Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


Process hidden.

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
blackmorpheus
Expert Cheater
Reputation: 0

Joined: 05 Apr 2008
Posts: 159
PostPosted: Wed Mar 04, 2009 4:18 pm    Post subject: Process hidden. Reply with quote
I'm trying to make a bot for a game called Priston Tale 2.
THe problem is that i cannot see the program in the process list ( task manager). So I can't inject a dll with the standard dll injectors.

If i get this to work, another problem is that, i think GameGuard has hooked PostMessageA. I've heard something about " trampoline" but I don't really know what it is. Could someone give an example on how to do that?
Back to top
View user's profile Send private message
BirdsEye
Advanced Cheater
Reputation: 0

Joined: 05 Apr 2008
Posts: 94
PostPosted: Wed Mar 04, 2009 4:40 pm    Post subject: Reply with quote
Code:

DWORD dwPostMessage = (DWORD)GetProcAddress(LoadLibrary(_T("user32.dll"), "PostMessageA");

__declspec(naked) BOOL WINAPI _PostMessageA(__in HWND hWnd, __in UINT uMsg, __in WPARAM wParam, __in LPARAM lParam)
{
    __asm
    {
        mov    edi, edi
        push   ebp
        mov    ebp, esp
        jmp    dword ptr ds:[dwPostMessage]
    }
}


I think you should know trampolining requires hot-patching which is not supported by all Windows versions. I suggest that you consider using Irwin's InjectMessage method:
Code:

LRESULT InjectMessage(__in HWND hWnd, __in UINT uMsg, __in WPARAM wParam, __in LPARAM lParam)
{
  WNDPROC WndProc;
  LRESULT lRET = 0;

  WndProc = (WNDPROC)GetWindowLongPtr(hWnd, GWLP_WNDPROC);
  if (WndProc != NULL)
    lRET = CallWindowProc(WndProc, hWnd, uMsg, wParam, lParam);

  return lRET;
}


However, if you still persist on hook-hopping, then this would be of great use:
[Irwin's] "Safer" Trampolining
Back to top
View user's profile Send private message
igoticecream
Grandmaster Cheater Supreme
Reputation: 0

Joined: 23 Apr 2006
Posts: 1807
Location: 0x00400000
PostPosted: Wed Mar 04, 2009 4:40 pm    Post subject: Reply with quote
GameGuard unlink the EPROCESS struct of maplestory. this structures is like a double-link struct on a C program. so the EPROCESS have a prev and a next process link:

A->B->C (B is maple)

after gameguard:

A -> C
B (maple point to itself)

re-linking maplestory is detected
Back to top
View user's profile Send private message
Slugsnack
Grandmaster Cheater Supreme
Reputation: 71

Joined: 24 Jan 2007
Posts: 1857
PostPosted: Wed Mar 04, 2009 6:48 pm    Post subject: Reply with quote
search for the process with toolhelp32 functions. there is a brief period where you can inject just before gg loads but after game process has initialised.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites