 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
CrazyH4x0r
Expert Cheater
![]() Reputation: 0
Joined: 03 Mar 2008
Posts: 224
Location: England
|
 Posted: Sun Aug 17, 2008 4:35 pm Post subject: [VB 2008][HELP]WriteProcessMemory or something |
 |
|
im using vb 2008 and im trying to first do something like "openprocess"
and then writeprocess memory.
for example i would like to know how to write.
| Code: | [enable]
0049183D:
jmp 004918bd
00498ED7:
jmp 00498f57
|
into maplestory.exe (infinite flash jump).
full script here. | Code: |
[enable]
0049183D:
jmp 004918bd
00498ED7:
jmp 00498f57
[disable]
0049183D:
jle 004918bd
00498ED7:
jle 00498f57 |
could someone help or teach me how to do this. thank you very much.
|
|
| Back to top |
|
 |
Heartless
I post too much
 Reputation: 0
Joined: 03 Dec 2006
Posts: 2436
|
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sun Aug 17, 2008 5:57 pm Post subject: |
|
|
| Convert the script into bytes then use writeprocessmemory to write bytes from the base of the address. (where teh script starts) use bytearrays. or inject the bytes one after another.
|
|
| Back to top |
|
|
CrazyH4x0r
Expert Cheater
![]() Reputation: 0
Joined: 03 Mar 2008
Posts: 224
Location: England
|
| Posted: Sun Aug 17, 2008 6:21 pm Post subject: |
|
|
| HornyAZNBoy wrote: | Visual Basic 6 dosen't have an inline ASM, so no you wouldn't do it like that. WriteProcessMemeory() is much more confusing, but before you use WriteProcessMemory() you need to attach to it with OpenProcess(). Don't ask me, I am a beginner at Visual Basic and WriteProcessMemory().  |
Thank you for the help, btw im not using vb 6, im using 2008 express edition.
| dnsi0 wrote: | | Convert the script into bytes then use writeprocessmemory to write bytes from the base of the address. (where teh script starts) use bytearrays. or inject the bytes one after another. |
Thank you very much, i'll try that.
|
|
| Back to top |
|
|
pkedpker
Master Cheater
![]() Reputation: 1
Joined: 11 Oct 2006
Posts: 412
|
| Posted: Sun Aug 17, 2008 8:57 pm Post subject: |
|
|
You could do hooking in vb6 easily but to do inline assembly in VB6 is harder and its a 50\50 chance if the memory is not dynamic each load so with CopyMemory function.. find a location thats empty though lol. write assembly in notepad convert everything to bytes store it byte array and pass it threw copymemory also with
VarPtr, StrPtr, and ObjPtr you could get pointers to those stuff like variables,strings and objects. Only problem is VB6 doesn't support numbers bigger then 2,147 bill to -2,147 mayb both added up to 4 billion something is supported but big numbers like longs in C++ don't exist in vb6 you have to do fancy things like copy them in memory then combine them in string with loops it will be slower
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Sun Aug 17, 2008 10:54 pm Post subject: |
|
|
| Code: | Imports System.Runtime.InteropServices
Public Class Form1
<DllImport("kernel32.dll")> _
Public Shared Function WriteProcessMemory( _
ByVal hProcess As IntPtr, _
ByVal lpBaseAddress As IntPtr, _
ByVal lpBuffer As Byte(), _
ByVal nSize As UInt32, _
ByRef lpNumberOfBytesWritten As UInt32 _
) As Boolean
End Function
Dim p As Process() = Process.GetProcessesByName("terriblegameforeightyearolds")
Dim en1 As Byte() = {&HE9, &H9C, &H23, &HEC, &HFF} 'jmp 004918bd
Dim en2 As Byte() = {&HE9, &H31, &H9A, &HEC, &HFF} 'jmp 00498f57
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles button1.Click
WriteProcessMemory(p(0).Handle, &H49183D, en1, 5, 0)
WriteProcessMemory(p(0).Handle, &H498ED7, en2, 5, 0)
End Sub
End Class |
|
|
| Back to top |
|
|
sunbinyuan
Newbie cheater
![]() Reputation: 0
Joined: 17 Oct 2008
Posts: 22
|
| Posted: Tue Jul 05, 2011 11:34 am Post subject: |
|
|
And if the code was this??
| Code: | [ENABLE]
alloc(lol,128)
label(lol1)
009FD306:
jmp lol
db 90
lol1:
lol:
pushad
mov eax,[00DC7CB8]
mov eax,[eax+978]
mov eax,[eax+8C]
mov ecx,[00DC7CB8]
mov ecx,[ecx+978]
mov ecx,[ecx+88]
mov ebx,[00DC775C]
mov [ebx+43D8],eax
mov [ebx+43DC],ecx
mov [ebx+43D0],01
popad
jmp lol1
[DISABLE]
009FD306:
db 0F 84 5C 01 00 00 |
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
|
| Back to top |
|
|
sunbinyuan
Newbie cheater
![]() Reputation: 0
Joined: 17 Oct 2008
Posts: 22
|
| Posted: Tue Jul 05, 2011 8:17 pm Post subject: |
|
|
| I heard that VB.NET was easier than C
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
|
| Back to top |
|
|
sunbinyuan
Newbie cheater
![]() Reputation: 0
Joined: 17 Oct 2008
Posts: 22
|
| Posted: Wed Jul 06, 2011 10:04 am Post subject: |
|
|
Do you know how to change the script to VB.NET anyways?
Thanks in advance
|
|
| Back to top |
|
|
Stylo
Grandmaster Cheater Supreme
![]() Reputation: 3
Joined: 16 May 2007
Posts: 1073
Location: Israel
|
| Posted: Wed Jul 06, 2011 10:21 am Post subject: |
|
|
I'm not a vb programmer, But there was a quick answer for you few post above.
Convert that script into bytes and write them using WriteProcessMemory
_________________
Stylo |
|
| Back to top |
|
|
sunbinyuan
Newbie cheater
![]() Reputation: 0
Joined: 17 Oct 2008
Posts: 22
|
| Posted: Wed Jul 06, 2011 3:57 pm Post subject: |
|
|
| What do I do for db 0F 84 5C 01 00 00 and mov [ebx+43D0],01 ?
|
|
| Back to top |
|
|
Pingo
Grandmaster Cheater
![]() Reputation: 8
Joined: 12 Jul 2007
Posts: 571
|
| Posted: Wed Jul 06, 2011 8:15 pm Post subject: |
 |
|
Edit:
So i just downloaded VB to make you guys an example app. Dont mind the noobness, this was the first time i used VB.
Sample for CrazyH4x0r
This one was straight forward. Your script
| Code: | [enable]
0049183D:
jmp 004918bd
00498ED7:
jmp 00498f57
[disable]
0049183D:
jle 004918bd
00498ED7:
jle 00498f57 |
Converted
| Code: | If Not Patch Then
Mem.Patch(&H49183D, "e99c160200")
Mem.Patch(&H498ED7, "e9368d0200")
Else
Mem.Patch(&H49183D, "0f8e9b160200")
Mem.Patch(&H498ED7, "0f8e358d0200")
End If
Patch = Not Patch |
Sample for sunbinyuan
This one involved alot more since it creates a cave and converts jumps and all that other good stuff.
Your Script
| Code: | [ENABLE]
alloc(lol,128)
label(lol1)
009FD306:
jmp lol
db 90
lol1:
lol:
pushad
mov eax,[00DC7CB8]
mov eax,[eax+978]
mov eax,[eax+8C]
mov ecx,[00DC7CB8]
mov ecx,[ecx+978]
mov ecx,[ecx+88]
mov ebx,[00DC775C]
mov [ebx+43D8],eax
mov [ebx+43DC],ecx
mov [ebx+43D0],01
popad
jmp lol1
[DISABLE]
009FD306:
db 0F 84 5C 01 00 00 |
Converted
| Code: | Dim Inj As String = "60a1b87cdc008b80780900008b808c0000008b0db87cdc008b89780900" +
"008b89880000008b1d5c77dc008983d8430000898bdc430000c783d04300000100000061"
If Not Inject Then
Mem.Inject_Jmp(&H9FD306, 6, Inj)
Else
Mem.Deallocate(&H9FD306, "0F845C010000")
End If
Inject = Not Inject |
The 6 in Mem.Inject_Jmp(&H9FD306,6, Inj)
is the distance to next instruction. Your disable was only 6 bytes so i used 6.
The deallocate part will deallocate the cave plus write the original instructions back.
The jump to and from the cave is calculated for you.
The Inj is only this converted to bytes.
| Code: | pushad
mov eax,[00DC7CB8]
mov eax,[eax+978]
mov eax,[eax+8C]
mov ecx,[00DC7CB8]
mov ecx,[ecx+978]
mov ecx,[ecx+88]
mov ebx,[00DC775C]
mov [ebx+43D8],eax
mov [ebx+43DC],ecx
mov [ebx+43D0],01
popad |
VB Injection Example.zip
_________________
Last edited by Pingo on Fri Jul 08, 2011 2:12 am; edited 1 time in total |
|
| Back to top |
|
|
OmegaCES
Cheater
![]() Reputation: 1
Joined: 02 Jul 2011
Posts: 44
|
| Posted: Thu Jul 07, 2011 9:36 pm Post subject: |
|
|
@Pingo
Just had a look at your sourcecode.
Did you write all that without knowing any VB???
That was very well written, for a new VB person.
Anyways, I noticed you used virtualfreex before removing the jump to ur code in your allocation.
If for any reason the game uses the code in the allocated memory in the split second after it free's the memory.
This would surely cause a crash? Its been a while since I've gamehacked, and that was on windows XP, not sure how vista, 7 etc, handle memory, but I know i got a crash in XP back in the day because of the same way I wrote my code. (IE: you write to a piece of code which is updated all the time, onscreen display or something.)
I only glanced quickly at your code, so I might have just misread, but thought I'd post.
When I get a bit more time in RL, i'll take another look at your code, as its given me a few idea's on cleaning up some of my old trainer engines in all languages. .net has changed so many things.
So thanks for the ideas etc Pingo.
Good luck all.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
