00 00 8B E5 5D C2 08 00 |
|
Back to top |
|
 |
vmv Cheater
Reputation: 0
Joined: 29 Jun 2013 Posts: 32
|
Posted: Wed Jul 03, 2013 3:08 am Post subject: |
|
|
Yes but this is the injected code...
The original one looks different and then you write this addresses to be used.
First the address looks like my first post, then all of them are NOP's 90, then this one.
This i can't understand.
For example if i take the address above of mine ... the address with [eax+000004E8],cx....
How you calculated to get that C7 80.. ? |
|
Back to top |
|
 |
TsTg Master Cheater
Reputation: 5
Joined: 12 Dec 2012 Posts: 340 Location: Somewhere....
|
Posted: Wed Jul 03, 2013 3:13 am Post subject: |
|
|
Well, i don't calculate them, i modify them in cheat engine and then get the new patch bytes i need, you can press Enter, on the mov [eax+000004E8],cx line, then enter any new instruction, then press Enter again, the new bytes and instruction will appear in ce's window. |
|
Back to top |
|
 |
vmv Cheater
Reputation: 0
Joined: 29 Jun 2013 Posts: 32
|
Posted: Wed Jul 03, 2013 3:26 am Post subject: |
|
|
Heh, i did this and changed the ",cx" with 00000001, and CE asked me if i want to change my 10 bytes with 7 bytes and the rest to be filled with NOP's, then game crashed after i pressed Enter... |
|
Back to top |
|
 |
TsTg Master Cheater
Reputation: 5
Joined: 12 Dec 2012 Posts: 340 Location: Somewhere....
|
Posted: Wed Jul 03, 2013 3:29 am Post subject: |
|
|
you mean you taken 10 bytes of new code, while you have 7, means no space, so cheat engine corrupted also the next instruction's first 3 bytes, that's why game crashed, this is why we said to allocate en empty memory to write the code cave. |
|
Back to top |
|
 |
vmv Cheater
Reputation: 0
Joined: 29 Jun 2013 Posts: 32
|
Posted: Wed Jul 03, 2013 3:35 am Post subject: |
|
|
Oki, i got that but to write down the new needed values, where cx,dx are, what should i write to keep the game on and to use this new values...?
My new values + ?.... 00 00 00 ? |
|
Back to top |
|
 |
TsTg Master Cheater
Reputation: 5
Joined: 12 Dec 2012 Posts: 340 Location: Somewhere....
|
Posted: Wed Jul 03, 2013 3:42 am Post subject: |
|
|
I don't understand, do you mean you want to to save the value in cx and dx to somewhere for later use ? |
|
Back to top |
|
 |
vmv Cheater
Reputation: 0
Joined: 29 Jun 2013 Posts: 32
|
Posted: Wed Jul 03, 2013 3:52 am Post subject: |
|
|
No, you said that you only write on cx,dx place some new values to retrieve the addresses need it for the codecave, but when i do that and add my desire value like 1200(hex) for examle, i told you ...the game is crashing and i can't copy the new values from there ... to use them as you did.
edit: look, this is what is there at first enter: "mov [eax+000004F2],dx".....then i add my new desired value for codecave, "mov [eax+000004F2],00000001"...at this point, if i press enter, the game is crashing.
CE:
"The generated code is 10 bytes long,but the selected opcode is 7 bytes long,! Do you want to replace the rest of opcodes with NOP's ?" |
|
Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|