Cheat Engine

kb3z0n · Posted: Tue Aug 12, 2008 10:28 pm Post subject: Delphi 7 WriteProcessMemory?

Learning to tick ZF, for a godmode for a private server to learn the basics of writeprocessmemory,

looking through the CE source i found

writeprocessmemory(processhandle,pointer(realaddress),addr(write1),1,write);

How would that help to tick ZF? D=

BTW, cant find anything on SetContextThread.

oib111 · Posted: Tue Aug 12, 2008 11:32 pm Post subject:

If you download CE's source it uses SetContextThread. And if you search there is also a thread almost exactly like yours.

h4c0r-BG · Posted: Wed Aug 13, 2008 5:01 am Post subject:

dnsi0 · Posted: Wed Aug 13, 2008 12:37 pm Post subject:

Function:
DeviceIOControl.

Figure out how to use it yourself.

Edit: *Hint* How to use it is in cheatengine's source.

Edit2: And no cheatengine uses DeviceIOControl.

lurc · Posted: Wed Aug 13, 2008 2:03 pm Post subject:

kb3z0n · Posted: Wed Aug 13, 2008 2:07 pm Post subject:

My bad, i never knew D=

lurc · Posted: Wed Aug 13, 2008 2:24 pm Post subject:

You coudn't find anything because oib mixed up the API.

It's SetThreadContext, not SetContextThread.

MSDN - SetThreadContext

Btw, "Ticking ZF" is simply setting the Zero Flag (EFLAG) to 1 when that instruction is executed. Each instruction affects certain flags and registers. When a jump occurs the ZF flag is utilized. When you set ZF on something like JNE/JNZ (Jump short if not equal (ZF=0)), it acts as JE/JZ (Jump short if zero (ZF = 1))

If you can memory edit, its easier just to change JNE/JNZ (0x75) to JE/JZ (0x74), via WriteProcessMemory.

dnsi0 · Posted: Wed Aug 13, 2008 2:38 pm Post subject:

Yea my bad. The actucal stuff is in the drivers.

lurc · Posted: Wed Aug 13, 2008 3:07 pm Post subject:

That's why I said if you can. Rolling Eyes

HalfPrime · Posted: Wed Aug 13, 2008 3:52 pm Post subject:

lol if he's trying to do something like this with GG running, I really don't think GG is going to give you debug privileges on MS.

Besides, he mentioned it was for a private server, so I don't think GG's running.

kb3z0n · Posted: Wed Aug 13, 2008 3:57 pm Post subject:

Yeah, i'm only trying to do it for a private server for now,

http://msdn.microsoft.com/en-us/library/ms680632.aspx

doesn't really help me at all, isn't there any tuts or examples on this?

@h4c0r

Const WindowTitle = 'prog test'; //change this to the Maple caption
Address = $41D090; // change this to the address of your godmode
PokeValue = $32; // change this to $eb (JMP in ASM)

I'm not pro with ASM, so how would i change the pokevalue.

PokeValue = $EB; // ?

dnsi0 · Posted: Wed Aug 13, 2008 4:30 pm Post subject:

h4c0r-BG · Posted: Wed Aug 13, 2008 4:33 pm Post subject:

kb3z0n, you go to memory view, right click on the address and tick [ZF] (zero flag) am I right?

The private server has no protection so you can do "more powerful/stable" method instead of "ticking ZF" which i shared with you.

At the start of the application you declare as a const values:

WindowTitle = 'prog test'; //name of the program you will hack
Address = $41D090; //the address which you want to "tick ZF"
PokeValue = $EB; //$EB = JMP = should do the job "tick ZF"
NumberOfBytes = 1; //shows how much bytes you will ...

And let me tell you that if it does not work with $EB you will need to do it with $90 (NOP in asm, and it will be 2 bytes if it's short jump Wink

)

Edit1:

dnsi0, wasn't $e9 for long jump and $eb is for short one?

Edit2:

dnsi0 · Posted: Wed Aug 13, 2008 4:47 pm Post subject:

DeletedUser14087 · Posted: Wed Aug 13, 2008 5:07 pm Post subject:

h4c0r-BG, worst example from Torry's EVER!

try this: (Function i wrote for PiN Hunter, to inject PT)
It works by patching 1 byte, which means it overwrites 2 bytes to get

no need Get/FreeMem At All, only WPM that's all (i used GWTID to obtain the id of the process, and OP to obtain the handle, you could juse use Process32First/Next to obtain ID or CreateProcess for the Handle (Without using OP/etc))