 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Xhayla
How do I cheat?
![]() Reputation: 0
Joined: 26 Dec 2019
Posts: 3
|
 Posted: Thu Dec 26, 2019 2:08 pm Post subject: Analog StealthEdit in C ++(VEH) |
 |
|
Hello, I used to use the "StealthEdit" plugin in CE to bypass code integrity checks, but now there is a desire to do the same, only in C ++.
Here is the code -
| Code: | #include <Windows.h>
#include <string>
DWORD dwOld;
DWORD jmp_original;
DWORD from_addr = address;
__declspec(naked) void patch()
{
__asm
{
mov eax, 1
jmp jmp_original
}
}
LONG WINAPI HookPage(EXCEPTION_POINTERS *pExceptionInfo)
{
if (pExceptionInfo->ExceptionRecord->ExceptionCode == STATUS_GUARD_PAGE_VIOLATION)
{
if (pExceptionInfo->ContextRecord->Eip == from_addr)
{
jmp_original = (DWORD)(pExceptionInfo->ContextRecord->Eip + 5);
pExceptionInfo->ContextRecord->Eip = reinterpret_cast<DWORD>(&patch);
}
pExceptionInfo->ContextRecord->EFlags |= 0x100;
return EXCEPTION_CONTINUE_EXECUTION;
}
if (pExceptionInfo->ExceptionRecord->ExceptionCode == STATUS_SINGLE_STEP)
{
DWORD dwOld;
VirtualProtect(reinterpret_cast<void*>(from_addr), 5, PAGE_EXECUTE | PAGE_GUARD, &dwOld);
return EXCEPTION_CONTINUE_EXECUTION;
}
return EXCEPTION_CONTINUE_SEARCH;
}
void main()
{
VirtualProtect(reinterpret_cast<void*>(from_addr), 5, PAGE_EXECUTE | PAGE_GUARD, &dwOld);
auto hVEH = AddVectoredExceptionHandler(true, static_cast<PVECTORED_EXCEPTION_HANDLER>(HookPage));
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
main();
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
} |
There is a game in which you need to remove the “fog” on the mini-map (to see opponents on the mini-map), when I do it through the StealthEdit plugin on CE, FPS does not change, but if through VEH on C ++, FPS drops up to 30-40 FPS ... I don’t know what the problem is ...
|
|
| Back to top |
|
 |
Dark Byte
Site Admin
 Reputation: 468
Joined: 09 May 2003
Posts: 25711
Location: The netherlands
|
| Posted: Thu Dec 26, 2019 4:15 pm Post subject: |
|
|
copy the whole page and the overlapping pageboundary instructions to the patchcode and not just the line you patch, else you will get very long page guard, single step, pageguard, single step,pageguard loops
the less exceptions the better
(do adjust rip relative instructions that jump outside of the range to to original)
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Xhayla
How do I cheat?
![]() Reputation: 0
Joined: 26 Dec 2019
Posts: 3
|
| Posted: Fri Dec 27, 2019 5:37 am Post subject: |
|
|
[quote="Dark Byte"]copy the whole page and the overlapping pageboundary instructions to the patchcode and not just the line you patch, else you will get very long page guard, single step, pageguard, single step,pageguard loops
the less exceptions the better
(do adjust rip relative instructions that jump outside of the range to to original)
Hello Dark Byte 
4 hours trying to do what you wrote to me about, as a result - failure 
| Code: | #include "stdafx.h"
#include <Windows.h>
#include <string>
DWORD dwOld;
DWORD jmp_original;
DWORD copyPage;
DWORD from_addr = (DWORD)GetModuleHandle(L"Test.dll") + 0x123002; //First page address
DWORD to_addr = (DWORD)GetModuleHandle(L"Test.dll") + 0x123440; // Jump to original code
void PatchMemory(uintptr_t pAddress, UINT8* bytes, INT32 size)
{
void* address = reinterpret_cast<void*>(pAddress);
unsigned long Protection;
VirtualProtect(address, size, PAGE_READWRITE, &Protection);
memcpy(address, (const void*)bytes, size);
VirtualProtect(address, size, Protection, &Protection);
}
LONG WINAPI HookPage(EXCEPTION_POINTERS *pExceptionInfo)
{
if (pExceptionInfo->ExceptionRecord->ExceptionCode == STATUS_GUARD_PAGE_VIOLATION)
{
if (pExceptionInfo->ContextRecord->Eip == from_addr)
{
pExceptionInfo->ContextRecord->Eip = copyPage;
}
pExceptionInfo->ContextRecord->EFlags |= 0x100;
return EXCEPTION_CONTINUE_EXECUTION;
}
if (pExceptionInfo->ExceptionRecord->ExceptionCode == STATUS_SINGLE_STEP)
{
DWORD dwOld;
VirtualProtect(reinterpret_cast<void*>(from_addr), 5, PAGE_EXECUTE | PAGE_GUARD, &dwOld);
return EXCEPTION_CONTINUE_EXECUTION;
}
return EXCEPTION_CONTINUE_SEARCH;
}
void main()
{
DWORD copyPage = (DWORD)VirtualAlloc(NULL, 1500, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); //Allocate memory
if (copyPage != NULL)
{
memcpy((void*)copyPage, reinterpret_cast<void*>(from_addr), 0x44C); copy the original page to the selected memory
DWORD offset = to_addr - (copyPage + 0x43E) - 5; calculate return to source code
UINT8 jmp[5] = { 0xE9 };
memcpy(jmp + 1, &offset, sizeof(DWORD));
PatchMemory(copyPage + 0x43E, jmp, 5); jump to the original code
VirtualProtect(reinterpret_cast<void*>(from_addr), 5, PAGE_EXECUTE | PAGE_GUARD, &dwOld);
auto hVEH = AddVectoredExceptionHandler(true, static_cast<PVECTORED_EXCEPTION_HANDLER>(HookPage));
}
BOOL APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
main();
break;
case DLL_THREAD_ATTACH:
case DLL_THREAD_DETACH:
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
} |
from_addr - first page address.
|
|
| Back to top |
|
|
Dark Byte
Site Admin
Reputation: 468
Joined: 09 May 2003
Posts: 25711
Location: The netherlands
|
| Posted: Fri Dec 27, 2019 7:23 am Post subject: |
|
|
Eip == from_addr
you're looking for a specific address, it has to be a full pagerange
_________________
Do not ask me about online cheats. I don't know any and wont help finding them.
Like my help? Join me on Patreon so i can keep helping |
|
| Back to top |
|
|
Xhayla
How do I cheat?
![]() Reputation: 0
Joined: 26 Dec 2019
Posts: 3
|
| Posted: Fri Dec 27, 2019 8:55 am Post subject: |
|
|
| Dark Byte wrote: | Eip == from_addr
you're looking for a specific address, it has to be a full pagerange |
 I do not quite understand, since I translate a translator through Google.
Maybe you have an example of how to implement this?
I will be grateful to you.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
