| View previous topic :: View next topic |
| Author |
Message |
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
 Posted: Sun Oct 18, 2009 5:37 pm Post subject: Please Help [DLL] |
 |
|
Okay guys, i'm making a hack for Some Game and right now each time I inject it to Some Game , Some Game crashes.
| Code: |
#include <windows.h>
#include <stdio.h>
DWORD VirtualX = (DWORD)GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualProtect") + 5;
BOOL WINAPI VirtualProtectX(LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect)
{
_asm {
mov edi,edi
push ebp
mov esp, ebp
jmp [VirtualX]
}
}
void Hacks()
{
Sleep(10000);
VirtualProtectX((LPVOID)0x178ACE8C, 4, PAGE_EXECUTE_READWRITE, NULL);
DWORD Ammo = *(DWORD*)0x178ACE8C;
if (Ammo != 0)
{
*(DWORD*)0x178ACE8C = 999;
}
}
BOOL WINAPI DllMain(HINSTANCE module, DWORD dwReason, LPVOID lpvReserved)
{
if(dwReason == DLL_PROCESS_ATTACH)
{
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Hacks, 0, 0, 0);
}
return TRUE;
}
|
Can you tell me whats wrong?
- Thanks
|
|
| Back to top |
|
 |
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Sun Oct 18, 2009 6:39 pm Post subject: |
|
|
Attach the Visual Studio debugger to the program after you inject it and you can step through your injected dll.
it's pretty rad.
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Sun Oct 18, 2009 6:55 pm Post subject: |
|
|
| Also, I find this a common problem for every game I inject my dll to and want to use DMA to write.
|
|
| Back to top |
|
|
Jani
Grandmaster Cheater
![]() Reputation: 2
Joined: 29 Dec 2006
Posts: 804
|
| Posted: Mon Oct 19, 2009 6:11 am Post subject: |
|
|
RTFM.. | MSDN wrote: | lpflOldProtect [out]
A pointer to a variable that receives the previous access protection value of the first page in the specified region of pages. If this parameter is NULL or does not point to a valid variable, the function fails. |
|
|
| Back to top |
|
|
TheRealLinky
How do I cheat?
![]() Reputation: 0
Joined: 18 Jun 2009
Posts: 7
|
| Posted: Mon Oct 19, 2009 3:39 pm Post subject: |
|
|
| Your dll may be detected as a hack. Does it crash or just shut down? Whats the error code? What operating system is it? Is 32 or 64 bit? Is dep enabled?
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Mon Oct 19, 2009 6:17 pm Post subject: |
|
|
Jani: I think it's optional, I've used NULL for that arg countless times before without crashing.
OP: Are you even sure the pointer has allocated yet? Last time I checked the pointer was allocated after you get into a game.
| Code: |
DWORD dwVP = (DWORD)VirtualProtect;
bool __declspec(naked) VirtualProtectX( LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect )
{
_asm {
push ebp
mov esp, ebp
jmp [dwVP]
}
}
DWORD __stdcall mainT( void )
{
if(!VirtualProtectX((LPVOID)0x178ACE8C, 4, PAGE_EXECUTE_READWRITE, NULL))
return MessageBox(NULL, "Could not change page protection!", NULL, MB_ICONERROR);
for(;;)
{
if(GetAsyncKeyState(VK_F10) & 0x8000)
break;
}
MessageBox(NULL, "You've pushed F10!", "Success!", MB_OK);
DWORD dwAmmo = NULL;
for(;;Sleep(10))
{
dwAmmo = *(DWORD*)0x178ACE8C;
if(dwAmmo != 0)
*(DWORD*)0x178ACE8C = 100;
}
}
BOOL WINAPI DllMain( HINSTANCE hInst, DWORD dwReason, LPVOID lpvReserved )
{
if(dwReason == DLL_PROCESS_ATTACH)
{
DisableThreadLibraryCalls(hInst);
return CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)&mainT, NULL, NULL, NULL) != INVALID_HANDLE_VALUE;
}
return false;
} |
This should work, just push F10 after you're ingame.
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Mon Oct 19, 2009 6:29 pm Post subject: |
|
|
| Edit: Actually, it never worked.
|
|
| Back to top |
|
|
Jani
Grandmaster Cheater
![]() Reputation: 2
Joined: 29 Dec 2006
Posts: 804
|
| Posted: Tue Oct 20, 2009 4:02 am Post subject: |
|
|
| &Vage wrote: | | Jani: I think it's optional, I've used NULL for that arg countless times before without crashing. |
Well, it doesn't say opt_ anywhere. Nor that it can be NULL.
So,
-> VirtualProtect fails, because the param is NULL.
-> He doesn't know about it, because he's not checking the return value.
-> He still tries to write the value.
-> Crash.
-> ???
-> Profit.
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Tue Oct 20, 2009 7:16 pm Post subject: |
|
|
So if the NULL is the problem, should I replace NULL with 0?
Also, NULL is also 0.
#define NULL 0
|
|
| Back to top |
|
|
Jani
Grandmaster Cheater
![]() Reputation: 2
Joined: 29 Dec 2006
Posts: 804
|
| Posted: Wed Oct 21, 2009 3:50 am Post subject: |
|
|
| iPromise wrote: | | So if the NULL is the problem, should I replace NULL with 0? |
...
What do you think? If it may NOT be 0 and you replace it with 0.. Sure that will work. What about actually storing the old protection? And better yet, restoring it when you're done with your tinkering.
@&Vage: your DllMain is always returning true, if dwReason == DLL_PROCESS_ATTACH, even if CreateThread failed. CreateThread doesn't return INVALID_HANDLE_VALUE when it fails.
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Wed Oct 21, 2009 5:33 pm Post subject: |
|
|
| I'll give it a test.
|
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Wed Nov 04, 2009 7:05 pm Post subject: |
|
|
DWORD Protection;
VirtualProtectX((LPVOID) 0x1234567, 4, PAGE_EXECUTE_READWRITE, &Protection);
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
