| View previous topic :: View next topic |
| Author |
Message |
Hotrootsoup
Advanced Cheater
![]() Reputation: 0
Joined: 26 Dec 2006
Posts: 65
|
 Posted: Mon Aug 17, 2009 7:49 am Post subject: [C] Question |
 |
|
Can C change values in another program without injecting DLL's?
If I could load addresses in, and be able to change values, I could make quick, undetected trainers.
|
|
| Back to top |
|
 |
HomerSexual
Grandmaster Cheater Supreme
 Reputation: 5
Joined: 03 Feb 2007
Posts: 1657
|
| Posted: Mon Aug 17, 2009 7:58 am Post subject: |
|
|
write / read process memory. First thing detected by most anti-cheat solutions
_________________
|
|
| Back to top |
|
|
Hotrootsoup
Advanced Cheater
![]() Reputation: 0
Joined: 26 Dec 2006
Posts: 65
|
| Posted: Mon Aug 17, 2009 8:20 am Post subject: |
|
|
Grats on 1500 posts
Oh, right, so id need a bypass anyway. Well,the main point was to see what its called, not to see if its undetected, so I got what i need.
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Mon Aug 17, 2009 10:28 am Post subject: |
|
|
you could even use Toolhelp32ReadProcessMemory to read memory hahaha
just thought i'd come out with that random API there..
|
|
| Back to top |
|
|
Polynomial
Grandmaster Cheater
![]() Reputation: 5
Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
|
| Posted: Mon Aug 17, 2009 7:31 pm Post subject: |
|
|
Would it be possible to duplicate kernel32.dll and modify the export (using a hex editor or disassembler) in order to change the API's name to something like CheatReadProcessMemory? Would that somehow still be detected?
_________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time. |
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Mon Aug 17, 2009 8:53 pm Post subject: |
|
|
| Burningmace wrote: | | Would it be possible to duplicate kernel32.dll and modify the export (using a hex editor or disassembler) in order to change the API's name to something like CheatReadProcessMemory? Would that somehow still be detected? |
This is a quick way of bypassing all user mode hooks, and it is the method I use most often (i.e. - making a program, then running it through a 'bypasser' that just copies all the dependencies and mangles the export names.)
This won't bypass any kernel-mode detection though, and generally process reads and writes are protected in the kernel.
|
|
| Back to top |
|
|
Polynomial
Grandmaster Cheater
![]() Reputation: 5
Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
|
|
| Back to top |
|
|
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Tue Aug 18, 2009 6:38 am Post subject: |
|
|
| you could ^_^ you can just copy the kernel memory and then do the same process
|
|
| Back to top |
|
|
Polynomial
Grandmaster Cheater
![]() Reputation: 5
Joined: 17 Feb 2008
Posts: 524
Location: Inside the Intel CET shadow stack
|
| Posted: Tue Aug 18, 2009 6:41 am Post subject: |
|
|
But wouldn't copying the kernel memory require an API (such as ReadProcessMemory) that the protection can just hook again?
_________________
It's not fun unless every exploit mitigation is enabled.
Please do not reply to my posts with LLM-generated slop; I consider it to be an insult to my time. |
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
