| View previous topic :: View next topic |
| Author |
Message |
SliderMan
Expert Cheater
 Reputation: 0
Joined: 17 May 2006
Posts: 138
|
 Posted: Tue May 01, 2007 1:29 am Post subject: usign dbk32.dll & dbk32.sys to wpm in c++ |
 |
|
hey guys idk why but its not really writing the process:
| Code: |
#include "windows.h"
#include <stdio.h>
#include <objidl.h>
#pragma comment(lib, "user32.lib")
typedef int (*MYPROC)(LPTSTR);
void main () {
unsigned long PID; // We need this now to store the PID.
HANDLE hProcess; //We will use this for OpenProcess
HINSTANCE hDllTrainer;
MYPROC DllAdd;
BOOL fFreeResult, fRunTimeLinkSuccess = FALSE;
HWND hWindow = FindWindow(NULL, "Minesweeper");
CreateRemoteThread(hWindow, NULL, 0, 0, 0, NULL, NULL);
GetWindowThreadProcessId(hWindow, &PID);
DWORD ToBeWritten[]={0x90};
DWORD Newdatasize = sizeof(ToBeWritten);
hDllTrainer = LoadLibrary("dbk32.dll");
if(hDllTrainer != NULL) {
DllAdd = (MYPROC) GetProcAddress(hDllTrainer, "WPM");
if (DllAdd != NULL) {
fRunTimeLinkSuccess = TRUE;
hProcess = OpenProcess(PROCESS_ALL_ACCESS, TRUE, PID);
(MYPROC)(hProcess, (LPVOID) 0x01002FF5, ToBeWritten, Newdatasize, 0);
CloseHandle(hProcess);
}
else if(!hDllTrainer) {
MessageBoxA(0, "Error! Couldnt Load TrainerCalls.dll! Quiting.", "ERROR!", MB_ICONINFORMATION);
}
}
}
|
btw i took some of the code from noz site so credit to you noz 
and thanks ur blog is perfect i have lreand alot 
original WriteProcessMemory works fine
can soemone help me fixing it?
_________________
[qoute]
Edit: Server Maintenance will be extended for infinite hours and will end at the end of time. Thank you and go fuck yourself.
[/qoute] |
|
| Back to top |
|
 |
Noz3001
I'm a spammer
 Reputation: 26
Joined: 29 May 2006
Posts: 6220
Location: /dev/null
|
| Posted: Tue May 01, 2007 3:45 pm Post subject: |
|
|
| Code: | void WPM1( HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID lpBuffer, SIZE_T nSize, SIZE_T* lpNumberOfBytesWritten )
{
DWORD WPM = (DWORD)GetProcAddress(LoadLibrary("dbk32.dll"), "WPM");
_asm {
push lpNumberOfBytesWritten
push nSize
push lpBuffer
push lpBaseAddress
push hProcess
call WPM }
} |
Just a thought. No idea if it will work.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Tue May 01, 2007 4:17 pm Post subject: |
|
|
dbk32 has one small change to the original api, the last parmaters (actual bytes written, may NOT be 0
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
appalsap
Moderator
 Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Tue May 01, 2007 4:36 pm Post subject: |
|
|
noz, It's best to avoid inline asm unless absolutely necessary. To call a function without a prototype, do this:
| Code: |
typedef BOOL(__stdcall* WPMD)(HANDLE, LPVOID, LPCVOID, DWORD, LPDWORD);
WPMD DBKWPM;
...
DBKWPM(blah, blah, blah, blah, &blah);
|
|
|
| Back to top |
|
|
SliderMan
Expert Cheater
Reputation: 0
Joined: 17 May 2006
Posts: 138
|
| Posted: Wed May 02, 2007 8:13 am Post subject: |
|
|
| Dark Byte wrote: | | dbk32 has one small change to the original api, the last parmaters (actual bytes written, may NOT be 0 |
what should i wrtie instante?
_________________
[qoute]
Edit: Server Maintenance will be extended for infinite hours and will end at the end of time. Thank you and go fuck yourself.
[/qoute] |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25807
Location: The netherlands
|
| Posted: Wed May 02, 2007 9:18 am Post subject: |
|
|
try giving it the address of a unused variable...
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
SliderMan
Expert Cheater
Reputation: 0
Joined: 17 May 2006
Posts: 138
|
| Posted: Wed May 02, 2007 9:49 am Post subject: |
|
|
of my game/dll?
| Code: | | (MYPROC)(hProcess, (LPVOID) 0x01002FF5, &ToBeWritten, Newdatasize, 0xFFFFFFFF); |
this dosent work eather
_________________
[qoute]
Edit: Server Maintenance will be extended for infinite hours and will end at the end of time. Thank you and go fuck yourself.
[/qoute] |
|
| Back to top |
|
|
PeruvianKnowledge
Newbie cheater
![]() Reputation: 0
Joined: 24 Mar 2007
Posts: 11
|
| Posted: Mon May 07, 2007 2:15 pm Post subject: |
|
|
you must use asm, i had used it and now i have an appl working, but i have a problem yet... this is when i loads the dbk32.dll since my appl and then run maple, i can't open/write/read the process (i obtain the correct PID), but when i run an undecteted CE then run my appl -> i CAN open read and write the process...
why??? i don't know, can explain us DB?
|
|
| Back to top |
|
|
appalsap
Moderator
Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Mon May 07, 2007 2:42 pm Post subject: |
|
|
The driver probably wasn't loaded, look at how CE does it.
| PeruvianKnowledge wrote: | | you must use asm, i had used it and now i have an appl working |
You do NOT need to use asm, you could use a typedef as I outlined in my last post. (NOT in the original post because he didn't do it correctly (as you could see by the excessive typecasts))
|
|
| Back to top |
|
|
PeruvianKnowledge
Newbie cheater
![]() Reputation: 0
Joined: 24 Mar 2007
Posts: 11
|
| Posted: Mon May 07, 2007 2:55 pm Post subject: |
|
|
i'm sure, i had loaded the driver, 'cause i use the dll, and in the code of the dll, when it loads automatically LOAD THE DRIVER, i had not recived any MSG of ERROR... and i ever check it in the DRIVER LIST..., i think the nProtect blocking somethings, 'cause i don't use the mainunit
i had seen in the code of the mainunit this -> "fixmemacces" it makes jumper for KiAttachProcess, i had not included that part of the code in my console code... can be that the problem?
|
|
| Back to top |
|
|
appalsap
Moderator
Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Mon May 07, 2007 3:46 pm Post subject: |
|
|
| I think it is.
|
|
| Back to top |
|
|
PeruvianKnowledge
Newbie cheater
![]() Reputation: 0
Joined: 24 Mar 2007
Posts: 11
|
| Posted: Wed May 09, 2007 11:24 am Post subject: |
|
|
| appalsap wrote: | | I think it is. |
mmm great asnwer lol...
i dunno why  dark byte can you help me? if u can please read my another post... i dont understand, im doing this: APPL in C++ LoadLibrary(wii128.dll) (driver.dat is included in the folder)-> Driver Loaded -> the addresses of the functions found -> CHeck if the Driver is Loaded DONE -> i make a test with minesweeper and WORKS! yeah! (i found the correct PID) -> i test it with maple (I found the correct PID) under nprotect and DON'T WORK -> i close Maple -> run UCE and re-execute my application -> go to maple -> i see the memorybrowser -> i use my appl and it works!...
i think what MainUnit makes something special for protect the IOCTLs or maybe can be this procedure FIXMEMACCESS i dunno, but i had not included code of the MainUnit into my appl...
and if this is my problem, can you explain me what code i need to put in my appl for use the driver without runs the UCE?
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
