|
Cheat Engine The Official Site of Cheat Engine
|
View previous topic :: View next topic |
Author |
Message |
Nalik How do I cheat? Reputation: 0
Joined: 09 Oct 2019 Posts: 6
|
Posted: Wed Oct 09, 2019 4:46 am Post subject: jump SetCursorPos dll windows 10 |
|
|
I need to move the mouse cursor to bypass protection for the game. This method works fine in Windows 7/8 and previously worked in Windows 10, but after updating Windows 10 it stopped working. When the _SetCursorPosition function is called, the program does not give any warnings, it just closes.
What could be the problem?
Code: |
DWORD _SCP;
//...
__declspec(naked) BOOL WINAPI _SetCursorPos(int X, int Y)
{
__asm
{
mov edi, edi
push ebp
mov ebp, esp
jmp dword ptr ds : [_SCP]
}
}
//Вызов функции
__declspec(dllexport)
int _SetCursorPosition(int x, int y)
{
_SCP = (DWORD)GetProcAddress(LoadLibrary(_T("user32.dll")), "SetCursorPos") + 5;
if (_SCP == NULL)
return 0;
else
_SetCursorPos(x, y);
}
|
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Wed Oct 09, 2019 6:11 pm Post subject: |
|
|
The epilogue/prologue of the function could have changed. You'd have to debug SetCursorPos to see if the function is still setup the same.
_________________
- Retired. |
|
Back to top |
|
|
Nalik How do I cheat? Reputation: 0
Joined: 09 Oct 2019 Posts: 6
|
Posted: Thu Oct 10, 2019 3:02 pm Post subject: |
|
|
Please help me figure out how to do this? Or maybe you have a ready-made solution?
|
|
Back to top |
|
|
Nalik How do I cheat? Reputation: 0
Joined: 09 Oct 2019 Posts: 6
|
Posted: Fri Oct 11, 2019 3:51 am Post subject: |
|
|
I can’t figure it out on my own
Code: | }
006722FC cmp ebp,esp
006722FE call __RTC_CheckEsp (06712A8h)
00672303 mov esp,ebp
00672305 pop ebp
00672306 ret
--- Нет исходного файла --------------------------------------------------------
00672307 int 3
00672308 int 3
00672309 int 3
0067230A int 3
0067230B int 3
0067230C int 3
0067230D int 3
0067230E int 3
0067230F int 3
00672310 int 3
00672311 int 3
00672312 int 3
00672313 int 3
00672314 int 3
00672315 int 3
00672316 int 3
00672317 int 3
00672318 int 3
00672319 int 3
0067231A int 3
0067231B int 3
0067231C int 3
0067231D int 3
0067231E int 3
0067231F int 3
--- c:\users\nalik\source\repos\consoleapplication1\consoleapplication1\consoleapplication1.cpp
__asm
{
mov edi, edi
00672320 mov edi,edi
push ebp
00672322 push ebp
mov ebp, esp
00672323 mov ebp,esp
jmp dword ptr ds : [_PMA]
00672325 jmp dword ptr ds:[_PMA (067C268h)]
--- Нет исходного файла --------------------------------------------------------
0067232C int 3
0067232D int 3
0067232E int 3
0067232F int 3
--- c:\users\nalik\source\repos\consoleapplication1\consoleapplication1\consoleapplication1.cpp
}
}
//Вызов функции
__declspec(dllexport)
DWORD _SetCursorPosition(int x, int y)
{
00672330 push ebp
00672331 mov ebp,esp
00672333 push 0FFFFFFFFh
00672335 push 6773A0h
0067233A mov eax,dword ptr fs:[00000000h]
00672340 push eax
00672341 push ecx
00672342 sub esp,0CCh
00672348 push ebx
00672349 push esi
0067234A push edi
0067234B lea edi,[ebp-0DCh]
00672351 mov ecx,33h
00672356 mov eax,0CCCCCCCCh
0067235B rep stos dword ptr es:[edi]
0067235D mov eax,dword ptr [__security_cookie (067C004h)]
00672362 xor eax,ebp
00672364 push eax
00672365 lea eax,[ebp-0Ch]
00672368 mov dword ptr fs:[00000000h],eax
0067236E mov dword ptr [ebp-10h],esp
00672371 mov ecx,offset _3B45E4B9_consoleapplication1@cpp (067E008h)
00672376 call @__CheckForDebuggerJustMyCode@4 (0671299h)
try {
0067237B mov dword ptr [ebp-4],0
_PMA = (DWORD)GetProcAddress(LoadLibrary(_T("user32.dll")), "SetCursorPos") + 5;
00672382 mov esi,esp
00672384 push offset string "SetCursorPos" (0679B5Ch)
00672389 mov edi,esp
0067238B push offset string L"user32.dll" (0679B40h)
00672390 call dword ptr [__imp__LoadLibraryW@4 (067D004h)]
00672396 cmp edi,esp
00672398 call __RTC_CheckEsp (06712A8h)
0067239D push eax
0067239E call dword ptr [__imp__GetProcAddress@8 (067D000h)]
006723A4 cmp esi,esp
006723A6 call __RTC_CheckEsp (06712A8h)
006723AB add eax,5
006723AE mov dword ptr [_PMA (067C268h)],eax
_SetCursorPos(x, y);
006723B3 mov eax,dword ptr [y]
006723B6 push eax
006723B7 mov ecx,dword ptr [x]
006723BA push ecx
006723BB call _SetCursorPos (06713B1h)
006723C0 jmp _SetCursorPosition+98h (06723C8h)
} catch(int x){ }
006723C2 mov eax,offset $LN7 (06723D1h)
006723C7 ret
006723C8 mov dword ptr [ebp-4],0FFFFFFFFh
006723CF jmp $LN7+7h (06723D8h)
$LN7:
006723D1 mov dword ptr [ebp-4],0FFFFFFFFh
return _PMA;
006723D8 mov eax,dword ptr [_PMA (067C268h)]
}
006723DD push edx
006723DE mov ecx,ebp
006723E0 push eax
006723E1 lea edx,ds:[672410h]
006723E7 call @_RTC_CheckStackVars@8 (06712CBh)
006723EC pop eax
006723ED pop edx
006723EE mov ecx,dword ptr [ebp-0Ch]
006723F1 mov dword ptr fs:[0],ecx
006723F8 pop ecx
006723F9 pop edi
006723FA pop esi
006723FB pop ebx
006723FC add esp,0DCh
00672402 cmp ebp,esp
00672404 call __RTC_CheckEsp (06712A8h)
00672409 mov esp,ebp
0067240B pop ebp
0067240C ret
0067240D nop dword ptr [eax]
00672410 add dword ptr [eax],eax
00672412 add byte ptr [eax],al
00672414 sbb byte ptr [edi],ah
00672417 add al,ch
00672419 ?? ??
0067241A ?? ??
0067241B inc dword ptr [eax+eax]
0067241E add byte ptr [eax],al
00672420 and al,24h
00672422 add byte ptr [bx+si+0],bh
--- Нет исходного файла --------------------------------------------------------
00672426 int 3
00672427 int 3
00672428 int 3
00672429 int 3
0067242A int 3
0067242B int 3
0067242C int 3
0067242D int 3
0067242E int 3
0067242F int 3
00672430 int 3
00672431 int 3
00672432 int 3
00672433 int 3
00672434 int 3
00672435 int 3
00672436 int 3
00672437 int 3
00672438 int 3
00672439 int 3
0067243A int 3
0067243B int 3
0067243C int 3
0067243D int 3
0067243E int 3
0067243F int 3
00672440 int 3
00672441 int 3
00672442 int 3
00672443 int 3
00672444 int 3
00672445 int 3
00672446 int 3
00672447 int 3
00672448 int 3
00672449 int 3
0067244A int 3
0067244B int 3
0067244C int 3
0067244D int 3
0067244E int 3
0067244F int 3
00672450 int 3
00672451 int 3
00672452 int 3
00672453 int 3
00672454 int 3
00672455 int 3
00672456 int 3
00672457 int 3
00672458 int 3
00672459 int 3
0067245A int 3
0067245B int 3
0067245C int 3
0067245D int 3
0067245E int 3
0067245F int 3
00672460 int 3
00672461 int 3
00672462 int 3
00672463 int 3
00672464 int 3
00672465 int 3
00672466 int 3
00672467 int 3
00672468 int 3
00672469 int 3
0067246A int 3
0067246B int 3
0067246C int 3
0067246D int 3
0067246E int 3 |
Code: | 77745BDF int 3
_NtUserSetCoreWindowPartner@12:
77745BE0 jmp dword ptr [__imp__NtUserSetCoreWindowPartner@12 (777A4B90h)]
77745BE6 int 3
77745BE7 int 3
77745BE8 int 3
77745BE9 int 3
77745BEA int 3
77745BEB int 3
77745BEC int 3
77745BED int 3
77745BEE int 3
77745BEF int 3
_NtUserSetCursorContents@8:
77745BF0 jmp dword ptr [__imp__NtUserSetCursorContents@8 (777A4B8Ch)]
77745BF6 int 3
77745BF7 int 3
77745BF8 int 3
77745BF9 int 3
77745BFA int 3
77745BFB int 3
77745BFC int 3
77745BFD int 3
77745BFE int 3
77745BFF int 3
_NtSetCursorInputSpace@8:
77745C00 jmp dword ptr [__imp__NtSetCursorInputSpace@8 (777A4B88h)]
77745C06 int 3
77745C07 int 3
77745C08 int 3
77745C09 int 3
77745C0A int 3
77745C0B int 3
77745C0C int 3
77745C0D int 3
77745C0E int 3
77745C0F int 3
_NtUserSetCursorPos@8:
77745C10 jmp dword ptr [__imp__NtUserSetCursorPos@8 (777A4B84h)]
77745C16 int 3
77745C17 int 3
77745C18 int 3
77745C19 int 3
77745C1A int 3
77745C1B int 3
77745C1C int 3
77745C1D int 3
77745C1E int 3
77745C1F int 3
_NtUserSetDesktopColorTransform@4:
77745C20 jmp dword ptr [__imp__NtUserSetDesktopColorTransform@4 (777A4B80h)]
77745C26 int 3
77745C27 int 3
77745C28 int 3
77745C29 int 3
77745C2A int 3
77745C2B int 3
77745C2C int 3
77745C2D int 3
77745C2E int 3
77745C2F int 3
_NtUserSetDialogControlDpiChangeBehavior@12:
77745C30 jmp dword ptr [__imp__NtUserSetDialogControlDpiChangeBehavior@12 (777A4B7Ch)]
77745C36 int 3
77745C37 int 3
77745C38 int 3
77745C39 int 3
77745C3A int 3
77745C3B int 3
77745C3C int 3
77745C3D int 3
77745C3E int 3
77745C3F int 3
_NtUserSetDisplayAutoRotationPreferences@4:
77745C40 jmp dword ptr [__imp__NtUserSetDisplayAutoRotationPreferences@4 (777A4B78h)]
77745C46 int 3
77745C47 int 3
77745C48 int 3
77745C49 int 3
77745C4A int 3
77745C4B int 3
77745C4C int 3
77745C4D int 3
77745C4E int 3
77745C4F int 3
_NtUserSetDisplayMapping@8:
77745C50 jmp dword ptr [__imp__NtUserSetDisplayMapping@8 (777A4B74h)]
77745C56 int 3
77745C57 int 3
77745C58 int 3
77745C59 int 3
77745C5A int 3
77745C5B int 3
77745C5C int 3
77745C5D int 3
77745C5E int 3
77745C5F int 3
_NtUserSetFallbackForeground@8:
77745C60 jmp dword ptr [__imp__NtUserSetFallbackForeground@8 (777A4B70h)]
77745C66 int 3
77745C67 int 3
77745C68 int 3
77745C69 int 3
77745C6A int 3
77745C6B int 3
77745C6C int 3
77745C6D int 3
77745C6E int 3
77745C6F int 3
_NtUserSetFeatureReportResponse@12:
77745C70 jmp dword ptr [__imp__NtUserSetFeatureReportResponse@12 (777A4B6Ch)]
77745C76 int 3
77745C77 int 3
77745C78 int 3
77745C79 int 3
77745C7A int 3
77745C7B int 3
77745C7C int 3
77745C7D int 3
77745C7E int 3
77745C7F int 3
_NtUserSetFocus@4:
77745C80 jmp dword ptr [__imp__NtUserSetFocus@4 (777A4B68h)]
77745C86 int 3
77745C87 int 3
77745C88 int 3
77745C89 int 3
77745C8A int 3
77745C8B int 3
77745C8C int 3
77745C8D int 3
77745C8E int 3
77745C8F int 3
_NtUserSetForegroundWindowForApplication@4:
77745C90 jmp dword ptr [__imp__NtUserSetForegroundWindowForApplication@4 (777A4B64h)]
77745C96 int 3
77745C97 int 3
77745C98 int 3
77745C99 int 3
77745C9A int 3
77745C9B int 3
77745C9C int 3
77745C9D int 3
77745C9E int 3
77745C9F int 3
_NtUserSetGestureConfig@20:
77745CA0 jmp dword ptr [__imp__NtUserSetGestureConfig@20 (777A4B60h)]
77745CA6 int 3
77745CA7 int 3
77745CA8 int 3
77745CA9 int 3
77745CAA int 3
77745CAB int 3
77745CAC int 3
77745CAD int 3
77745CAE int 3
77745CAF int 3
_NtUserSetInteractiveControlFocus@12:
77745CB0 jmp dword ptr [__imp__NtUserSetInteractiveControlFocus@12 (777A4B5Ch)]
77745CB6 int 3
77745CB7 int 3
77745CB8 int 3
77745CB9 int 3
77745CBA int 3
77745CBB int 3
77745CBC int 3
77745CBD int 3
77745CBE int 3
77745CBF int 3
_NtUserSetInteractiveCtrlRotationAngle@20:
77745CC0 jmp dword ptr [__imp__NtUserSetInteractiveCtrlRotationAngle@20 (777A4B58h)]
77745CC6 int 3
77745CC7 int 3
77745CC8 int 3
77745CC9 int 3
77745CCA int 3
77745CCB int 3
77745CCC int 3
77745CCD int 3
77745CCE int 3
77745CCF int 3
_NtUserSetInternalWindowPos@16:
77745CD0 jmp dword ptr [__imp__NtUserSetInternalWindowPos@16 (777A4B54h)]
77745CD6 int 3
77745CD7 int 3
77745CD8 int 3
77745CD9 int 3
77745CDA int 3
77745CDB int 3
77745CDC int 3
77745CDD int 3
77745CDE int 3
77745CDF int 3
_NtUserSetKeyboardState@4:
77745CE0 jmp dword ptr [__imp__NtUserSetKeyboardState@4 (777A4B50h)]
77745CE6 int 3
77745CE7 int 3
77745CE8 int 3
77745CE9 int 3
77745CEA int 3
77745CEB int 3
77745CEC int 3
77745CED int 3
77745CEE int 3
77745CEF int 3
_NtUserSetLayeredWindowAttributes@16:
77745CF0 jmp dword ptr [__imp__NtUserSetLayeredWindowAttributes@16 (777A4B4Ch)]
77745CF6 int 3
77745CF7 int 3
77745CF8 int 3
77745CF9 int 3
77745CFA int 3
77745CFB int 3
77745CFC int 3
77745CFD int 3
77745CFE int 3
77745CFF int 3
_NtUserSetMagnificationDesktopMagnifierOffsetsDWMUpdated@4:
77745D00 jmp dword ptr [__imp__NtUserSetMagnificationDesktopMagnifierOffsetsDWMUpdated@4 (777A4B48h)]
77745D06 int 3
77745D07 int 3
77745D08 int 3
77745D09 int 3
77745D0A int 3
77745D0B int 3
77745D0C int 3
77745D0D int 3
77745D0E int 3
77745D0F int 3
_NtUserMagSetContextInformation@16:
77745D10 jmp dword ptr [__imp__NtUserMagSetContextInformation@16 (777A4B44h)]
77745D16 int 3
77745D17 int 3
77745D18 int 3
77745D19 int 3
77745D1A int 3
77745D1B int 3
77745D1C int 3
77745D1D int 3
77745D1E int 3
77745D1F int 3
_NtUserSetMenuContextHelpId@8:
77745D20 jmp dword ptr [__imp__NtUserSetMenuContextHelpId@8 (777A4B40h)]
77745D26 int 3
77745D27 int 3
77745D28 int 3
77745D29 int 3
77745D2A int 3
77745D2B int 3
77745D2C int 3
77745D2D int 3
77745D2E int 3
77745D2F int 3
_NtUserSetMenuDefaultItem@12:
77745D30 jmp dword ptr [__imp__NtUserSetMenuDefaultItem@12 (777A4B3Ch)]
77745D36 int 3
77745D37 int 3
77745D38 int 3
77745D39 int 3
77745D3A int 3
77745D3B int 3
77745D3C int 3
77745D3D int 3
77745D3E int 3
77745D3F int 3
_NtUserSetMirrorRendering@8:
77745D40 jmp dword ptr [__imp__NtUserSetMirrorRendering@8 (777A4B38h)]
77745D46 int 3
77745D47 int 3
77745D48 int 3
77745D49 int 3
77745D4A int 3
77745D4B int 3
77745D4C int 3
77745D4D int 3
77745D4E int 3
77745D4F int 3
_NtSetPointerDeviceInputSpace@12:
77745D50 jmp dword ptr [__imp__NtSetPointerDeviceInputSpace@12 (777A4B34h)]
77745D56 int 3
77745D57 int 3
77745D58 int 3
77745D59 int 3
77745D5A int 3 |
Description: |
|
Filesize: |
122.83 KB |
Viewed: |
4892 Time(s) |
|
|
|
Back to top |
|
|
Nalik How do I cheat? Reputation: 0
Joined: 09 Oct 2019 Posts: 6
|
Posted: Sat Oct 12, 2019 12:00 am Post subject: |
|
|
Help me please
|
|
Back to top |
|
|
Nalik How do I cheat? Reputation: 0
Joined: 09 Oct 2019 Posts: 6
|
Posted: Tue Oct 15, 2019 6:19 am Post subject: |
|
|
I walked through the decompiler in the old and new dlls and in the new there is no function of setcursorpos. How can this be?
Description: |
|
Filesize: |
27.1 KB |
Viewed: |
4769 Time(s) |
|
Description: |
|
Filesize: |
17.55 KB |
Viewed: |
4771 Time(s) |
|
|
|
Back to top |
|
|
atom0s Moderator Reputation: 198
Joined: 25 Jan 2006 Posts: 8518 Location: 127.0.0.1
|
Posted: Tue Oct 15, 2019 4:45 pm Post subject: |
|
|
That appears to just be a newer setup for the API, it is still exported as SetCursorPos just that the wrapper function has been simplified to the NtUserSetCursorPos_0 setup.
Means you will need to hook the API differently now instead of just trying to 'hook-hop' it.
_________________
- Retired. |
|
Back to top |
|
|
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|