| View previous topic :: View next topic |
| Author |
Message |
Ganoes Paran
How do I cheat?
![]() Reputation: 0
Joined: 08 Apr 2009
Posts: 8
|
 Posted: Fri Sep 18, 2009 3:32 pm Post subject: [C++] Creating a Trainer |
 |
|
I may not have a large post count but i've been looking round this forum for a long time. (mad ea new account, been around here for about 3 years or so)
anyways so I've been trying to create trainer using C++. i'm not a beginer at C++ nor am I an expert, but i'm alright at it 
so i've been using the serach feature trying to find out a thread which can help me on this regard but nothing showed up at all to help me out/
so anyways decided to make my own thread with my problem and ehre it is
bassicly, I know how to make a basic C++ program, and I can make a hack work easily (for example changing the value of an address or something, like making a unit limit -1 to spawn unlimited amount of units or w.e.
The problem i'm having is incorporating opcodes in a way to modify them. for esample like making an auto asembly script but in C++, I can't do it for w.e. reason
I've read something of using a command like this: *(WORD*)0x0165474A = 0x8890; or what not, but when i try to activate it whe i'm in the game I have an error which is this error: "Unhandled exception at 0x010b1187 in asdf.exe: 0xC0000005: Access violation writing location 0x0165474a."
basicly Access violation to write something or w.e.
for writing a value to something (like the -1 example shown above) i do soemthing like:
stamina = -1;
WriteProcessMemory(hProcess, stamina_addr, &stamina, 4, NULL);
and itworks no problem, but again no idea how to write opcodes correctly. any advice/help/example code would be much appreciated, thanks =)
|
|
| Back to top |
|
 |
Slugsnack
Grandmaster Cheater Supreme
![]() Reputation: 71
Joined: 24 Jan 2007
Posts: 1857
|
| Posted: Fri Sep 18, 2009 3:37 pm Post subject: |
|
|
| take a look at VirtualProtectEx(). opcodes are generally in memory that has write protections. you need to remove this protection then restore it for when you're done
|
|
| Back to top |
|
|
Ganoes Paran
How do I cheat?
![]() Reputation: 0
Joined: 08 Apr 2009
Posts: 8
|
| Posted: Fri Sep 18, 2009 5:16 pm Post subject: |
|
|
ok i looked a bit with VisualProtectEx() but I think I don't knwo exactly how to use it. any advice on n example would be helpful
| Code: | VirtualProtectEx(hProcess, (void*)0x0152631C, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(BYTE*)0x0152631C = 0x00;
VirtualProtectEx(hProcess, (void*)0x0152631C, 4, oldProtect, &oldProtect); |
oldProtect = NULL so i think that might be a problem but i realyl don't knwo how to use this lol
most probably doing a newbish mistake, my apologies
chaging the size from 4 to 2 in VirtualProtect still gives me the same error..
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Fri Sep 18, 2009 9:24 pm Post subject: |
|
|
| You're only editing BYTE so you'll only need 1... Also its better to use VirtualProtect rather than VirtualProtectEx when using direct memory access.
|
|
| Back to top |
|
|
smartz993
I post too much
 Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Fri Sep 18, 2009 9:33 pm Post subject: |
|
|
| void:] wrote: | | You're only editing BYTE so you'll only need 1... Also its better to use VirtualProtect rather than VirtualProtectEx when using direct memory access. |
VirtualProtect is a wrapper to VirtualProtectEx, lol how is it better? Don't fight, just explain yourself.
@OP: for the first parameter of VirtualProtectEx you can just use (HANDLE)-1, which gives you a psuedo-handle to the process you're in, or use GetCurrentProcess();
-1 is the parameter that VirtualProtect calls VirtualProtectEx with.
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Fri Sep 18, 2009 9:47 pm Post subject: |
|
|
| smartz993 wrote: | | void:] wrote: | | You're only editing BYTE so you'll only need 1... Also its better to use VirtualProtect rather than VirtualProtectEx when using direct memory access. |
VirtualProtect is a wrapper to VirtualProtectEx, lol how is it better? Don't fight, just explain yourself.
@OP: for the first parameter of VirtualProtectEx you can just use (HANDLE)-1, which gives you a psuedo-handle to the process you're in, or use GetCurrentProcess();
-1 is the parameter that VirtualProtect calls VirtualProtectEx with. |
I know that, but I prefer to use VirtualProtect instead of VirtualProtectEx. I forgot about GetCurrentProcessand didn't know about using INVALID_HANDLE_VALUE as the handle parameter. I suggested it, so it could save you a few lines, to get the process's handle.
|
|
| Back to top |
|
|
HomerSexual
Grandmaster Cheater Supreme
 Reputation: 5
Joined: 03 Feb 2007
Posts: 1657
|
| Posted: Fri Sep 18, 2009 10:13 pm Post subject: |
|
|
| void:] wrote: | | smartz993 wrote: | | void:] wrote: | | You're only editing BYTE so you'll only need 1... Also its better to use VirtualProtect rather than VirtualProtectEx when using direct memory access. |
VirtualProtect is a wrapper to VirtualProtectEx, lol how is it better? Don't fight, just explain yourself.
@OP: for the first parameter of VirtualProtectEx you can just use (HANDLE)-1, which gives you a psuedo-handle to the process you're in, or use GetCurrentProcess();
-1 is the parameter that VirtualProtect calls VirtualProtectEx with. |
I know that, but I prefer to use VirtualProtect instead of VirtualProtectEx. I forgot about GetCurrentProcessand didn't know about using INVALID_HANDLE_VALUE as the handle parameter. I suggested it, so it could save you a few lines, to get the process's handle. |
usually Ex(tended) functions are better, but they can also be pointless unless you need to specifically control that extension behavior. Void does have a point that VirtualProtect is best if you dont need the extra parameters that VirtualProtectEx uses.
_________________
|
|
| Back to top |
|
|
Ganoes Paran
How do I cheat?
![]() Reputation: 0
Joined: 08 Apr 2009
Posts: 8
|
| Posted: Fri Sep 18, 2009 10:17 pm Post subject: |
|
|
well i'm not posting my whole code (rather not because it's in a sort of mess atm) but like i said, I have no problem at all editing values of addresses in the program, just chaging opcodes because of the write code error or w.e.
I already have the current handle, process and w.e. everything allright It's just not allowing me to edit opcodes =\
tried both the "change to 1" and the handle -1 stuff and stil same error. further help would be appreciated =3
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Fri Sep 18, 2009 10:24 pm Post subject: |
|
|
GetLastError()
use it and love it.
|
|
| Back to top |
|
|
smartz993
I post too much
Reputation: 2
Joined: 20 Jun 2006
Posts: 2013
Location: USA
|
| Posted: Fri Sep 18, 2009 10:39 pm Post subject: |
|
|
Try WriteProcessMemory like this, and don't worry about write protection:
| Code: | unsigned char bBytes[2] = {0x90, 0x90};
WriteProcessMemory((HANDLE)-1, (LPVOID)Address, bBytes, 2, NULL);
|
Last edited by smartz993 on Fri Sep 18, 2009 10:39 pm; edited 1 time in total |
|
| Back to top |
|
|
Ganoes Paran
How do I cheat?
![]() Reputation: 0
Joined: 08 Apr 2009
Posts: 8
|
| Posted: Fri Sep 18, 2009 10:39 pm Post subject: |
|
|
Well when i'm runing the program, and i cativate that memory edit itll just break on that command and it'll not continue onwards from there so i don't hink getlasterror command will work that well =\
and the error is, I assume, that VirtualProtectEx isn't realyl workign right because i'm doing something wrong =\
Edit: trying the method sugested just above
Edit: sweet it works, thanks alot! =)
Now nother question: how to make a nice workable codecave w/c++? 
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Fri Sep 18, 2009 10:56 pm Post subject: |
|
|
find a nice spot, write the jump to it, do whatever, jump back.
you're just writing the opcodes.
|
|
| Back to top |
|
|
Ganoes Paran
How do I cheat?
![]() Reputation: 0
Joined: 08 Apr 2009
Posts: 8
|
| Posted: Fri Sep 18, 2009 11:06 pm Post subject: |
|
|
oh yea, duh, thanks 
|
|
| Back to top |
|
|
Rur3k
Expert Cheater
 Reputation: 0
Joined: 19 Aug 2008
Posts: 235
Location: HaHaVille Maryland
|
| Posted: Mon Sep 28, 2009 7:36 pm Post subject: |
|
|
Or you could simply use WriteMemoryProcess function as stated by smartz993, I have actually just finished a program which does exactly what you are asking for.
If anyone would like this, or would like to learn from my source, please feel free to contact me via PM.
_________________
|
|
| Back to top |
|
|
igoticecream
Grandmaster Cheater Supreme
 Reputation: 0
Joined: 23 Apr 2006
Posts: 1807
Location: 0x00400000
|
| Posted: Tue Sep 29, 2009 11:05 pm Post subject: |
|
|
| Quote: |
I've read something of using a command like this: *(WORD*)0x0165474A = 0x8890; or what not, but when i try to activate it whe i'm in the game I have an error which is this error: "Unhandled exception at 0x010b1187 in asdf.exe: 0xC0000005: Access violation writing location 0x0165474a."
|
Since you are in the context of the game, doing that will throw exception if the characteristic of the code section you are trying to write is not writeable (most compilers set the code section code | execute | read
You can fix this simple by calling VirtualProtect (if you are in the context) or get PE Tools and edit the characteristic of that section to be writeable too (i'd go editing the PE, the problem will be permanent solved)
| Quote: |
Now nother question: how to make a nice workable codecave w/c++?
|
Simple, use malloc (C) or new (C++)
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
