Register for your free account! | Forgot your password?

Go Back   elitepvpers > MMORPGs > Dekaron
You last visited: Today at 20:07

  • Please register to post and access all features, it's quick, easy and FREE!


Programming help

Reply
 
Old   #1
 
elite*gold: 0
Join Date: May 2014
Posts: 336
Received Thanks: 174
Programming help

Hello!

I need your assistance.

Let me show you my code.

Code:
#include "stdafx.h"
#include <cstdint>
#include <string>
#include <windows.h>

#define X3_NOT_INITIALIZED -536805375

typedef int32_t(__stdcall *t_x3_Dispatch)(OUT void *Function, IN uint32_t Type);
static t_x3_Dispatch o_x3_Dispatch = nullptr;

void __stdcall DllMain() 
 {
	DWORD bytes;
	BYTE examplebytes[5] = {0xE9,0xC9,0x71,0x1B,0x06};
	int target = 0x00958E32
		;
	WriteProcessMemory(NULL, (void*)target, examplebytes, 5, &bytes)
        ;
}





__declspec(dllexport) int32_t __stdcall x3_1(void *FunctionAddress, uint32_t Type)
{
	if (o_x3_Dispatch == nullptr)
	{
		std::string ModulePath;
		ModulePath.resize(MAX_PATH);

		if (!GetModuleFileNameA(NULL, const_cast<LPSTR>(ModulePath.data()), MAX_PATH))
		{
			MessageBoxA(0, "GetModuleFileNameA failed!", "Error", 0);
			return X3_NOT_INITIALIZED;
		}

		std::string Dekaron_Folder = ModulePath.substr(0, ModulePath.find_last_of("\\"));
		Dekaron_Folder += "\\xigncode\\x3.dummy";

		HMODULE hX3 = LoadLibraryA(Dekaron_Folder.c_str());
		if (hX3 == nullptr)
		{
			MessageBoxA(0, "LoadLibraryA failed!", "Error", 0);
			return X3_NOT_INITIALIZED;
		}

		o_x3_Dispatch = reinterpret_cast<t_x3_Dispatch>(GetProcAddress(hX3, reinterpret_cast<LPCSTR>(1)));
		if (o_x3_Dispatch == nullptr)
		{
			MessageBoxA(0, "GetProcAddress failed!", "Error", 0);
			return X3_NOT_INITIALIZED;
		}

		DllMain();
	}

	return o_x3_Dispatch(FunctionAddress, Type);
}
The bypass is not mine.

"The technique is really cheap, simple, and it's awkward that it even works. It works by forwarding the exported x3.xem dispatcher. The xc3 dispatcher is basically a GetProcAddress interpretation for their (xc3) own purposes.

To get my code working you just need to rename the dll "x3.xem" in the xigncode folder to "x3.dummy". Then simply rename your .dll to "x3.xem"."

So basically I can inject code into the game before the anti cheat is loaded. So.. when I start the game and check if the hack has been enabled.. it isn't.

I suspended the process and looked up the address. The bytes are unchanged. What am I doing wrong?

I am changing the address based on an auto assembly script.

Code:
[ENABLE]
aobscan(_aSpeed,D9 40 08 5F 5E C3)
label(_aSpeedLabel)
registersymbol(_aSpeedLabel)
alloc(newmem,16)
label(ReturnSpeed)
label(SpeedValue)
registersymbol(SpeedValue)

_aSpeed:
_aSpeedLabel:
jmp newmem
ReturnSpeed:

newmem:
fld dword ptr [SpeedValue]
pop edi
pop esi
jmp ReturnSpeed
push esi
push edi
call dword ptr [SpeedValue]
SpeedValue:
db 00 00 D0 40

[DISABLE]
dealloc(newmem)
unregistersymbol(SpeedValue)
_aSpeedLabel:
fld dword ptr [eax+08]
pop edi
pop esi
unregistersymbol(_aSpeedLabel)
Not mine. Anyway, I suspended the game and activated the enable part of the script. I looked at the address and the bits are changed to -> E9,C9,71,1B,06
So I basically just tried to activate the hack by going to the address the aobscan finds and changing the bytes that are there so I can enable my hack.

My c++ code doesn't enable the hack. What am I doing wrong?



Neyil is offline  
Old 03/02/2018, 15:05   #2
 
elite*gold: 0
Join Date: May 2014
Posts: 170
Received Thanks: 61
speed value -> (float)


louisxsyla is offline  
Old 03/06/2018, 02:28   #3
 
elite*gold: 0
Join Date: May 2014
Posts: 336
Received Thanks: 174
Now I have new code.

Code:
void __stdcall DllMain() //what I want injected into the game
{
	DWORD bytes;
	BYTE examplebytes[5] = { 0xE9,0xC9,0x71,0x1B,0x06 };
	int target = 0x00958E32;
    WriteProcessMemory(0, (int*)target, examplebytes, 5, &bytes);

	                                                               
	MessageBox(NULL, (LPCWSTR) "yes", (LPCWSTR) "good job", MB_OK);
		
}
This code brings up a message box that says this.



but it does not execute my code

that is, this:

Code:
	DWORD bytes;
	BYTE examplebytes[5] = { 0xE9,0xC9,0x71,0x1B,0x06 };
	int target = 0x00958E32;
    WriteProcessMemory(0, (int*)target, examplebytes, 5, &bytes)
So this part of my injection does nothing



but it shows a message box...my code is being executed but the memory part is not.

What do I do?
Neyil is offline  
Old 03/07/2018, 03:47   #4
 
elite*gold: 0
Join Date: May 2014
Posts: 170
Received Thanks: 61
before you write memory
{0xe9, 0x00, 0x00, 0x00, 0x00} -> jmp 00000000

did you alloc the memory?


louisxsyla is offline  
Old 03/08/2018, 23:12   #5
 
elite*gold: 0
Join Date: May 2014
Posts: 336
Received Thanks: 174
So, I realized that I have been using the wrong code all along.

Code:
WriteProcessMemory(0, (int*)target, examplebytes, 5, &bytes)
The first parameter which is NULL/0 is to do this ->

Quote:
A handle to the process memory to be modified. The handle must have PROCESS_VM_WRITE and PROCESS_VM_OPERATION access to the process
So my code is just sitting there in the .exe

Oh my *** I feel like a moron. This is why you do not get lazy and just try to get your code to compile real fast.


Neyil is offline  
Reply



« Selling 194 chars - Baggi and summoner | a simple ask »



All times are GMT +1. The time now is 20:07.


Powered by vBulletin®
Copyright ©2000 - 2018, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Abuse
Copyright ©2018 elitepvpers All Rights Reserved.