 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
GrandPa
Advanced Cheater
![]() Reputation: 3
Joined: 09 Jul 2010
Posts: 87
Location: Italy
|
 Posted: Thu Sep 13, 2012 1:58 pm Post subject: [Help] Loading SpeedHack.dll like system dll |
 |
|
I recently got an issue simply injecting Speedhack in a process, because, even if it initially works, as soon as the game loads something new it overwrites Speedhack code and just crashes.
I checked that speedhack.dll loads itself in the executable region (02000000-0FFFFFFF), but the program use the same region to load temporary code and data there as well as in memory region from 20000000 to 4FFFFFFF.
It doesn't seem like that the program targets speedhack on purpose because if it already loaded what it needs there are no problems even when transictions are displayed.
By the way it uses aeon.dll extracted from data file(s) at runtime and stored in the user temp dir as hidden/system library, naming it aeon.flN, where N is a progressive number.
My question is: is it possible to make Speedhack.dll like a system dll so the program loads it by default every time OR on injection, make it loading in system region (>60000000)?
Thanks in advance
_________________
CHEATING is a must,
nowadays, if you like
P L A Y I N G |
|
| Back to top |
|
 |
Gniarf
Grandmaster Cheater Supreme
![]() Reputation: 43
Joined: 12 Mar 2012
Posts: 1285
|
| Posted: Fri Sep 14, 2012 6:55 am Post subject: Re: [Help] Loading SpeedHack.dll like system dll |
|
|
| GrandPa wrote: | | My question is: is it possible to make Speedhack.dll like a system dll so the program loads it by default every time |
If a dll is a system dll it doesn't mean it is loaded at startup. Anyway, there are 2 ways to have your program load the speedhack dll at startup:
1-Edit what it called the imports of your .exe and add there one of speedhack's exports. I think you can do that with PEditor though I don't remember the exact procedure.
2-Hack the first instructions of your exe file so that it becomes something like:
| Code: | push a_pointer_to_"speedhack.dll" (the string)
call [LoadLibraryA_import]
jmp original_code |
You will probably need to change the "Entry Point" so that it points to the stub above instead of the original code.
I wrote call [LoadLibraryA_import] instead of call LoadLibraryA because there is somewhere (within the "import table") in your exe a static address that contains the address of the LoadLibraryA function. You must use the address in the import table or your modification won't work after rebooting your computer.
Finally I recommend wiping the reloc section of the exe if you use this approach.
| GrandPa wrote: | | OR on injection, make it loading in system region (>60000000)? |
That way is easier. What you're trying to do is called "rebasing a dll". There are several tools to do that, some works others don't, personally I recommend CFF explorer for that. Open speedhack.dll with cff, go to rebuilder, untick all options except "New Image Base", choose your new base,click rebuild, save, use.
|
|
| Back to top |
|
|
GrandPa
Advanced Cheater
![]() Reputation: 3
Joined: 09 Jul 2010
Posts: 87
Location: Italy
|
| Posted: Sat Sep 15, 2012 5:52 pm Post subject: |
|
|
Thank you for your suggestions. I will try the last method first, because it seems easier, but i will try the other ones too for experience.
=====================
I noticed my post is been moved: I'm sorry to have misplaced it and thanks for moving it in the appropriate section.
_________________
CHEATING is a must,
nowadays, if you like
P L A Y I N G |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
