 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
juan81
Newbie cheater
![]() Reputation: 0
Joined: 05 Jul 2008
Posts: 10
|
 Posted: Wed Mar 10, 2010 8:09 pm Post subject: Dll Injection and CE Problem... |
 |
|
Dear byte,
Today Once game update.. and game protected OpenProces and Write and read memory...
i have use CE 5.4 and 5.5 when openproces, and answer unable attach process, when i use CE 5.6 openprocess work, when i scan it say non readable memory found..
i try make progam delphi use dbk32.dll and use OP function and its work return value pointer from that program...
i use code like..
| Code: |
hProzess := OP(PROCESS_VM_OPERATION, True, procID);
if hProzess > 0 then
begin
pDLL :=VAE(hProzess, nil, length(dllName), MEM_COMMIT,PAGE_EXECUTE_READWRITE);
VirtualProtectEx(hProzess,pointer($445C3A20),100000,PAGE_EXECUTE_READWRITE,a);
WriteProcessMemory(hProzess, pDLL, PChar(dllname), length(dllname), bw);
//CreateRemoteThread(hProzess, nil, 0, GetProcAddress(GetModuleHandle('kernel32.dll'),'LoadLibraryA'), pDLL, 0, hRemoteThread);
CreateRemoteAPC(hProzess, nil, 0, GetProcAddress(GetModuleHandle('kernel32.dll'),'LoadLibraryA'), pDLL, 0, hRemoteThread);
WaitForSingleObject(hRemoteThread, INFINITE);
MessageDlg('Target process has been injected.',mtInformation,[mbOK],0);
end;
CloseHandle(hProzess);
|
my question.. how to know my injection work or not.. from that program..? before patch it's still work use open process...
in my dll..
i make a simple code to look what proc injected and like WriteFile Function
| Code: |
var
Target : Pointer;
Target:=GetProcAddress(GetModuleHandle('kernel32.dll'), 'WriteFile')
VirtualProtect(target, 8, PAGE_EXECUTE_READWRITE, a);
Showmessage(inttostr(pbyte(Dword(target))^));
|
and i use that program before patch it show hooked program and i unhook it.
but show in box looks nothing happen.. but i see in Gmer program.. That program hooked Writefile Function.. and hidden..
i have try a lot program.. Ollydbg with plugin, Ollydbg 2, CE, MHS, MLE.
only yours can open it.. and CE 5.6 only, but non readable memory region... sorry my english is bad...
1 use Windows 7 32 bit |
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Wed Mar 10, 2010 8:46 pm Post subject: |
|
|
| Quote: | | when i scan it say non readable memory found.. |
have you tried setting (or unsettings) kernelmode query memory regions ?
Or use the virtual pagedir plugin in the plugin section
| Quote: |
my question.. how to know my injection work or not.
|
Try doing something you can check in your dll, like writing a file, or outputdebugstring
I see you call CreateRemoteAPC, that's a very untested routine, and you must make sure that the target application isn't asleep (waiting for user inputer)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
juan81
Newbie cheater
![]() Reputation: 0
Joined: 05 Jul 2008
Posts: 10
|
| Posted: Wed Mar 10, 2010 9:00 pm Post subject: |
|
|
thx for reply i think CreateRemoteAPC like CreateRemoteThread i try it
when i use CreateRemoteThread it still not change....
i make this program for Unhook function..
i didn't find virtual pagedir plugin in folder plugin..
where can i download it?
| Quote: | have you tried setting (or unsettings) kernelmode query memory regions ?
Or use the virtual pagedir plugin in the plugin section
|
i have tried setting Quey memory region
when i unchecked it.. it still blank... and i memory view ?? all area >,<
Last edited by juan81 on Wed Mar 10, 2010 9:03 pm; edited 1 time in total |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
|
| Back to top |
|
|
juan81
Newbie cheater
![]() Reputation: 0
Joined: 05 Jul 2008
Posts: 10
|
| Posted: Wed Mar 10, 2010 9:15 pm Post subject: |
|
|
I tried virtualpage.dll plug in..>,<
When program is running.. My windows BOSD >,<
PAGE FAULT IN PAGE NON AREA. >,< and i try it in windows XP.. still same >,< BOSD like that
when i use IceSword to check it in windows xp BOSD to..
| Quote: |
Due to a problem with readphysicalmemory not mapping above 0x80000000
|
i think.. that program use that memory region
i'm use Windows 7 32..
i want to inject not the game.. but Launcher.. >,< that launcher load a library file to hide it and to hook Kernell32.. and i check that library file it make from delphi 7.0 >,<
There Are any solution? |
|
| Back to top |
|
|
iPromise
Grandmaster Cheater
![]() Reputation: -1
Joined: 27 Jun 2009
Posts: 529
Location: Canada
|
| Posted: Thu Mar 11, 2010 4:09 pm Post subject: |
|
|
| Code: |
hProzess = OpenProcess(PROCESS_VM_OPERATION | PROCESS_VM_WRITE | PROCESS_CREATE_THREAD, false, PID);
|
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Thu Mar 11, 2010 4:31 pm Post subject: |
|
|
If he's using ce's dbk32.dll's OpenProcess (OP) the first parameter is ignored, it's always full access no matter what the security settings of your windows are
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
juan81
Newbie cheater
![]() Reputation: 0
Joined: 05 Jul 2008
Posts: 10
|
| Posted: Thu Mar 11, 2010 9:37 pm Post subject: |
|
|
i'm already check that program... only kernel mode can edit it.. >,< like but sometimes can BOSD >,<
my delphi skill is not enough to make kernel program >,<.. and i use that program to inject dll is not working too..
your plugin always BOSD >,<... i want to update your source.. but i don't know where that program allocate 0x8000000 page file >,<...
Could you explain more where i can allocate page memory.. another address...
i'm use your plugin in hackshield / Nprotect is fine (not BOSD)>,<..
Last edited by juan81 on Thu Mar 11, 2010 10:16 pm; edited 1 time in total |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Thu Mar 11, 2010 9:47 pm Post subject: |
|
|
when does it bsod, when you enable the plugin, when you open a process, or when you scan ?
only place where it accesses actual memory is in the initialization where it tries to get the EProcess structure and the pagedir location in it
after that it maps physical memory to a low range memory address for reading and writing staying out of the 0x80000000+ range
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
juan81
Newbie cheater
![]() Reputation: 0
Joined: 05 Jul 2008
Posts: 10
|
| Posted: Thu Mar 11, 2010 10:18 pm Post subject: |
|
|
| Dark Byte wrote: | when does it bsod, when you enable the plugin, when you open a process, or when you scan ?
only place where it accesses actual memory is in the initialization where it tries to get the EProcess structure and the pagedir location in it
after that it maps physical memory to a low range memory address for reading and writing staying out of the 0x80000000+ range |
when enabled it / when i press ok...
i'm use your plugin in game with hackshield / nprotect.. is fine.. and ok.. but i'm use to game which i want to debug.. always bosd..
i think.. that GM use your program / code.. and crash it.. >,< |
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 470
Joined: 09 May 2003
Posts: 25788
Location: The netherlands
|
| Posted: Fri Mar 12, 2010 8:10 am Post subject: |
|
|
or there's just a problem with getting control register 3 and see if you can input it manually after finding out (e.g one other way of finding out the cr3 is place a hook somewhere that you know will be called, but isn't checked for modification, and check the pid, if it matches, just get the CR3 control register
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
juan81
Newbie cheater
![]() Reputation: 0
Joined: 05 Jul 2008
Posts: 10
|
| Posted: Fri Mar 12, 2010 8:00 pm Post subject: |
|
|
but that program... detect your kernel driver... i must learn more about kernel... i still confuse.. that launcher didn't load a driver to hide.. >,,< only 1 library.. >,<
ok tq dark.. i will try it.. |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
