Cheat Engine

Stylo · Posted: Mon Apr 06, 2009 3:37 am Post subject: hooking send api?

i'm having trouble with hooking send api through an executable file
through a dynamic library it's all good (using virtualprotect and you're done)
but i guess it should be different through exe's ?
cuz they have their own memory space and not injected to the process's memory space?!?!
so does any1 have an idea how to remove the memory protection?

Jani · Posted: Mon Apr 06, 2009 4:16 am Post subject:

VirtualProtectEx()

Stylo · Posted: Mon Apr 06, 2009 4:26 am Post subject:

omg i'm so dumb XD
thx Cool

@edit: a little problem here
to what process do i need to change the memory?
i mean the function is in ws2_32.dll but what process load that file?

HolyBlah · Posted: Mon Apr 06, 2009 8:52 am Post subject:

The same one that you usually inject dynamic library into.

&Vage · Posted: Mon Apr 06, 2009 8:46 pm Post subject:

slippppppppp · Posted: Mon Apr 06, 2009 9:52 pm Post subject:

Stylo · Posted: Mon Apr 06, 2009 10:32 pm Post subject:

i'm trying to capture msn or icq packets
it's possible i know since i succeded doing it using dll
btw how do i get the base address of process?
i was thinking about

BanMe · Posted: Tue Apr 07, 2009 11:18 am Post subject:

Stylo · Posted: Tue Apr 07, 2009 12:04 pm Post subject:

oh

i think u miss understand me
i asked how to get the base address of any process that i want
not the current process of my program Surprised

BanMe · Posted: Tue Apr 07, 2009 12:54 pm Post subject:

oh sorry about that misinterpretation Wink

This code should work for any process..

Stylo · Posted: Tue Apr 07, 2009 12:58 pm Post subject:

oh great that's awesome
never heard about memoryentry structure
thanks :]
@edit:
how does it return dword when mobBaseAddress is actually byte* ?
i tried returning byte* with the function but it keeps returning me the same address for every process
i think i missed something here :s ?!

&Vage · Posted: Tue Apr 07, 2009 3:28 pm Post subject:

BanMe · Posted: Tue Apr 07, 2009 4:18 pm Post subject:

first off fuck ULONG_PTR ..32 bit debuggers don't track 64 bit variables.. if you want that crap annoying you fine, use find replace..dont bother me with your "you should code this way" crap..
and 2nd off the PEB is accessible from the current process where as 1gaz wanted remote process information..though i agree it is a usable idea within the current process Smile

and im sorry 1gaz i didnt look hard enough at all aspects of MODULEENTRY32.. but the simple fix is to change ME.modBaseAddress to (ULONG)ME.hModule.. :]

regards BanMe

&Vage · Posted: Tue Apr 07, 2009 4:52 pm Post subject:

BanMe · Posted: Tue Apr 07, 2009 4:59 pm Post subject:

@irwin actually no the code was left with intentional errors and shortfalls to make the OP apply some effort to understanding the code and have a better understanding of logic analysis. thanks for your support in the matter of "pointing out the obvious" but next time try to keep it to yourself...

@:... LOL!!!!! i suggested using the PEB when the circumstances fit the requirements(ie accessing the PEB from the Current Process..) i agree with the you in accessing the PEB to obtain Current Process Info but to obtain Remote Process info, accessing the PEB is inpractical and adds more headaches then its worth..but yea good job reading what i said..

regards BanMe