Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


A Ultra Noob Question

 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
FireTube2010
How do I cheat?
Reputation: 0

Joined: 04 Sep 2010
Posts: 5
PostPosted: Sat Sep 04, 2010 6:39 am    Post subject: A Ultra Noob Question Reply with quote
Gd evening gentlemen or ladies ,

Question:

Is it possible to detour the glBegin function to a code stub ?

For example from an external process I do virtualallocex then writeprocessmemory to write a stub/byte array
into the target process and redirect glBegin into that stub/byte array I just wrote ?

Ive been successful in redirecting glBegin by doing eathook in my exe, then after getting the offset,
use writeprocessmemory to change the offset value in opengl32.dll in the target process(hl.exe) .
But when it comes to the stub I get crash ...

So , Ive tried something like this but crash .

What I do wrong ?

Code:
__declspec(naked) GLBEGUN( GLenum mode)
{
__asm
{
push mode
call p_glBegin
ret
}

}


Thank you in advance . Very Happy
Back to top
View user's profile Send private message
tombana
Master Cheater
Reputation: 2

Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
PostPosted: Sat Sep 04, 2010 9:21 am    Post subject: Reply with quote
Try changing the 'ret' in the stub to 'ret 4'

If that doesn't work I wouldn't know the solution, but what is the 'eathook' you are referring to? And what offset value in opengl32 are you changing?
Back to top
View user's profile Send private message
FireTube2010
How do I cheat?
Reputation: 0

Joined: 04 Sep 2010
Posts: 5
PostPosted: Sat Sep 04, 2010 11:00 am    Post subject: Reply with quote
Just the regular EAT hook . After get the offset do writeprocessmem to change the address in the target process rather than in my process ...

The offset of glBegin is 0x00001880 stored somewhere in OGL dll .
I just use EAT hooking to get the location where
it is and do writeprcomem to change it in the target .
I just change it to the offset of my stub .

Would it be something like this ?

Code:
__declspec(naked) void __stdcall glBegun( GLenum mode )
{
   __asm{push ebp}
   __asm{mov ebp,esp}
   __asm{mov ecx, DWORD PTR SS:[EBP+8]}
   __asm{push ecx}
   __asm{mov eax, 0x12345678} // Dummy adress
   __asm{call eax}
   __asm{pop ebp}
   __asm{retn 4}
}


Crash though .

Or maybe I should just do it like a code cave and jump back .
Im real noob at this sorry .
Back to top
View user's profile Send private message
TROLOLOLOLOLOLOLOLOLOLOLO
Expert Cheater
Reputation: -1

Joined: 27 Dec 2009
Posts: 100
PostPosted: Sun Sep 05, 2010 12:46 am    Post subject: Reply with quote
That looks like robot code O_O Mind explaining to me what it does?
Back to top
View user's profile Send private message
FireTube2010
How do I cheat?
Reputation: 0

Joined: 04 Sep 2010
Posts: 5
PostPosted: Sun Sep 05, 2010 1:54 am    Post subject: Reply with quote
CometJack wrote:
That looks like robot code O_O Mind explaining to me what it does?


CRasH !

Last edited by FireTube2010 on Sun Sep 05, 2010 4:01 am; edited 1 time in total
Back to top
View user's profile Send private message
TROLOLOLOLOLOLOLOLOLOLOLO
Expert Cheater
Reputation: -1

Joined: 27 Dec 2009
Posts: 100
PostPosted: Sun Sep 05, 2010 3:28 am    Post subject: Reply with quote
Say what?
Back to top
View user's profile Send private message
justa_dude
Grandmaster Cheater
Reputation: 23

Joined: 29 Jun 2010
Posts: 891
PostPosted: Sun Sep 05, 2010 4:16 am    Post subject: Reply with quote
I think you'd find it much easier to proxy the dll. Otherwise, pick five bytes in the glbegin prologue and replace them with an unconditional jump or call to your own code. Also, what does "crash" mean? What kind of crash you're having has significant impact on what kind of troubleshooting you need to be doing. Finally, write a simple opengl test application yourself for testing purposes. This will ensure that you're not getting anti-cheat protection snags.

Cheers,
adude
Back to top
View user's profile Send private message
FireTube2010
How do I cheat?
Reputation: 0

Joined: 04 Sep 2010
Posts: 5
PostPosted: Sun Sep 05, 2010 4:43 am    Post subject: Reply with quote
Dude check out the screenshot i attached .

YEEEEEEHHHHHHAAAAA ! "Hi-ho, VAC Ranger! Away!"

My eathook and stub had the probs .

Code:
void  __stdcall glBegun( GLenum mode )
{
   __asm{push 0x0B71}
   __asm{mov eax, 0x12345678}  // Dummy address chaged before write
   __asm{call eax}
   __asm{mov ecx, DWORD PTR SS:[EBP+8]}
   __asm{push ecx}
   __asm{mov eax, 0x04291308}  // Dummy address 2 chaged before write
   __asm{call eax}
}


awp_map_fair0000.jpg
 Description:
 Filesize:  302.83 KB
 Viewed:  6970 Time(s)

awp_map_fair0000.jpg
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites