• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Results 1 to 10 of 10
    1. #1
      Coder
      Learning to hack games!
       
      Feeling Normal
       
      xploiitz's Avatar
      Join Date
      Jul 2012
      Posts
      125
      Thanks (-->)
      4
      Thanks (<--)
      15

      A bit of Code Cave help in C++?

      John Kittz
      This is my first post and let me start off by saying I absolutely love your tutorials man!! Good stuff, I subbed to you on youtube .

      Alright onto my problem!

      So there's this game, planetside that I play..... and I wanted to make my own Cone of Fire( Cone of fire is Planetsides version of recoil), I have successfully found the addresses / assembly lines that control this Cone of Fire, I was able to successfully freeze, thus having no recoil! These aren't dynamic either, because I made a simple script in Tsearch to freeze these values, and it works each time i start the game.
      Simply going into memory each time to edit these is rather obvious, so I wanted to make my own code cave(s) in C++ to further help from being detected...

      Now before I get flamed.... I do have some intermediate C++ skills , I am a Computer science major(2nd year) for what its worth, just to give a very vague idea of where I stand.
      I do wanna mention that im not looking for full blown source, just some code cave snippets if possible, but i'll take what i can get


      These are the originals


      [spoiler]ORIGINAL1

      0090833b 89 81 9C 01 00 00 mov [ecx+0x19C],eax
      00908341 E8 BA 88 B 9FF call 0x004A0C00
      00908346 5D pop ebp
      00908347 C2 04 00 retn 0x4
      0090834a 90 nop
      0090834b 90 nop
      0090834c 90 nop
      0090834d 90 nop

      ORIGINAL2

      0090893e D9 9E 9C 01 00 00 fstp dword ptr [esi+0x19C]
      00908944 5F pop edi
      00908945 5E pop esi
      00908946 5B pop ebx
      00908947 8B E5 mov esp,ebp
      00908949 5D pop ebp
      0090894a C3 retn
      0090894b 90 nop[/spoiler]


      These are the originals NOPed for no recoil...


      [spoiler]NOPed1

      0090833B 90 NOP
      0090833C 90 NOP
      0090833D 90 NOP
      0090833E 90 NOP
      0090833F 90 NOP
      00908340 90 NOP


      NOPed2

      0090893E 90 NOP
      0090893F 90 NOP
      00908940 90 NOP
      00908941 90 NOP
      00908942 90 NOP
      00908943 90 NOP[/spoiler]

      I have read Faldo's Code Cave Theory and several others, but they just didnt suffice for me...
      Attachments and other options

      Could anyone else give me a hand? Thanks

    2. #2
      Coder
      Learning to hack games!
       
      Feeling Normal
       
      BlackPitchPL's Avatar
      Join Date
      May 2012
      Location
      POLAND
      Posts
      171
      Thanks (-->)
      1
      Thanks (<--)
      14

      Re: A bit of Code Cave help in C++?

      If you just nope the addresses that u wrote, You need to just add addy that you have like this
      Code:
      #define ADR_UAMMO 0x10A9FA71
      #define ADR_NODELAY 0x10A9F9E5
      #define ADR_NODELAY2 0x10AA0449
      #define ADR_NODELAY3 0x10AA128F
      #define ADR_INFHEAL 0x10944827
      #define ADR_UAMMO2 0x10AA1E15
      ofc You name and put your code here
      than
      I'll give you class to Patch addys
      [spoiler]
      Code:
      #pragma once
      
      class cPatch
      {
      private:
      	DWORD  ADR;
      	BYTE	OFF_BYTES[255];
      	BYTE  ON_BYTES[255];
      	int		SIZE;
      	enum	PATCHSTATUS
      	{
      		NORMAL,
      		PATCHED,
      	};
      	int		STATUS;
      
      	void*	memcpy_s(void* pvAddress, const void* pvBuffer, size_t stLen);
      public:
      	cPatch(DWORD pAdr,BYTE* pByte,int pSize);
      	void Patch();
      	void Restore();
      };
      call it like cPatch.h
      and main cPatch.cpp

      Code:
      #include "cPatch.h"
      
      
       
      void* cPatch::memcpy_s(void *pvAddress, const void *pvBuffer, size_t stLen)
      {
      	MEMORY_BASIC_INFORMATION mbi;
      	VirtualQuery( ( void* )pvAddress, &amp;mbi, sizeof( mbi ) );
      	VirtualProtect( mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &amp;mbi.Protect );
      	void* pvRetn = memcpy( ( void* )pvAddress, ( void* )pvBuffer, stLen );
      	VirtualProtect( mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &amp;mbi.Protect );
      	FlushInstructionCache( GetCurrentProcess( ), ( void* )pvAddress, stLen );
      	return pvRetn;
      }
                               
      cPatch::cPatch(DWORD pAdr,BYTE* pByte,int pSize)
      {
      	STATUS	=	NORMAL;
      	SIZE	=	pSize;
      	ADR		=	pAdr;
      	
      	for(int i = 0; i &lt; pSize; i++)
      	{
      		OFF_BYTES[i]	=	0x00;
      		ON_BYTES[i]		=	pByte[i];
      	}
      }
       
      void cPatch::Patch()
      {
      	if( STATUS==NORMAL )
      	{
      		BYTE *pOFF_BYTES = (BYTE*)ADR;
      		for( int i = 0; i &lt; SIZE; i++ )
      		{
      			OFF_BYTES[i] = pOFF_BYTES[i];
      		}
      		memcpy_s((void*)ADR,(const void*)ON_BYTES,SIZE);
      		STATUS=PATCHED;
      	}
      }
      void cPatch::Restore()
      {
      	if(STATUS==PATCHED)
      	{
      		memcpy_s((void*)ADR,(const void*)OFF_BYTES,SIZE);
      		STATUS=NORMAL;
      	}
      }
      [/spoiler]
      When you will have all of the's file's you can simple Patch addys you want.

      Code:
      // You have to make an object that is cPatch than u give addy (of your cheat) than type ( ofc BYTE) than you tell the Patch what to do so in your case x90 and after , number of bytes to overwrite 
      
      cPatch nodelay	(ADR_NODELAY,(BYTE*)"\x90\x90",2);
      cPatch nodelay2	(ADR_NODELAY2,(BYTE*)"\x89\x85\xBC\x00\x00\x00",6);
      cPatch nodelay3	(ADR_NODELAY3,(BYTE*)"\x89\x85\xBC\x00\x00\x00",6);
      and last step how to run it

      Code:
      //if code ON just Patch addy's u add
      if(opt.asmm.nodelay)
      	{
      		nodelay.Patch();
      		nodelay2.Patch();
      		nodelay3.Patch();
      	}
      	else
      	{// OFF Restore value :P
      		nodelay.Restore();
      		nodelay2.Restore();
      		nodelay3.Restore();
      	}
      Hope i help You

    3. #3
      Coder
      Learning to hack games!
       
      Feeling Normal
       
      xploiitz's Avatar
      Join Date
      Jul 2012
      Posts
      125
      Thanks (-->)
      4
      Thanks (<--)
      15

      Re: A bit of Code Cave help in C++?

      Sweet Thanks, I feel like I'm really getting somewhere with this.
      But I still have some questions, are you using windows API functions (read/writeproccessmemory , findwindow, getprocessid etc) to apply these patches to the specified addresses ? or another method?


      currently this code compiles with out any errors. I'm just waiting for your input on my previous questions about the winAPI functions before I step forward...

      If you have a chance , take a look at what I have :P

      cPatch.h
      [spoiler]
      #pragma once
      #include &lt;Windows.h&gt;

      class cPatch
      {
      private:
      DWORD ADR;
      BYTE OFF_BYTES[255];
      BYTE ON_BYTES[255];
      int SIZE;
      enum PATCHSTATUS
      {
      NORMAL,
      PATCHED,
      };
      int STATUS;

      void* memcpy_s(void* pvAddress, const void* pvBuffer, size_t stLen);
      public:
      cPatch(DWORD pAdr,BYTE* pByte,int pSize);
      void Patch();
      void Restore();
      };
      [/spoiler]

      cPatch.cpp
      [spoiler]
      #include "cPatch.h"



      void* cPatch::memcpy_s(void *pvAddress, const void *pvBuffer, size_t stLen)
      {
      MEMORY_BASIC_INFORMATION mbi;
      VirtualQuery( ( void* )pvAddress, &amp;mbi, sizeof( mbi ) );
      VirtualProtect( mbi.BaseAddress, mbi.RegionSize, PAGE_EXECUTE_READWRITE, &amp;mbi.Protect );
      void* pvRetn = memcpy( ( void* )pvAddress, ( void* )pvBuffer, stLen );
      VirtualProtect( mbi.BaseAddress, mbi.RegionSize, mbi.Protect, &amp;mbi.Protect );
      FlushInstructionCache( GetCurrentProcess( ), ( void* )pvAddress, stLen );
      return pvRetn;
      }

      cPatch::cPatch(DWORD pAdr,BYTE* pByte,int pSize)
      {
      STATUS = NORMAL;
      SIZE = pSize;
      ADR = pAdr;

      for(int i = 0; i &lt; pSize; i++)
      {
      OFF_BYTES[i] = 0x00;
      ON_BYTES[i] = pByte[i];
      }
      }

      void cPatch::Patch()
      {
      if( STATUS==NORMAL )
      {
      BYTE *pOFF_BYTES = (BYTE*)ADR;
      for( int i = 0; i &lt; SIZE; i++ )
      {
      OFF_BYTES[i] = pOFF_BYTES[i];
      }
      memcpy_s((void*)ADR,(const void*)ON_BYTES,SIZE);
      STATUS=PATCHED;
      }
      }
      void cPatch::Restore()
      {
      if(STATUS==PATCHED)
      {
      memcpy_s((void*)ADR,(const void*)OFF_BYTES,SIZE);
      STATUS=NORMAL;
      }
      }

      [/spoiler]

      main.cpp
      [spoiler]
      /*
      Credits to BlackPitchPL from guidedhacking.com for the cPatch class
      */

      #include &lt;iostream&gt;
      #include &lt;Windows.h&gt;
      #include "cPatch.h"

      #define ADR_COF1 0x0090833b
      #define ADR_COF2 0x0090893e



      int main()
      {
      cPatch COF1 (ADR_COF1,(BYTE*)"\x90",6);
      cPatch COF2 (ADR_COF2,(BYTE*)"\x90",6);
      COF1.Patch();
      COF2.Patch();


      system("PAUSE");
      return 0;
      }
      [/spoiler]

      Before I worry about adding all the "bells and whistles" I'm just trying to get the actual patching part down pat! So excuse any amateur habits you might see (im still a fairly new programmer anyway)

    4. #4
      Coder
      Learning to hack games!
       
      Feeling Normal
       
      xploiitz's Avatar
      Join Date
      Jul 2012
      Posts
      125
      Thanks (-->)
      4
      Thanks (<--)
      15

      Re: A bit of Code Cave help in C++?

      I dont mean to double post, but the edit button seems to have no function on that previous post.... but I was able to edit this post without any issues. Odd. I'm assuming there's a timer to edit old posts like some other forums have.

      Would injecting this as a DLL be a better method than using winAPI functions?? I feel like that would be much less work...??

    5. #5
      Coder
      Learning to hack games!
       
      Feeling Normal
       
      BlackPitchPL's Avatar
      Join Date
      May 2012
      Location
      POLAND
      Posts
      171
      Thanks (-->)
      1
      Thanks (<--)
      14

      Re: A bit of Code Cave help in C++?

      Yep i'm inject my code it's the best way to use it. And you cant just (i mean u can but better) if you put the function for turn off cheat :P. Like
      Code:
      if (Cheat_ON)
      COF1.Patch();
      COF2.Patch();
      else
      COF1.Restore();
      COF2.Restore();

    6. #6
      Coder
      Learning to hack games!
       
      Feeling Normal
       
      xploiitz's Avatar
      Join Date
      Jul 2012
      Posts
      125
      Thanks (-->)
      4
      Thanks (<--)
      15

      Re: A bit of Code Cave help in C++?

      I understand it is better to have an off option, but my goal was to get it running properly before I add in any switches/ menu etc. so tonight when I'll make that DLL and inject and see how it works, if my recoil disappears then everything worked out, and I'll continue with making it nice and pretty and more functional

      Thanks for helping me out man, i'll keep you updated tonight and let you know how it goes.

    7. #7
      Coder
      Learning to hack games!
       
      Feeling Normal
       
      xploiitz's Avatar
      Join Date
      Jul 2012
      Posts
      125
      Thanks (-->)
      4
      Thanks (<--)
      15

      Re: A bit of Code Cave help in C++?

      Well, I just wanna say thank you BlackPitchPL. This is officially my first hack (even though I owe you most of it because This was only possible due to YOUR class).

      So this Works wonderfully, and I feel really good about it.

      Is this really a code cave though? or just a patch for the function? Looking at the class source this appears to be a patch. Now im not bashing what you have given me, as I am very grateful.

      But as my next step I would like to turn this into a code cave! That was my original goal anyway.

    8. #8
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      Departure's Avatar
      Join Date
      Jun 2012
      Posts
      21
      Thanks (-->)
      0
      Thanks (<--)
      0

      Re: A bit of Code Cave help in C++?

      no this is not a code cave...
      You have patched the address with your patch(nops) if nops work for you then use it, the only real reason you would want a code cave is if you are going to change some assembly..

      A code cave is when you jmp to a place in the code section and execute your own assembly to modify something, after doing that you jmp back, a couple of things to remember is to preserve the bytes(normally 5 bytes for a jmp) you had to write over to make the jmp and then also preserve the registers Pushad(push register value onto the stack) and then Popad(Move stack values back into registers) before jumping back to continue normal execution

    9. #9
      Coder
      Learning to hack games!
       
      Feeling Normal
       
      xploiitz's Avatar
      Join Date
      Jul 2012
      Posts
      125
      Thanks (-->)
      4
      Thanks (<--)
      15

      Re: A bit of Code Cave help in C++?

      Alright cool, that clears things up. Yes NOPing works for me right now, but I'm trying to make this as hidden as possible Id hate to get banned. So since I'm injecting a DLL, I think all I can do is some method of module cloaking/hiding, which from the bit of research I have done seems like quite a trivial task for someone at my level. (I'm not very experienced with winAPI functions)

      Are there any other methods you can suggest before I take a wack at module cloaking?

    10. #10
      Coder
      Learning to hack games!
       
      Feeling Normal
       
      BlackPitchPL's Avatar
      Join Date
      May 2012
      Location
      POLAND
      Posts
      171
      Thanks (-->)
      1
      Thanks (<--)
      14

      Re: A bit of Code Cave help in C++?

      Cheats'n'Trainers
      for protection of code use crypt and pack dll with Themida it will protect dll

    Similar Game Hacker Threads

    1. [Help] C++ ESP AIMBOT SOURCE CODE GDI Drawing Source Code Help Please
      By PimpinRice in forum GH Tutorials Help
      Replies: 10
      Last Post: 10-25-2014, 04:14 PM
    2. [Help] Code Cave Patching - Always Something!
      By Nether in forum C/C++
      Replies: 2
      Last Post: 01-06-2014, 12:52 AM