 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
hiring_dude
Newbie cheater
![]() Reputation: 0
Joined: 28 Nov 2010
Posts: 20
|
 Posted: Sat Nov 19, 2011 7:06 pm Post subject: createFileA, from AA fail |
 |
|
thanks to Google cache (hope everything isn't too much broken  ):
Hi everybody,
i'm trying to log data retrieved from different part of the process, and log those game statistics after each game over into a log file.
unfortunately i can get createFile to give me an handle and write something to disc even with a basic example.
note : i'm using IDA for decompilation, the Tabbed code section come from it even if it was "carrefully" checked for my needs..
I have no antivirus (win7), and code here from the AA script is longer i just put here where it fail.
am i missing something ?
(sorry for my engrish)
| Code: | //------------------- PROCEDURE WRITE DATA ---------------------
filepath:
db 'log.txt',0
text_to_write:
db 'hello world from cheat engine AA injection !\n',0
// ^ * * * * * * * * * * * * *
0041365E: // adresse ou le code est modifié
jmp proc_write_data_to_log_file
nop
nop
nop
nop
nop
nop
nop
proc_write_data_to_log_file_return:
/*-----------------------------*/
proc_write_data_to_log_file:
pushf // just in case
push eax
push ebx
push ecx
push edx
push ebp
mov ebp, esp
sub esp, 80 // Integer Subtraction
push edi
push esi
// call sub_4013B0 ; Call Procedure
lea edi, [ebp-60] // Buffer Load Effective Address
mov esi, text_to_write //
cld // Clear Direction Flag
mov ecx, 0F
rep movsd // Move Byte(s) from String to String
movsb // Move Byte(s) from String to String
mov [ebp-64], 49 //nNumberOfBytesToWrite = -64
mov [ebp-68], 0 //NumberOfBytesWritten = -68
mov [ebp-6C], 0 // var_6C
add esp, 0FFFFFFFC // Add
push 0 // hTemplateFile
push 80 //; dwFlagsAndAttributes
push 4 //; dwCreationDisposition
push 0 //; lpSecurityAttributes
push 0 //; dwShareMode
push 40000000 //; dwDesiredAccess
push filepath
call dword ptr [00467124] // ; Call Procedure CreateFileA
add esp, 4 // ; Add
mov eax, eax
mov [ebp-4], eax //hObject
push 2 //; dwMoveMethod
push 0 // ; lpDistanceToMoveHigh
push 0 //; lDistanceToMove
mov eax, [ebp-4] //
push eax //; hFile
call dword ptr [00467130] // ; Call Procedure SetFilePointer
mov [ebp-6C], eax
add esp, 0FFFFFFF4 //; Add
push 0 //; lpOverlapped
lea eax, [ebp-68] //;
push eax //; lpNumberOfBytesWritten
mov eax, [ebp-64]
push eax //; nNumberOfBytesToWrite
lea eax, [ebp-60] //; Load Effective Address
push eax //; lpBuffer
mov eax, [ebp-4] // hObject
push eax //; hFile
call dword ptr [0046712C] //; Call Procedure WriteFile
add esp, 0C //; Add
mov eax, eax
mov [ebp-6C], eax
add esp, 0FFFFFFF4 //; Add
mov eax, [ebp-4] //hObject
push eax //; hObject
call dword ptr [004670E0] // ; Call Procedure CloseHandle
add esp, 0C //; Add
xor eax, eax //; Logical Exclusive OR
lea esp, [ebp-88] // Load Effective Address
pop esi
pop edi
leave // High Lev
pop edx
pop ecx
pop ebx
pop eax
popf |
/************************************************************************************************************
[size=150]Wiccaan [/size]replied :
| Code: | push 0 // hTemplateFile
push 80 //; dwFlagsAndAttributes
push 4 //; dwCreationDisposition
push 0 //; lpSecurityAttributes
push 0 //; dwShareMode
push 40000000 //; dwDesiredAccess
push filepath
call dword ptr [00467124] // ; Call Procedure CreateFileA |
Share mode is 0, try setting it to ( FILE_SHARE_READ | FILE_SHARE_WRITE ) which is: 0x00000003
Also double check that your call address is correct for the API.
If it continues to fail, try adding a call to GetLastError after you call CreateFileA and see what the returned error code is. You can find the error information for the returned error code here:
[msdn link removed because of posting limitation (??)]
/************************************************************************************************************
so finally i tried your advises.
the calls are correct since the debugger show me step by step where EIP is going. and it match the winAPI adress.
i added the getlastError right after createFileA and i always get 998(3E6) : ERROR_NOACCESS
i don't understand since the host process can open a COM communication..
is there another easier way to trace log data from cheatengine or am i doing it wrong ?
i also tried with DLL injection.. but that's another story..
|
|
| Back to top |
|
 |
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Sun Nov 27, 2011 10:54 am Post subject: |
|
|
If you are getting access errors then make sure the file isn't already in-use and that the app has the right access to the file before you trying opening it.
_________________
- Retired. |
|
| Back to top |
|
|
hiring_dude
Newbie cheater
![]() Reputation: 0
Joined: 28 Nov 2010
Posts: 20
|
| Posted: Mon Nov 28, 2011 11:32 am Post subject: |
|
|
well finally i gived up trying to access IO through AA,
lua do it right and far more simply 
thanks !
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
