 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
DaNemeziz
Master Cheater
 Reputation: 0
Joined: 29 Sep 2007
Posts: 430
|
 Posted: Sat Sep 06, 2008 4:17 pm Post subject: [c++] need bypass for postmessage for maplestory |
 |
|
| Code: | #include "windows.h"
#include <iostream>
using namespace std;
int main() {
while (true) {
HWND hWnd;
hWnd = FindWindow(NULL,"MapleStory");
PostMessage(hWnd,WM_CHAR,0x41,1);
Sleep(1);
}
}
|
does somebody know how i can bypass postmessage so that it works for maplestory? |
|
| Back to top |
|
 |
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sat Sep 06, 2008 4:30 pm Post subject: |
|
|
Trampoline over the first 5 bytes of PostMessageA.
_________________
|
|
| Back to top |
|
|
Hieroglyphics
I post too much
 Reputation: 0
Joined: 06 Dec 2007
Posts: 2007
Location: Your bedroom
|
| Posted: Sat Sep 06, 2008 4:34 pm Post subject: |
|
|
Either look here
Or I THINK this might work correct me if I am wrong anybody:
| Code: | #include "windows.h"
#include <iostream>
using namespace std;
DWORD PostMessA = (DWORD)GetProcAddress(LoadLibrary("USER32.DLL"), "PostMessageA"));
_declspec(naked) BOOL PostMessageX(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) {
_asm {
mov edi, edi
push ebp
mov ebp, esp
jmp[PostMessA]
}
}
int main() {
while (true) {
HWND hWnd;
hWnd = FindWindow(NULL,"MapleStory");
PostMessage(hWnd,WM_CHAR,0x41,1);
Sleep(1);
}
} |
Then if you wanna edit memory
| Code: | static const FARPROC VPX = (FARPROC)((DWORD)GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualProtectEx")+5);
DWORD oldp = 0;
PDWORD oldprot = &oldp;
#define JMP(frm, to) (int)(((int)to - (int)frm) - 5);
DWORD dwBytesWritten;
_declspec(naked) BOOL WINAPI FixMemEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect) {
_asm {
mov edi,edi
push ebp
mov ebp,esp
jmp VPX
}
} |
Somethin like that
Sphere90 posted
| Code: | ULONG reentry_address = GetProcAddress( LoadLibrary("user32.dll"), "PostMessageA" ) + 5;
__declspec(naked) void myPostMessageA(void)
{
__asm
{
mov edi,edi
push ebp
mov ebp,esp
jmp [reentry_address]
}
} |
_________________
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Sat Sep 06, 2008 4:55 pm Post subject: |
|
|
Here I'll code something in Quick Reply.
| Code: | #include <Windows.h>
#include <tchar.h>
DWORD _PMA = NULL;
__declspec(naked) BOOL WINAPI _PostMessageA(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam)
{
__asm
{
mov edi, edi
push ebp
mov ebp, esp
jmp dword ptr ds:[_PMA]
}
}
int _tmain(int argc, TCHAR *argv[])
{
_PMA = (DWORD)GetProcAddress(LoadLibrary(_T("user32.dll")), "PostMessageA") + 5;
if (_PMA == 5)
{
_tprintf(_T("PostMessageA load fail."));
return 0;
}
else
{
_tprintf(_T("PostMessageA: 0x%08X"), _PMA);
_PostMessageA(FindWindow(_T("MapleStoryClass"), NULL), WM_KEYDOWN, VK_CONTROL, (MapVirtualKey(VK_CONTROL, 0) << 16));
}
return 0;
} |
_________________
|
|
| Back to top |
|
|
Hieroglyphics
I post too much
Reputation: 0
Joined: 06 Dec 2007
Posts: 2007
Location: Your bedroom
|
| Posted: Sat Sep 06, 2008 5:13 pm Post subject: |
|
|
LOL NICE YOU JUST CODED A BOT IN QUICK REPLY
_________________
|
|
| Back to top |
|
|
DaNemeziz
Master Cheater
Reputation: 0
Joined: 29 Sep 2007
Posts: 430
|
| Posted: Sat Sep 06, 2008 5:15 pm Post subject: |
|
|
@lurc
gives me 3 errors, what ever... i go to bed now and experiment with it tomorrow again... ty anyways
edit : works with visual c++, doesnt work with borland
well... ty =) |
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Sat Sep 06, 2008 5:40 pm Post subject: |
|
|
| Hieroglyphics wrote: | Either look here
Or I THINK this might work correct me if I am wrong anybody:
| Code: | #include "windows.h"
#include <iostream>
using namespace std;
DWORD PostMessA = (DWORD)GetProcAddress(LoadLibrary("USER32.DLL"), "PostMessageA"));
_declspec(naked) BOOL PostMessageX(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam) {
_asm {
mov edi, edi
push ebp
mov ebp, esp
jmp[PostMessA]
}
}
int main() {
while (true) {
HWND hWnd;
hWnd = FindWindow(NULL,"MapleStory");
PostMessage(hWnd,WM_CHAR,0x41,1);
Sleep(1);
}
} |
Then if you wanna edit memory
| Code: | static const FARPROC VPX = (FARPROC)((DWORD)GetProcAddress(GetModuleHandleA("kernel32.dll"), "VirtualProtectEx")+5);
DWORD oldp = 0;
PDWORD oldprot = &oldp;
#define JMP(frm, to) (int)(((int)to - (int)frm) - 5);
DWORD dwBytesWritten;
_declspec(naked) BOOL WINAPI FixMemEx(HANDLE hProcess, LPVOID lpAddress, SIZE_T dwSize, DWORD flNewProtect, PDWORD lpflOldProtect) {
_asm {
mov edi,edi
push ebp
mov ebp,esp
jmp VPX
}
} |
Somethin like that
Sphere90 posted
| Code: | ULONG reentry_address = GetProcAddress( LoadLibrary("user32.dll"), "PostMessageA" ) + 5;
__declspec(naked) void myPostMessageA(void)
{
__asm
{
mov edi,edi
push ebp
mov ebp,esp
jmp [reentry_address]
}
} |
|
Yea that works. All you really have to do is find out the PMA address which is a constant at: 0x77D1CB85
Create a hop to jump over the 5 byte jmp hook that gg does. But you still need it EXCEPT mov edi,edi which is pointless...
and then jump to pma+5 past the hook. |
|
| Back to top |
|
|
Hieroglyphics
I post too much
Reputation: 0
Joined: 06 Dec 2007
Posts: 2007
Location: Your bedroom
|
| Posted: Sat Sep 06, 2008 6:16 pm Post subject: |
|
|
I thought move edi,edi is a nop just like mov eax,eax or anything like that
_________________
|
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
|
| Back to top |
|
|
Wintermoot
Expert Cheater
 Reputation: 0
Joined: 08 Nov 2007
Posts: 198
|
|
| Back to top |
|
|
DaNemeziz
Master Cheater
Reputation: 0
Joined: 29 Sep 2007
Posts: 430
|
| Posted: Sun Sep 07, 2008 3:29 am Post subject: |
|
|
@HawwwaH
looks better for me because i can also use it with borland, i dont really like visual c++
| Code: | #include "windows.h"
#include <iostream>
using namespace std;
LRESULT InjectMessage(HWND hWnd, UINT uMsg, WPARAM wParam, LPARAM lParam) {
WNDPROC WndProc;
LRESULT lRET = 0;
WndProc = (WNDPROC)GetWindowLong(hWnd, GWL_WNDPROC);
if (WndProc != NULL)
lRET = CallWindowProc(WndProc, hWnd, uMsg, wParam, lParam);
return lRET;
}
int main() {
while (true) {
if ((GetAsyncKeyState(0x73)<0)) {
HWND hWndE = FindWindow(0, "MapleStoryClass");
PostMessage(hWndE, WM_CHAR, 'A', 0);
}
Sleep(1);
}
}
|
thats my code now with PostMessage (sends lots of 'A's to MapleStory when I hold F4)
how i use CallWindowProc(WndProc, hWnd, uMsg, wParam, lParam);? still have PostMessage in use now 
dont understand what WndProc is for!?
Last edited by DaNemeziz on Sun Sep 07, 2008 5:43 am; edited 1 time in total |
|
| Back to top |
|
|
Wintermoot
Expert Cheater
Reputation: 0
Joined: 08 Nov 2007
Posts: 198
|
| Posted: Sun Sep 07, 2008 5:34 am Post subject: |
|
|
Untested because I just uninstalled VC++ Express:
| Code: |
InjectMessage( hWndE, WM_CHAR, 'A', 0 );
|
|
|
| Back to top |
|
|
DaNemeziz
Master Cheater
Reputation: 0
Joined: 29 Sep 2007
Posts: 430
|
| Posted: Sun Sep 07, 2008 5:42 am Post subject: |
|
|
| HawwwaH wrote: | Untested because I just uninstalled VC++ Express:
| Code: |
InjectMessage( hWndE, WM_CHAR, 'A', 0 );
|
|
already tested doesn't work
i think i have to use
| Code: | | CallWindowProc(WndProc, hWndE, WM_CHAR, 'A', 0); |
but i don't know what to add for "WndProc"  |
|
| Back to top |
|
|
Wintermoot
Expert Cheater
Reputation: 0
Joined: 08 Nov 2007
Posts: 198
|
| Posted: Sun Sep 07, 2008 6:56 am Post subject: |
|
|
What are you talking about? That function was made to make using CallWindowProc easy...
Perhaps you should learn C++ before you try something like this... |
|
| Back to top |
|
|
GMZorita
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 21 Mar 2007
Posts: 1361
|
| Posted: Sun Sep 07, 2008 7:53 am Post subject: |
|
|
| DaNemeziz wrote: | | HawwwaH wrote: | Untested because I just uninstalled VC++ Express:
| Code: |
InjectMessage( hWndE, WM_CHAR, 'A', 0 );
|
|
already tested doesn't work
i think i have to use
| Code: | | CallWindowProc(WndProc, hWndE, WM_CHAR, 'A', 0); |
but i don't know what to add for "WndProc" :( |
Try to make a thread like:
| Code: |
HWND hWnd = FindWindow(NULL,"MapleStory");
void WINAPI FoundMHWND()
{
while (hWnd == 0)
{
hWnd = FindWindow(NULL,"MapleStory");
Sleep(100);
}
int main()
{
CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)FoundMHWND,NULL,NULL,NULL);
}
|
_________________
Gone |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
