| View previous topic :: View next topic |
| Author |
Message |
jeremy6996
Expert Cheater
![]() Reputation: 0
Joined: 20 May 2007
Posts: 100
|
 Posted: Fri Jul 06, 2007 11:18 am Post subject: I Don't Get This DLL Code |
 |
|
Okay I can usally decompile this stuff, or read it quite easly. Because I have previouse programming experiance. But I can't figure this out
if (fdwReason == DLL_PROCESS_ATTACH)
So
if (fdwReason == DLL_PROCESS_ATTACH)
What does fdwReason usally contain and would'nt "DLL_PROCESS_ATTACK" be a function?
*Edit*
Actually I have a couple other question
Whats the diffrence between
A Byte and a Dword, my duess is that Dword wrtes words, and bytes write numbers.. Right?
Though in the tutorial I dont understand this
if (GetAsyncKeyState('K')) *(DWORD*)KLIPPETYK ^= 2629104712;
That looks like it writes a number. Would it be a compiled hex code?
|
|
| Back to top |
|
 |
appalsap
Moderator
 Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Fri Jul 06, 2007 11:20 am Post subject: |
|
|
fdwReason is the reason DllMain got called. It gets called only for the following events:
DLL_PROCESS_ATTACH,
DLL_THREAD_ATTACH,
DLL_THREAD_DETACH,
DLL_PROCESS_DETACH
BYTE is one byte.
WORD is two bytes.
DWORD is four bytes.
Those numbers are not hexadecimal, if it were, you would prefix it with 0x
|
|
| Back to top |
|
|
jeremy6996
Expert Cheater
![]() Reputation: 0
Joined: 20 May 2007
Posts: 100
|
| Posted: Fri Jul 06, 2007 11:26 am Post subject: |
|
|
| appalsap wrote: | fdwReason is the reason DllMain got called. It gets called only for the following events:
DLL_PROCESS_ATTACH,
DLL_THREAD_ATTACH,
DLL_THREAD_DETACH,
DLL_PROCESS_DETACH
BYTE is one byte.
WORD is two bytes.
DWORD is four bytes.
Those numbers are not hexadecimal, if it were, you would prefix it with 0x |
Hmm what would happend If I put in
*(DWORD*)KLIPPETYK ^= 26;
and are the stars 100% requied,
=P also I hear peopel get there adresses with ollydbg, does anyone know of a bypass for it?
|
|
| Back to top |
|
|
appalsap
Moderator
Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Fri Jul 06, 2007 11:36 am Post subject: |
|
|
| jeremy6996 wrote: | Hmm what would happend If I put in
*(DWORD*)KLIPPETYK ^= 26;
|
game would probably crash.
| jeremy6996 wrote: | and are the stars 100% requied,
=P also I hear peopel get there adresses with ollydbg, does anyone know of a bypass for it? |
the stars aren't for decoration, they were explained in the thread. You also don't need a bypass for ollydbg, as there is absolutely no need to run the executable (when unpacked)
|
|
| Back to top |
|
|
jeremy6996
Expert Cheater
![]() Reputation: 0
Joined: 20 May 2007
Posts: 100
|
| Posted: Fri Jul 06, 2007 11:44 am Post subject: |
|
|
How would I find the adresses without ollydbg?
*Edit*
Oh I see what you mean. But there are millions of values there how would I find wich one I want without running it?
|
|
| Back to top |
|
|
appalsap
Moderator
Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Fri Jul 06, 2007 11:54 am Post subject: |
|
|
| Signatures- a certain array of bytes that represent that address and that address only. Also helps to search in and around the region you found it in, too. There are some tutorials in the MS section since this isn't new there.
|
|
| Back to top |
|
|
jeremy6996
Expert Cheater
![]() Reputation: 0
Joined: 20 May 2007
Posts: 100
|
| Posted: Fri Jul 06, 2007 12:05 pm Post subject: |
|
|
I have one last question
| Code: | #define HP_LOCK 0x4862c9
#define AP_LOCK 0x486399
void MAIN();
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
DWORD ThreadId;
if(fdw reason == DLL_PROCESS_ATTACH)
CreateThread(NULL, 0, CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&start_it, 0, 0, &ThreadId);
return TRUE
}
void MAIN();
{
for(;;SleepEx(200,0))
{
if(GetAsyncKeyState(VK_MENU))
{
if(GetAsyncKeyState('C') *(BYTE*)HP_LOCK ^=8;
if(GetAsyncKeyState('V') *(BYTE*)AP_LOCK ^=8;
}
}
} |
Kk thats the dll I made by looking at the source. =P only one problem, I hear the patch disables people from writing bytes this way, and the adresses are invaild. Would this hack work if the adresses were correct?
|
|
| Back to top |
|
|
appalsap
Moderator
Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Fri Jul 06, 2007 12:15 pm Post subject: |
|
|
that wouldn't even compile, try this (forum messes up the spacing...)
| Code: |
#define HP_LOCK 0x4862c9
#define AP_LOCK 0x486399
typedef struct _tparams {
DWORD dwMilliseconds;
BOOL bAlertable;
} tparams, *ptparams;
DWORD WINAPI start_it(LPVOID tp);
BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
HANDLE hThread; DWORD ThreadId; tparams tm;
switch(fdwReason)
{
case DLL_PROCESS_ATTACH:
tm.bAlertable = 0;
tm.dwMilliseconds = 200;
hThread = CreateThread(NULL, 0, &start_it, &tm, 0, &ThreadId);
if (!hThread) {
MessageBox(NULL, "Unable to create thread :(", 0, MB_ICONSTOP);
ExitProcess(1);
}
break;
case DLL_PROCESS_DETACH:
CloseHandle(hThread);
break;
}
return TRUE
}
DWORD WINAPI start_it(LPVOID tp);
{
for(;;SleepEx(tp->dwMilliseconds, tp->bAlertable))
{
if(GetAsyncKeyState(VK_MENU))
{
__try {
if(GetAsyncKeyState('C')) *(BYTE*)HP_LOCK ^=8;
if(GetAsyncKeyState('V')) *(BYTE*)AP_LOCK ^=8;
}
__except(EXCEPTION_EXECUTE_HANDLER) {
MessageBox(NULL, "Unable to read/write to the memory", 0, MB_ICONERROR);
}
}
}
return 0;
}
|
Last edited by appalsap on Fri Jul 06, 2007 3:19 pm; edited 2 times in total |
|
| Back to top |
|
|
jeremy6996
Expert Cheater
![]() Reputation: 0
Joined: 20 May 2007
Posts: 100
|
| Posted: Fri Jul 06, 2007 12:17 pm Post subject: |
|
|
What did I do wrong?
*Edit*
Do I have remeber that, because like by looking at most parts of the code I can figure out what its doing,though I don't think I could make my own.
Also when I open up ollydbg I get somthing like "so and so reports the 'Gunz' is either compressed ecyrupted, or contains a larg amount of emedded date'
Would this effect me at all?
Last edited by jeremy6996 on Fri Jul 06, 2007 12:23 pm; edited 1 time in total |
|
| Back to top |
|
|
appalsap
Moderator
Reputation: 0
Joined: 27 Apr 2006
Posts: 6753
Location: Pakistan
|
| Posted: Fri Jul 06, 2007 12:22 pm Post subject: |
|
|
this is why most people learn the language before trying to make applications, pinpoint exactly what you don't understand and do a web search for the answers.
| jeremy6996 wrote: | Also when I open up ollydbg I get somthing like "so and so reports the 'Gunz' is either compressed ecyrupted, or contains a larg amount of emedded date'
Would this effect me at all? |
yes, because GunZ is packed. unpack it. don't know how? search.
|
|
| Back to top |
|
|
jeremy6996
Expert Cheater
![]() Reputation: 0
Joined: 20 May 2007
Posts: 100
|
| Posted: Fri Jul 06, 2007 12:28 pm Post subject: |
|
|
| appalsap wrote: | | this is why most people learn the language before trying to make applications, pinpoint exactly what you don't understand and do a web search for the answers. |
Nono, I get it I just don't get parts like these
MessageBox(NULL, "Unable to create thread  ", &tm, MB_ICONSTOP);
Like I know what this does though I don't know what NULL is declaring, what &tm means and MB_ICONSTOP.
nvm, I think I know of some tutorials I can see online.
|
|
| Back to top |
|
|
WRYYYYYYY
Expert Cheater
![]() Reputation: 0
Joined: 28 Jun 2007
Posts: 164
|
| Posted: Fri Jul 06, 2007 2:01 pm Post subject: |
|
|
| If you ever don't know what a command is, search it in google. Almost always, the first result will be from msdn2.microsoft.com. That's microsoft's knowledge base which will normally tell you everything about that command.
|
|
| Back to top |
|
|
jeremy6996
Expert Cheater
![]() Reputation: 0
Joined: 20 May 2007
Posts: 100
|
| Posted: Fri Jul 06, 2007 2:11 pm Post subject: |
|
|
| WRYYYYYYY wrote: | | If you ever don't know what a command is, search it in google. Almost always, the first result will be from msdn2.microsoft.com. That's microsoft's knowledge base which will normally tell you everything about that command. |
Nvm.. whats harder C++ or DLL. Obviously C++ Right?
Wait, kk I have programmed in VB, tapped C++, and made simple application in python. Wich is harder VB or DLL, and C++ or DLL
|
|
| Back to top |
|
|
WRYYYYYYY
Expert Cheater
![]() Reputation: 0
Joined: 28 Jun 2007
Posts: 164
|
| Posted: Fri Jul 06, 2007 2:21 pm Post subject: |
|
|
DLL isn't a programming language, it's something made in any language that you can inject into a program and run it's code. But if you want to make a dll for gunz or most anything else, you have to make it in C as that's what the gunz and most other programs are made in.
Nevermind what's simpler. start with C++, it's much more powerful than VB.
|
|
| Back to top |
|
|
jeremy6996
Expert Cheater
![]() Reputation: 0
Joined: 20 May 2007
Posts: 100
|
| Posted: Fri Jul 06, 2007 3:01 pm Post subject: |
|
|
| WRYYYYYYY wrote: | DLL isn't a programming language, it's something made in any language that you can inject into a program and run it's code. But if you want to make a dll for gunz or most anything else, you have to make it in C as that's what the gunz and most other programs are made in.
Nevermind what's simpler. start with C++, it's much more powerful than VB. |
=P kk, should I do C then C++ or go strait to C++?
P.S XD, I have tried C++ so many times, it kills my mind.
|
|
| Back to top |
|
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
