Programming help

[Neyil]

Hello!

I need your assistance.

Let me show you my code.

Code:

#include "stdafx.h"
#include <cstdint>
#include <string>
#include <windows.h>

#define X3_NOT_INITIALIZED -536805375

typedef int32_t(__stdcall *t_x3_Dispatch)(OUT void *Function, IN uint32_t Type);
static t_x3_Dispatch o_x3_Dispatch = nullptr;

void __stdcall DllMain() 
 {
	DWORD bytes;
	BYTE examplebytes[5] = {0xE9,0xC9,0x71,0x1B,0x06};
	int target = 0x00958E32
		;
	WriteProcessMemory(NULL, (void*)target, examplebytes, 5, &bytes)
        ;
}





__declspec(dllexport) int32_t __stdcall x3_1(void *FunctionAddress, uint32_t Type)
{
	if (o_x3_Dispatch == nullptr)
	{
		std::string ModulePath;
		ModulePath.resize(MAX_PATH);

		if (!GetModuleFileNameA(NULL, const_cast<LPSTR>(ModulePath.data()), MAX_PATH))
		{
			MessageBoxA(0, "GetModuleFileNameA failed!", "Error", 0);
			return X3_NOT_INITIALIZED;
		}

		std::string Dekaron_Folder = ModulePath.substr(0, ModulePath.find_last_of("\\"));
		Dekaron_Folder += "\\xigncode\\x3.dummy";

		HMODULE hX3 = LoadLibraryA(Dekaron_Folder.c_str());
		if (hX3 == nullptr)
		{
			MessageBoxA(0, "LoadLibraryA failed!", "Error", 0);
			return X3_NOT_INITIALIZED;
		}

		o_x3_Dispatch = reinterpret_cast<t_x3_Dispatch>(GetProcAddress(hX3, reinterpret_cast<LPCSTR>(1)));
		if (o_x3_Dispatch == nullptr)
		{
			MessageBoxA(0, "GetProcAddress failed!", "Error", 0);
			return X3_NOT_INITIALIZED;
		}

		DllMain();
	}

	return o_x3_Dispatch(FunctionAddress, Type);
}

The bypass is not mine.

"The technique is really cheap, simple, and it's awkward that it even works. It works by forwarding the exported x3.xem dispatcher. The xc3 dispatcher is basically a GetProcAddress interpretation for their (xc3) own purposes.

To get my code working you just need to rename the dll "x3.xem" in the xigncode folder to "x3.dummy". Then simply rename your .dll to "x3.xem"."

So basically I can inject code into the game before the anti cheat is loaded. So.. when I start the game and check if the hack has been enabled.. it isn't.

I suspended the process and looked up the address. The bytes are unchanged. What am I doing wrong?

I am changing the address based on an auto assembly script.

Code:

[ENABLE]
aobscan(_aSpeed,D9 40 08 5F 5E C3)
label(_aSpeedLabel)
registersymbol(_aSpeedLabel)
alloc(newmem,16)
label(ReturnSpeed)
label(SpeedValue)
registersymbol(SpeedValue)

_aSpeed:
_aSpeedLabel:
jmp newmem
ReturnSpeed:

newmem:
fld dword ptr [SpeedValue]
pop edi
pop esi
jmp ReturnSpeed
push esi
push edi
call dword ptr [SpeedValue]
SpeedValue:
db 00 00 D0 40

[DISABLE]
dealloc(newmem)
unregistersymbol(SpeedValue)
_aSpeedLabel:
fld dword ptr [eax+08]
pop edi
pop esi
unregistersymbol(_aSpeedLabel)

Not mine. Anyway, I suspended the game and activated the enable part of the script. I looked at the address and the bits are changed to -> E9,C9,71,1B,06
So I basically just tried to activate the hack by going to the address the aobscan finds and changing the bytes that are there so I can enable my hack.

My c++ code doesn't enable the hack. What am I doing wrong?

[louisxsyla]

speed value -> (float)

[Neyil]

Now I have new code.

Code:

void __stdcall DllMain() //what I want injected into the game
{
	DWORD bytes;
	BYTE examplebytes[5] = { 0xE9,0xC9,0x71,0x1B,0x06 };
	int target = 0x00958E32;
    WriteProcessMemory(0, (int*)target, examplebytes, 5, &bytes);

	                                                               
	MessageBox(NULL, (LPCWSTR) "yes", (LPCWSTR) "good job", MB_OK);
		
}

This code brings up a message box that says this.



but it does not execute my code

that is, this:

Code:

	DWORD bytes;
	BYTE examplebytes[5] = { 0xE9,0xC9,0x71,0x1B,0x06 };
	int target = 0x00958E32;
    WriteProcessMemory(0, (int*)target, examplebytes, 5, &bytes)

So this part of my injection does nothing



but it shows a message box...my code is being executed but the memory part is not.

What do I do?

[louisxsyla]

before you write memory
{0xe9, 0x00, 0x00, 0x00, 0x00} -> jmp 00000000

did you alloc the memory?

[Neyil]

So, I realized that I have been using the wrong code all along.

Code:

WriteProcessMemory(0, (int*)target, examplebytes, 5, &bytes)

The first parameter which is NULL/0 is to do this ->

Quote:

A handle to the process memory to be modified. The handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process

So my code is just sitting there in the .exe

Oh my *** I feel like a moron. This is why you do not get lazy and just try to get your code to compile real fast.