 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Overload
Master Cheater
 Reputation: 0
Joined: 08 Feb 2008
Posts: 293
|
 Posted: Mon May 05, 2008 8:12 pm Post subject: C/C++ Help |
 |
|
Okay, well I have a couple questions, most of them are really noobie 
But what i want to do is basically set up a basic hacking prevention (EMPHASIS ON WORD "BASIC"). And basically what it will do, is you open it with the program you want it to protect, and it will get a list of all the current processes, and scan them for detected strings that i will set.
So my questions are:
1.) Which is better to do this in? C? C++? (I would prefer C, but i want your guys' opinion).
2.) Would i use a Win32 Form? Or a console?
3.) If possible, could you provide a very basic example of what i would have to do to achieve this?
Thanks a lot guys, and yes, i know they are noobie questions
_________________
Blog
| Quote: | Rhys says:
you can be my maid
Rhys says:
ill buy you a french maid outfit
Tyler says:
Sounds good
Rhys says:
ill hold you to that |
|
|
| Back to top |
|
 |
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Mon May 05, 2008 8:31 pm Post subject: |
|
|
1) C++ is only a super-set of C, so doing it in C++ woudn't differ that much then C
2) Doesn't matter.
3)
Here's one that ive shown before, scans for the process name entered as the first parameter, so you could scan for process names:
*Remember to include tl32help.h, windows.h, and tchar.h
| Code: | BOOL FindProcess( TCHAR *tszExe )
{
PROCESSENTRY32 pe32;
pe32.dwSize = sizeof(PROCESSENTRY32);
HANDLE hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, NULL );
Process32First( hSnapshot, &pe32 );
do
{
if ( _tcscmp( pe32.szExeFile, tszExe ) == 0 )
{
CloseHandle( hSnapshot );
return TRUE;
}
}
while ( Process32Next( hSnapshot, &pe32 ) );
CloseHandle( hSnapshot );
return FALSE;
} |
If you want to check Window Names you can use the API EnumWindows (http://msdn.microsoft.com/en-us/library/ms633497.aspx) and check the Window text with GetWindowText, then if you want you can even search for child controls on those forms with FindWindowEx (http://msdn.microsoft.com/en-us/library/ms633500(VS.85).aspx) and GetWindowText with that too.
_________________
|
|
| Back to top |
|
|
Overload
Master Cheater
Reputation: 0
Joined: 08 Feb 2008
Posts: 293
|
| Posted: Tue May 06, 2008 12:04 am Post subject: |
|
|
Okay, i looked up the GetWindowText API. And it seems easyISH to use...
But i would have no idea how to use it with the EnumWindows API...
Any care to provide a quick example?
|
|
| Back to top |
|
|
tombana
Master Cheater
![]() Reputation: 2
Joined: 14 Jun 2007
Posts: 456
Location: The Netherlands
|
| Posted: Tue May 06, 2008 1:01 am Post subject: |
|
|
| Code: |
#define STRICT 1
#include <windows.h>
#include <psapi.h> // NT only!
#include <iostream>
using namespace std;
#pragma comment(lib, "psapi") // NT only!
BOOL CALLBACK EnumWindowsProc(HWND hWnd, LPARAM lParam) {
DWORD dwThreadId, dwProcessId;
HINSTANCE hInstance;
char String[255];
HANDLE hProcess;
if (!hWnd)
return TRUE; // Not a window
if (!::IsWindowVisible(hWnd))
return TRUE; // Not visible
if (!SendMessage(hWnd, WM_GETTEXT, sizeof(String), (LPARAM)String))
return TRUE; // No window title
hInstance = (HINSTANCE)GetWindowLong(hWnd, GWL_HINSTANCE);
dwThreadId = GetWindowThreadProcessId(hWnd, &dwProcessId);
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwProcessId);
cout << hWnd << ' ' << dwProcessId << '\t' << String << '\t';
// GetModuleFileNameEx uses psapi, which works for NT only!
if (GetModuleFileNameEx(hProcess, hInstance, String, sizeof(String)))
cout << String << endl;
else
cout << "(None)\n";
CloseHandle(hProcess);
return TRUE;
}
int main(int argc, char *argv[], char *envp[]) {
EnumWindows(EnumWindowsProc, NULL);
return 0;
}
|
Source: http://simplesamples.info/Windows/EnumWindows.php
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8585
Location: 127.0.0.1
|
|
| Back to top |
|
|
Flyte
Peanuts!!!!
 Reputation: 6
Joined: 19 Apr 2006
Posts: 1887
Location: Canada
|
| Posted: Tue May 06, 2008 5:47 pm Post subject: |
|
|
| A simple DKOM driver editing the EPROCESS block and hooking NtUserBuildHwndList(); will bypass any of the above mentioned methods.
|
|
| Back to top |
|
|
Overload
Master Cheater
Reputation: 0
Joined: 08 Feb 2008
Posts: 293
|
| Posted: Tue May 06, 2008 5:50 pm Post subject: |
|
|
| Flyte wrote: | | A simple DKOM driver editing the EPROCESS block and hooking NtUserBuildHwndList(); will bypass any of the above mentioned methods. |
I really don't care what bypasses it at this point. This is going to be my base, where i can then upgrade as i learn.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
