View previous topic :: View next topic |
Author |
Message |
PlzSuckMaDuck How do I cheat? Reputation: 0
Joined: 01 Feb 2019 Posts: 5
|
Posted: Sat Feb 02, 2019 12:16 am Post subject: How to use getasynckeystate in a 64 bit platform? |
|
|
I've tried to find tutorials for using getasynckeystate but most of the aritcles are about 32bit platforms which doesn't work on a 64 bit platform. Any help will be appreciated.
Quote: |
[ENABLE]
alloc(newmem,2048,"re2.exe"+B8BC63A)
label(returnhere)
label(originalcode)
label(exit)
newmem:
originalcode:
mov [rax+20],ebx //This is the code that i want to fiddle with
mov rsi,[rsp+30]
exit:
jmp returnhere
"re2.exe"+B8BC63A:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
"re2.exe"+B8BC63A:
mov [rax+20],ebx
mov rsi,[rsp+30]
//Alt: db 89 58 20 48 8B 74 24 30
|
I want to disable this code mov [rax+20],ebx when the assigned key (right mouse key for me) is pressed & the code gets reverted when the button is released.
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Sat Feb 02, 2019 4:16 am Post subject: |
|
|
something like this
Code: |
[ENABLE]
alloc(newmem,2048,"re2.exe"+B8BC63A)
label(returnhere)
label(originalcode)
label(exit)
newmem:
push RAX
push RCX
push RDX
push R8
push R9
push R10
push R11
sub rsp,28 //7 pushes before, so uneven. Instead of sub rsp,20 use sub rsp,28
mov rcx,2
call GetAsyncKeyState
add rsp,28
pop r11
pop r10
pop r9
pop r8
pop rdx
pop rcx
test ax,8001
pop rax
jnz originalcode
mov [rax+20],ebx //This is the code that i want to fiddle with
originalcode:
mov rsi,[rsp+30]
exit:
jmp returnhere
"re2.exe"+B8BC63A:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
"re2.exe"+B8BC63A:
mov [rax+20],ebx
mov rsi,[rsp+30]
//Alt: db 89 58 20 48 8B 74 24 30
|
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
PlzSuckMaDuck How do I cheat? Reputation: 0
Joined: 01 Feb 2019 Posts: 5
|
Posted: Sun Feb 03, 2019 12:47 am Post subject: |
|
|
Dark Byte wrote: | something like this
Code: |
[ENABLE]
alloc(newmem,2048,"re2.exe"+B8BC63A)
label(returnhere)
label(originalcode)
label(exit)
newmem:
push RAX
push RCX
push RDX
push R8
push R9
push R10
push R11
sub rsp,28 //7 pushes before, so uneven. Instead of sub rsp,20 use sub rsp,28
mov rcx,2
call GetAsyncKeyState
add rsp,28
pop r11
pop r10
pop r9
pop r8
pop rdx
pop rcx
test ax,8001
pop rax
jnz originalcode
mov [rax+20],ebx //This is the code that i want to fiddle with
originalcode:
mov rsi,[rsp+30]
exit:
jmp returnhere
"re2.exe"+B8BC63A:
jmp newmem
nop
nop
nop
returnhere:
[DISABLE]
dealloc(newmem)
"re2.exe"+B8BC63A:
mov [rax+20],ebx
mov rsi,[rsp+30]
//Alt: db 89 58 20 48 8B 74 24 30
|
|
Thank you. The code is working properly now. Btw is there any place where a newb can learn about this stuff?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
|
Back to top |
|
|
PlzSuckMaDuck How do I cheat? Reputation: 0
Joined: 01 Feb 2019 Posts: 5
|
Posted: Sun Feb 03, 2019 4:57 am Post subject: |
|
|
btw how can i switch the trigger from right mouse button to left mouse button?
|
|
Back to top |
|
|
Dark Byte Site Admin Reputation: 458
Joined: 09 May 2003 Posts: 25296 Location: The netherlands
|
Posted: Sun Feb 03, 2019 5:21 am Post subject: |
|
|
yes, change the parameter passed to the function to that of the left mouse button (rcx to 1 instead if 2)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3110
|
Posted: Thu Aug 31, 2023 2:45 pm Post subject: |
|
|
Did MS just change something?
When I used
Code: | call GetAsyncKeyState
|
before, it used to work.
Now, CE still assembles something but the code it leads to causes a crash.
Sometimes it leads to a bunch of jne instructions, sometimes it leads to a bunch of int 3 instructions and neither one of these lead anywhere, they just cause a crash.
(see pic below)
Maybe it's the wrong GetAsyncKeyState - shouldn't it be user32.dll?
Any thoughts?
Can I force using GetAsyncKeyState in user32.dll somehow?
Thanks!
Description: |
|
Filesize: |
10.33 KB |
Viewed: |
1347 Time(s) |
|
|
|
Back to top |
|
|
TsTg Master Cheater Reputation: 5
Joined: 12 Dec 2012 Posts: 334 Location: Somewhere....
|
Posted: Thu Aug 31, 2023 3:46 pm Post subject: |
|
|
Csimbi wrote: | Did MS just change something?
When I used
Code: | call GetAsyncKeyState
|
before, it used to work.
Now, CE still assembles something but the code it leads to causes a crash.
Sometimes it leads to a bunch of jne instructions, sometimes it leads to a bunch of int 3 instructions and neither one of these lead anywhere, they just cause a crash.
(see pic below)
Maybe it's the wrong GetAsyncKeyState - shouldn't it be user32.dll?
Any thoughts?
Can I force using GetAsyncKeyState in user32.dll somehow?
Thanks! |
GetAsyncKeyState API has always been on User32, you can refrence it in CE like this:
Code: | call User32.GetAsyncKeyState |
|
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3110
|
Posted: Thu Aug 31, 2023 3:55 pm Post subject: |
|
|
TsTg wrote: |
GetAsyncKeyState API has always been on User32, you can refrence it in CE like this:
Code: | call User32.GetAsyncKeyState |
|
Indeed, thanks!
Using that I could also find out that it's Steam itself.
It redirects that call to gameoverlayrenderer64.dl with a jump:
Code: | USER32.GetAsyncKeyState - E9 15C6DCFD - jmp 7FFF802E054A
USER32.GetAsyncKeyState+5- 57 - push rdi
USER32.GetAsyncKeyState+6- 48 83 EC 20 - sub rsp,20
USER32.GetAsyncKeyState+A- 65 48 8B 04 25 30000000 - mov rax,gs:[00000030]
...
7FFF802E054A - E9 D16FC3E7 - jmp gameoverlayrenderer64.dll+97520
...
gameoverlayrenderer64.dll+97520 - 40 53 - push rbx
gameoverlayrenderer64.dll+97522 - 48 83 EC 20 - sub rsp,20
gameoverlayrenderer64.dll+97526 - 80 3D 9BF70C00 00 - cmp byte ptr [gameoverlayrenderer64.dll+166CC8],00
gameoverlayrenderer64.dll+9752D - 8B D9 - mov ebx,ecx
gameoverlayrenderer64.dll+9752F - 74 16 - je gameoverlayrenderer64.dll+97547
gameoverlayrenderer64.dll+97531 - 4C 8B 44 24 28 - mov r8,[rsp+28]
...
|
Remove the jump and it's all good
Code: | USER32.GetAsyncKeyState - 48 89 5C 24 08 - mov [rsp+08],rbx
|
|
|
Back to top |
|
|
TsTg Master Cheater Reputation: 5
Joined: 12 Dec 2012 Posts: 334 Location: Somewhere....
|
Posted: Thu Aug 31, 2023 4:04 pm Post subject: |
|
|
Csimbi wrote: |
Indeed, thanks!
Using that I could also find out that it's Steam itself.
It redirects that call to gameoverlayrenderer64.dl with a jump:
Code: | USER32.GetAsyncKeyState - E9 15C6DCFD - jmp 7FFF802E054A
USER32.GetAsyncKeyState+5- 57 - push rdi
USER32.GetAsyncKeyState+6- 48 83 EC 20 - sub rsp,20
USER32.GetAsyncKeyState+A- 65 48 8B 04 25 30000000 - mov rax,gs:[00000030]
...
7FFF802E054A - E9 D16FC3E7 - jmp gameoverlayrenderer64.dll+97520
...
gameoverlayrenderer64.dll+97520 - 40 53 - push rbx
gameoverlayrenderer64.dll+97522 - 48 83 EC 20 - sub rsp,20
gameoverlayrenderer64.dll+97526 - 80 3D 9BF70C00 00 - cmp byte ptr [gameoverlayrenderer64.dll+166CC8],00
gameoverlayrenderer64.dll+9752D - 8B D9 - mov ebx,ecx
gameoverlayrenderer64.dll+9752F - 74 16 - je gameoverlayrenderer64.dll+97547
gameoverlayrenderer64.dll+97531 - 4C 8B 44 24 28 - mov r8,[rsp+28]
...
|
Remove the jump and it's all good
Code: | USER32.GetAsyncKeyState - 48 89 5C 24 08 - mov [rsp+08],rbx
|
|
Np, and wow, never knew that steam actually hooks into this API .
good finding there ^^.
|
|
Back to top |
|
|
Csimbi I post too much Reputation: 94
Joined: 14 Jul 2007 Posts: 3110
|
Posted: Thu Aug 31, 2023 4:11 pm Post subject: |
|
|
TsTg wrote: |
Np, and wow, never knew that steam actually hooks into this API .
good finding there ^^. |
Must be something new in a recent client release - my scripts were working a few days back but not today.
I am on the beta client though, so a lot of people might not be seeing this just yet.
I wonder if it's legal (allows Steam to log keys) and what antivirus clients will have to say about it
|
|
Back to top |
|
|
TsTg Master Cheater Reputation: 5
Joined: 12 Dec 2012 Posts: 334 Location: Somewhere....
|
Posted: Thu Aug 31, 2023 4:53 pm Post subject: |
|
|
Csimbi wrote: | TsTg wrote: |
Np, and wow, never knew that steam actually hooks into this API .
good finding there ^^. |
Must be something new in a recent client release - my scripts were working a few days back but not today.
I am on the beta client though, so a lot of people might not be seeing this just yet.
I wonder if it's legal (allows Steam to log keys) and what antivirus clients will have to say about it |
pretty suspicious one if you ask me, surely needs a look at what's inside their code, even more suspicious if they decide to use a hook via something like SetWindowsHookEx.
as for AVs, i am sure they will just ask AV vendors to whitelist their dll
otherwise no one will be happy about it.
|
|
Back to top |
|
|
|