Fighter19
Newbie cheater
![]() Reputation: 0
Joined: 09 Jan 2015
Posts: 15
|
 Posted: Tue May 19, 2015 10:18 am Post subject: Emulating Keypresses? |
 |
|
Hi there,
So I tried emulating a keypress in a Tetris game.
What this code does right now is, overwriting the "write distance" function, so that it writes the pointer for the current tetromino to a place I know.
Before hand, it should create a 256-bytes big array which pointer is than passed to the function SetKeyboardState which is executed every time a tetromino is falling(msdn(dot)microsoft(dot)com/en-us/library/windows/desktop/ms646314(v=vs.85).aspx)
It should be formed so that the entry for V_KEY_X (which equals 0x45) is pressed. Here's what I tried (and what doesn't work for some reason).
Any suggestions or help is appreciated.
Look further down for my real problem.
| Code: |
[ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
alloc(lpKeyState,256) //initialize 256-bytes big array
label(VK_KEY_X)
label(returnhere)
label(originalcode)
label(exit)
label(pointer)
label(whatever) //make a label that you can use for your aobscan
registersymbol(whatever) //also register it as a symbol
registersymbol(pointer)
registersymbol(VK_KEY_X) //make it available for change
aobscan(aob1,8b 50 28 66 0f 57 c0) //use aobscan to get the function
lpKeyState:
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00 00 00 00
db 00
VK_KEY_X: //0x44 bytes filled
db 03 //0x45 th byte
newmem: //this is allocated memory, you have read,write,execute access
mov [pointer],eax
pushad //I have no idea what registers get modified by GetAsyncKeystate (my guess eax,ebx,ecx but I hate guesing)
pushfd //always a good idea to save the flags
push lpKeyState //Push the pointer
call SetKeyboardState
popfd
popad
originalcode:
xorpd xmm0,xmm0
exit:
jmp returnhere
pointer:
db 0000000 //initialize pointer
aob1: //replace the static address with your aobscan, which is called aob1 in my case
whatever: //store aob1 on the whatever label
jmp newmem
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
//I know deallocs are missing
whatever: //replace the static address with the whatever label
db 8b 50 28 66 0f 57 c0 //restore the original byte pattern
unregistersymbol(whatever) //we don't need this symbol anymore so unregister it
//Yes, I know I should unregister the symbols |
As you can see it's based upon code snippets as I'm new to ASM and still need a little help.
EDIT: Also tried using GetKeyboardState, it doesn't return any errors (neither does GetLastError). But it doesn't set anything inside the array?
Could this be because it is a flash game?
EDTI2: Correction, it returns something, although it doesn't make sense, could it be that the array which it copies the values from, is already processed, so writing or reading from it will result in not working?
I'll try using SendInput now, because I can't get LUA inside ASM to run.
MEGA EDIT!!!!:
Okay, so I'm trying to use SendInput now, I compiled a sample c file which works to test that before (so that it's not some strange Windows 10 behaviour).
The example worked.
So I just try to write an X every time a block is falling.
Then I see nothing is happening although SendInput returns 1 (for 1 sended command) and GetLastError returns (0). Which should be fine.
| Code: | [ENABLE]
//code from here to '[DISABLE]' will be used to enable the cheat
alloc(newmem,2048) //2kb should be enough
alloc(input,256) //initialize 256-bytes big array
//label(VK_KEY_X)
label(returnhere)
label(originalcode)
label(exit)
label(pointer)
label(whatever) //make a label that you can use for your aobscan
registersymbol(whatever) //also register it as a symbol
registersymbol(pointer)
registersymbol(input) //make it available for change
aobscan(aob1,8b 50 28 66 0f 57 c0) //use aobscan to get the function
input:
db 00 00 00 01 //type = Input_Keyboard
db 00 58 //wvK (VK_KEY_X)
db 00 00 //wScan
db 00 00 00 00 //dwFlags
db 00 00 00 00 //time
db 00 00 00 00 //dwExtraInfo
db 00 00 00 00 //filler
db 00 00 00 00 //filler
//6*4=24 + 4 = 28
newmem: //this is allocated memory, you have read,write,execute access
mov [pointer],eax
pushad //I have no idea what registers get modified by GetAsyncKeystate (my guess eax,ebx,ecx but I hate guesing)
pushfd //always a good idea to save the flags
push 1C //28 bytes big
push input //Push the pointer
push 01 //Send exactly one command
call SendInput
call GetLastError //So I can set a breakpoint and lookup eax
popfd
popad //Restore the registers
originalcode:
xorpd xmm0,xmm0
exit:
jmp returnhere
pointer:
db 0000000 //initialize pointer
aob1: //replace the static address with your aobscan, which is called aob1 in my case
whatever: //store aob1 on the whatever label
jmp newmem
nop
nop
returnhere:
[DISABLE]
//code from here till the end of the code will be used to disable the cheat
dealloc(newmem)
dealloc(input)
whatever: //replace the static address with the whatever label
db 8b 50 28 66 0f 57 c0 //restore the original byte pattern
unregistersymbol(whatever) //we don't need this symbol anymore so unregister it
unregistersymbol(pointer)
unregistersymbol(input)
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
