| View previous topic :: View next topic |
| Author |
Message |
systat
Advanced Cheater
 Reputation: 0
Joined: 15 Feb 2008
Posts: 54
|
 Posted: Sun Mar 02, 2008 10:50 am Post subject: Injection Shaiya |
 |
|
I do this, this is supposed when injected, and pressed on that
GetPoints button in Shaiya redirect to some other page not for billing, but, when i press that button client crash
| Code: | #include <windows.h>
#include <detours.h>
#include "stdafx.h"
bool APIENTRY DllMain(HMODULE hModule, unsigned long ulReason, void* vpReserved)
{
if(ulReason == DLL_PROCESS_ATTACH)
{
BYTE* pGUID = (BYTE*)GetModuleHandle("game.exe") + 0x73729;
const char *ciASCII = (const char*)"%c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE http://www.notaeria.blabal";
unsigned long ulProtection;
VirtualProtect(pGUID, 132, PAGE_EXECUTE_READWRITE, &ulProtection);
memcpy(pGUID, (const void*)ciASCII, 132);
VirtualProtect(pGUID, 132, ulProtection, &ulProtection);
}
return true;
} |
_________________
uuuuuuuuuuuuu |
|
| Back to top |
|
 |
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sun Mar 02, 2008 11:31 am Post subject: |
|
|
Create a Seperate Thread within DLL_PROCESS_ATTACH
| Code: | #include <windows.h>
#include <detours.h>
#include "stdafx.h"
#pragma comment (linker, "/ENTRY:DllMain")
void SeperateThread()
{
BYTE* pGUID = (BYTE*)GetModuleHandle("game.exe") + 0x73729;
const char *ciASCII = (const char*)"%c:\\Program Files\\Internet Explorer\\IEXPLORE.EXE http://www.notaeria.blabal";
unsigned long ulProtection;
VirtualProtect(pGUID, 132, PAGE_EXECUTE_READWRITE, &ulProtection);
memcpy(pGUID, (const void*)ciASCII, 132);
VirtualProtect(pGUID, 132, ulProtection, &ulProtection);
}
BOOL WINAPI DllMain( HMODULE hModule, DWORD dwReason, LPVOID lpReserved )
{
UNREFERENCED_PARAMETER( hModule );
UNREFERENCED_PARAMETER( lpReserved );
switch( dwReason )
{
case DLL_PROCESS_ATTACH:
CreateThread( 0, 0, (LPTHREAD_START_ROUTINE)&SeperateThread, 0, 0, 0 );
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
} |
_________________
|
|
| Back to top |
|
|
systat
Advanced Cheater
Reputation: 0
Joined: 15 Feb 2008
Posts: 54
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sun Mar 02, 2008 2:36 pm Post subject: |
|
|
Then there is something wrong with the Coding in the thread. or try getting rid of the #pragma comment at the top.
_________________
|
|
| Back to top |
|
|
Zand
Master Cheater
![]() Reputation: 0
Joined: 21 Jul 2006
Posts: 424
|
| Posted: Mon Mar 03, 2008 2:14 am Post subject: |
|
|
| The string you are trying to overwrite is actually located at 0x616308...
|
|
| Back to top |
|
|
systat
Advanced Cheater
Reputation: 0
Joined: 15 Feb 2008
Posts: 54
|
| Posted: Mon Mar 03, 2008 7:22 am Post subject: |
|
|
You are wrong!
That is not correct address, i have correct addres, but when i try to press button shaiya just exits
_________________
uuuuuuuuuuuuu |
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Mon Mar 03, 2008 8:22 am Post subject: |
|
|
| systat wrote: | You are wrong!
That is not correct address, i have correct addres, but when i try to press button shaiya just exits |
From looking at that screenshot, he is right.
0x473729 holds the push that is pushing the string into the stack, not the actual string itself.
0x616308 holds the actual string itself.
Open up Cheat Engine, add game.exe+0x73729 as an address to your table, the string wont be there, I can almost guarantee you it. Add the push address thats in your pic and it should be there. You are overwriting the wrong location in memory which is why the game is closing.
_________________
- Retired. |
|
| Back to top |
|
|
systat
Advanced Cheater
Reputation: 0
Joined: 15 Feb 2008
Posts: 54
|
| Posted: Mon Mar 03, 2008 9:03 am Post subject: |
|
|
Utterly weird, well, why then it still opens the original page after i inject code??
_________________
uuuuuuuuuuuuu |
|
| Back to top |
|
|
atom0s
Moderator
Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Mon Mar 03, 2008 5:44 pm Post subject: |
|
|
Possibly it failed to write to the memory, or the game rewrote what is supposed to be there as a protection method? I can't give you a full answer as I don't play or know anything about the game in question.
_________________
- Retired. |
|
| Back to top |
|
|
rapion124
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Mar 2007
Posts: 1095
|
| Posted: Mon Mar 03, 2008 5:47 pm Post subject: |
|
|
| It doesn't work like that. The stack address is going to be different every time. Best way is to modify EAX before the push. Add a jmp before push eax and allocate the string. mov the address of the string into eax and return control to the game.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
