| View previous topic :: View next topic |
| Author |
Message |
hcong
Newbie cheater
 Reputation: 0
Joined: 12 Mar 2006
Posts: 21
|
 Posted: Tue Sep 26, 2006 3:11 am Post subject: Unhook api |
 |
|
Dark Byte, you know how to unhook api function?
i have tried to back up the 1st 6 bytes of the function, but when i try to write back the 6 bytes, i get access violation, because the VirtualProtect also hooked, i don't know what else can i do 
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25783
Location: The netherlands
|
| Posted: Tue Sep 26, 2006 3:24 am Post subject: |
|
|
make a copy of the original bytes (using the disasembler/assembler combination) and then when you want to call the function you call the rewritten code.
or you can write a devicedriver that simulates virtualprotect for you allowing you to make memory writable
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
hcong
Newbie cheater
Reputation: 0
Joined: 12 Mar 2006
Posts: 21
|
| Posted: Tue Sep 26, 2006 7:11 am Post subject: |
|
|
| Code: | library GameHack;
uses Windows;
type TSendInput = function(cInputs: Cardinal; var pInputs: tagINPUT; cbSize: Integer): Cardinal;
function NewSendInput(cInputs: Cardinal; var pInputs: tagINPUT; cbSize: Integer): Cardinal; stdcall;
var
Proc: Pointer;
SendInput: TSendInput;
begin
Proc := VirtualAlloc(nil, 15, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
CopyMemory(Proc, GetProcAddress(GetModuleHandle('User32'), 'SendInput'), 15);
SendInput := Proc;
Result := SendInput(cInputs, pInputs, cbSize);
end;
exports NewSendInput;
begin
end. |
i know this code is useless after the api hooked, but is just an example, when i call the NewSendInput, i get access violation, the function cannot work properly(the original api is not yet hook)
i have try run the dll in debugger, the function is copy correctly to the space i allocate, the call address also correct, so i really don't know what is the problems.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25783
Location: The netherlands
|
| Posted: Tue Sep 26, 2006 8:34 am Post subject: |
|
|
missing stdcall;
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
hcong
Newbie cheater
Reputation: 0
Joined: 12 Mar 2006
Posts: 21
|
| Posted: Tue Sep 26, 2006 9:59 am Post subject: |
|
|
thanks Dark Byte, it work well now, i seldom program in delphi, so i not really know what the stdcall use for 
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25783
Location: The netherlands
|
| Posted: Tue Sep 26, 2006 10:15 am Post subject: |
|
|
to use the standard calling method used by windows.
also, if you plan on using this method on nprotect thats not going to work. That specific api is also hooked in kernelmode
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
hcong
Newbie cheater
Reputation: 0
Joined: 12 Mar 2006
Posts: 21
|
| Posted: Tue Sep 26, 2006 11:08 am Post subject: |
|
|
you mean if i want to bypass nProtect, i need to unhook in both usermode and kernelmode?
i didn't learn how to write devicedriver yet
any suggestion on where to start? i cannot find any ebook or tutorial on internet
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25783
Location: The netherlands
|
| Posted: Tue Sep 26, 2006 11:29 am Post subject: |
|
|
i'm not sure. I know it is hooked, but some people say they can use it with that method, so theyr hook must be crappy.
anyhow, you could rewrite a unused sdt entry with the address of sendinput, and then change the eax value to that unused entry
I know you don't understand this, but when you do, this is the best solution. (and you can always try to disable their driver)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
hcong
Newbie cheater
Reputation: 0
Joined: 12 Mar 2006
Posts: 21
|
| Posted: Wed Sep 27, 2006 12:24 am Post subject: |
|
|
| Quote: | | you could rewrite a unused sdt entry with the address of sendinput, and then change the eax value to that unused entry |
sounds interested, can you explain in more details?
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
