Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[RLS] GG Usermode Hook Bypass + Source
Goto page 1, 2  Next
 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
rapion124
Grandmaster Cheater Supreme
Reputation: 0

Joined: 25 Mar 2007
Posts: 1097

PostPosted: Tue Jul 08, 2008 8:57 pm    Post subject: [RLS] GG Usermode Hook Bypass + Source Reply with quote

This is a project I worked on a while ago. Since most of you people want to make trainers and bots, this would be really helpful. It bypasses npggNT.des's usermode hooks, for example, PostMessage, GetPixel, and a lot of others. This won't bypass ReadProcessMemory as that is hooked in kernelmode, but it will bypass things needed for botting.

To use it in your trainer, simply put the .dll in the first 'Release' folder in the same path as your trainer/bot. Then, in your source, add this line:
Code:

LoadLibrary("npggntHook.dll");

Open Debug View to see what it is doing. It shows a lot of verbose.

This is version 1.0. It is not the final version. I will be making some updates to this such as anti-IAT hooking.

Enjoy!
Refresh if you can't see.



The Extension 'rar' was deactivated by an board admin, therefore this Attachment is not displayed.



Last edited by rapion124 on Wed Jul 09, 2008 5:23 am; edited 1 time in total
Back to top
View user's profile Send private message
GMZorita
Grandmaster Cheater Supreme
Reputation: 0

Joined: 21 Mar 2007
Posts: 1362

PostPosted: Tue Jul 08, 2008 9:18 pm    Post subject: Reply with quote

This forum is only for sources if I'm not mistaken, I suggest you to re-post it at the binary sections.

Edit1: Sorry i thought there was no source.

_________________
Gone


Last edited by GMZorita on Tue Jul 08, 2008 10:24 pm; edited 1 time in total
Back to top
View user's profile Send private message
ElectroFusion
Grandmaster Cheater
Reputation: 0

Joined: 17 Dec 2006
Posts: 787

PostPosted: Tue Jul 08, 2008 9:28 pm    Post subject: Reply with quote

he included source
_________________
qwerty147 wrote:

ghostonline wrote:

what world are you in?

bera

but i live in NZ
Back to top
View user's profile Send private message
Chaosis13
Master Cheater
Reputation: 0

Joined: 14 Aug 2007
Posts: 373

PostPosted: Tue Jul 08, 2008 9:46 pm    Post subject: Reply with quote

Good release, I will check it out later. But does this bypass it, or just give alternative solutions, new functions?
Back to top
View user's profile Send private message
Felgore
Master Cheater
Reputation: 0

Joined: 16 Apr 2007
Posts: 450

PostPosted: Tue Jul 08, 2008 11:56 pm    Post subject: Reply with quote

Sorry to sound so noob but...this is written in C++ correct?

Would you be able to translate into C#? (I'm working on a bot ATM)

Thanks again. Very Happy
Back to top
View user's profile Send private message
Overload
Master Cheater
Reputation: 0

Joined: 08 Feb 2008
Posts: 294

PostPosted: Wed Jul 09, 2008 12:22 am    Post subject: Reply with quote

Felgore wrote:
Sorry to sound so noob but...this is written in C++ correct?

Would you be able to translate into C#? (I'm working on a bot ATM)

Thanks again. Very Happy


No need to translate it. Just load the library and call its functions.
Back to top
View user's profile Send private message MSN Messenger
Felgore
Master Cheater
Reputation: 0

Joined: 16 Apr 2007
Posts: 450

PostPosted: Wed Jul 09, 2008 12:25 am    Post subject: Reply with quote

Overload wrote:
Felgore wrote:
Sorry to sound so noob but...this is written in C++ correct?

Would you be able to translate into C#? (I'm working on a bot ATM)

Thanks again. Very Happy


No need to translate it. Just load the library and call its functions.


Ok, will do.

Thanks again.

EDIT: Okay, another question. I may be wayyy off track here, but If I wanted to load this Dll in C#, would i use:

Code:

DllImport["npggntHook.dll"];


If that was true, how would I call it's Methods etc...

Thanks in advance. Very Happy
Back to top
View user's profile Send private message
rapion124
Grandmaster Cheater Supreme
Reputation: 0

Joined: 25 Mar 2007
Posts: 1097

PostPosted: Wed Jul 09, 2008 5:20 am    Post subject: Reply with quote

You don't need to call anything. All you need to do is load npggntHook.dll and then you're all done. I suggest you do not do that during initialization of your app because the when your app uses GetProcAddress to resolve addresses, it will be given the stub addresses, which will be hooked by npggNT.des. Best to apply the bypass right before GameGuard loads.

This is a complete bypass. No more calling trampoline functions. Just do whatever you do regularly. If you wanna use PostMessageA, just call PostMessageA lol.
Back to top
View user's profile Send private message
ElJEffro
Grandmaster Cheater Supreme
Reputation: 0

Joined: 15 Apr 2007
Posts: 1882
Location: La Tierra

PostPosted: Thu Jul 10, 2008 4:18 am    Post subject: Reply with quote

[DllImport("kernel32.dl")]
public static extern IntPtr LoadLibrary(string libraryname)

then declare IntPtr hModule;

then
void Form1_Load(object Sender, eventargs e)
{
hModule = LoadLibrary("npggntHook.dll");
}


use Freelibrary(hModule) later if you need it
Back to top
View user's profile Send private message
Felgore
Master Cheater
Reputation: 0

Joined: 16 Apr 2007
Posts: 450

PostPosted: Thu Jul 10, 2008 7:16 am    Post subject: Reply with quote

Thanks guys Very Happy
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1888
Location: Canada

PostPosted: Thu Jul 10, 2008 8:52 pm    Post subject: Reply with quote

Completely bypassing ring3 hooks can be achieved with a simple hex editor, no programming required.
Back to top
View user's profile Send private message
h4c0r-BG
Master Cheater
Reputation: 0

Joined: 29 Nov 2006
Posts: 451
Location: The yogurt country

PostPosted: Tue Jul 15, 2008 2:37 am    Post subject: Reply with quote

I've builded a simple autoclick0r which uses mouse_event();
I tested it in Gunz Online (ijji) but it did not work.
So does this dll bypass mouse_event() too ?



Flyte wrote:
Completely bypassing ring3 hooks can be achieved with a simple hex editor, no programming required.




Can you please share more hints with us?

_________________

Back to top
View user's profile Send private message
DeletedUser14087
I post too much
Reputation: 2

Joined: 21 Jun 2006
Posts: 3083

PostPosted: Tue Jul 15, 2008 3:04 am    Post subject: Reply with quote

h4c0r-BG wrote:
I've builded a simple autoclick0r which uses mouse_event();
I tested it in Gunz Online (ijji) but it did not work.
So does this dll bypass mouse_event() too ?


MSDN wrote:
Windows NT/2000/XP: This function has been superseded. Use SendInput instead.
, kiki released a .dll+.sys that hooked back SI, use that maybe ? it came along with a simple source of an AC in Borland C++ Builder.
Back to top
View user's profile Send private message
h4c0r-BG
Master Cheater
Reputation: 0

Joined: 29 Nov 2006
Posts: 451
Location: The yogurt country

PostPosted: Tue Jul 15, 2008 7:40 am    Post subject: Reply with quote

Thank you Rot1. I believe I have found what i looked for:

http://forum.cheatengine.org/viewtopic.php?t=235822

But the problem is now there are not any good examples in google for Delphi+SendInput http://www.google.com/search?hl=bg&q=delphi+SendInput

The main problem is that i was not able to find a good example with mouse click event or something like that.

This is the best piece of code i found which simulates "writing a string"

Code:
procedure TForm1.Button1Click(Sender: TObject);
const
   Str: string = 'writing writing writing';
var
  Inp: TInput;
  I: Integer;
begin
  Edit1.SetFocus;

  for I := 1 to Length(Str) do
  begin
    // press
    Inp.Itype := INPUT_KEYBOARD;
    Inp.ki.wVk := Ord(UpCase(Str[i]));
    Inp.ki.dwFlags := 0;
    SendInput(1, Inp, SizeOf(Inp));

    // release
    Inp.Itype := INPUT_KEYBOARD;
    Inp.ki.wVk := Ord(UpCase(Str[i]));
    Inp.ki.dwFlags := KEYEVENTF_KEYUP;
    SendInput(1, Inp, SizeOf(Inp));

    Application.ProcessMessages;
    Sleep(80);
  end;
end;


Can anyone help me a bit, and one more silly question.

At FormCreate do i need to loadlibrary('KiInput.dll'); ?
And what exactly Kiki meant when he said "Make sure you call Initialize() (only call it once) before you attempt to call AltSendInput or AltPostMessage... bad things will happen if you've got a thread or timer constantly trying to call "0". "

_________________

Back to top
View user's profile Send private message
lurc
Grandmaster Cheater Supreme
Reputation: 2

Joined: 13 Nov 2006
Posts: 1901

PostPosted: Tue Jul 15, 2008 10:15 am    Post subject: Reply with quote

h4c0r-BG wrote:
At FormCreate do i need to loadlibrary('KiInput.dll'); ?
And what exactly Kiki meant when he said "Make sure you call Initialize() (only call it once) before you attempt to call AltSendInput or AltPostMessage... bad things will happen if you've got a thread or timer constantly trying to call "0". "


Call LoadLibrary anywhere.
He said make sure to call Initialize because that is the function that loads and initiates the driver.
If you don't initialize the driver, AltSendInput will so absouletly nothing.

_________________
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites