I need your assistance.
Let me show you my code.
Code:
#include "stdafx.h" #include <cstdint> #include <string> #include <windows.h> #define X3_NOT_INITIALIZED -536805375 typedef int32_t(__stdcall *t_x3_Dispatch)(OUT void *Function, IN uint32_t Type); static t_x3_Dispatch o_x3_Dispatch = nullptr; void __stdcall DllMain() { DWORD bytes; BYTE examplebytes[5] = {0xE9,0xC9,0x71,0x1B,0x06}; int target = 0x00958E32 ; WriteProcessMemory(NULL, (void*)target, examplebytes, 5, &bytes) ; } __declspec(dllexport) int32_t __stdcall x3_1(void *FunctionAddress, uint32_t Type) { if (o_x3_Dispatch == nullptr) { std::string ModulePath; ModulePath.resize(MAX_PATH); if (!GetModuleFileNameA(NULL, const_cast<LPSTR>(ModulePath.data()), MAX_PATH)) { MessageBoxA(0, "GetModuleFileNameA failed!", "Error", 0); return X3_NOT_INITIALIZED; } std::string Dekaron_Folder = ModulePath.substr(0, ModulePath.find_last_of("\\")); Dekaron_Folder += "\\xigncode\\x3.dummy"; HMODULE hX3 = LoadLibraryA(Dekaron_Folder.c_str()); if (hX3 == nullptr) { MessageBoxA(0, "LoadLibraryA failed!", "Error", 0); return X3_NOT_INITIALIZED; } o_x3_Dispatch = reinterpret_cast<t_x3_Dispatch>(GetProcAddress(hX3, reinterpret_cast<LPCSTR>(1))); if (o_x3_Dispatch == nullptr) { MessageBoxA(0, "GetProcAddress failed!", "Error", 0); return X3_NOT_INITIALIZED; } DllMain(); } return o_x3_Dispatch(FunctionAddress, Type); }
"The technique is really cheap, simple, and it's awkward that it even works. It works by forwarding the exported x3.xem dispatcher. The xc3 dispatcher is basically a GetProcAddress interpretation for their (xc3) own purposes.
To get my code working you just need to rename the dll "x3.xem" in the xigncode folder to "x3.dummy". Then simply rename your .dll to "x3.xem"."
So basically I can inject code into the game before the anti cheat is loaded. So.. when I start the game and check if the hack has been enabled.. it isn't.
I suspended the process and looked up the address. The bytes are unchanged. What am I doing wrong?
I am changing the address based on an auto assembly script.
Code:
[ENABLE] aobscan(_aSpeed,D9 40 08 5F 5E C3) label(_aSpeedLabel) registersymbol(_aSpeedLabel) alloc(newmem,16) label(ReturnSpeed) label(SpeedValue) registersymbol(SpeedValue) _aSpeed: _aSpeedLabel: jmp newmem ReturnSpeed: newmem: fld dword ptr [SpeedValue] pop edi pop esi jmp ReturnSpeed push esi push edi call dword ptr [SpeedValue] SpeedValue: db 00 00 D0 40 [DISABLE] dealloc(newmem) unregistersymbol(SpeedValue) _aSpeedLabel: fld dword ptr [eax+08] pop edi pop esi unregistersymbol(_aSpeedLabel)
So I basically just tried to activate the hack by going to the address the aobscan finds and changing the bytes that are there so I can enable my hack.
My c++ code doesn't enable the hack. What am I doing wrong?