• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Page 3 of 6 FirstFirst 12345 ... LastLast
    Results 21 to 30 of 54
    1. #21
      Hacker
      Turning to page 394...
       
      Coding
       
      Liduen's Avatar
      Join Date
      May 2013
      Location
      Germany
      Posts
      713
      Thanks (-->)
      160
      Thanks (<--)
      225
      John Kittz
      Quote Originally Posted by HalfWayToHell333 View Post
      @Fleep ,

      first thanks for this Tutorial(s).

      I have a suggestion for binding in multiple Header´s in Visual C++ wich You mentioned in one of Your Videos.

      If you get an error , You can do this:

      #ifndef BLABLA_H
      #define BLABLA_H

      //Your Code here//

      #endif

      or

      #pragma once

      //Your Code here//

      or what i do:

      create a Globals.h and put every used include´s into this.

      That solves the Problem (at least in my cases )
      Also called IncludeGuard.
      Yep everyone should do that if they haven't done before.
      My contributions
      UrbanTerror | OpenGL - ModelLogger | Polymorphic junk code | Tutorial/Article Collection
      Admiring technological singularity

    2. #22
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      x1jester's Avatar
      Join Date
      Jul 2014
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      1
      Quote Originally Posted by x1jester View Post
      Thanks for the awesome site and tutorial > hey i need a bit of help with mine please!!!! i cant get the y access to work out properly idk what to use for my code instead of yours mine doesnt use esi the top is my start and the top to bottom is where i have the signature set so i think the offset would be -12
      1C5C45 - D9 40 04 - fld dword ptr [eax+04]
      1C5C48 - D9 59 04 - fstp dword ptr [ecx+04]
      1C5C4B - D9 40 08 - fld dword ptr [eax+08]
      1C5C4E - D9 59 08 - fstp dword ptr [ecx+08]
      1C5C51 - EB 2D - jmp kgllib.sqstd_register_bloblib+1C5C80


      \xD9\x40\x04\xD9\x59\x04\xD9\x40\x08\xD9\x59\x08\x EB\x2D
      xxxxxxxxxxxxxx
      DWORD FlyingJmpBack = 0;
      //stores the register's address
      DWORD YaxisRegister = 0x0;
      DWORD YAxisPtr;


      __declspec(naked) void GetPlayerYaxis()
      {
      __asm MOV ECX, [ESI+0x3C]
      __asm MOV YaxisRegister, ESI
      __asm MOV [ESI+0x08],EDX
      __asm jmp [FlyingJmpBack]
      }

      so the example codefor asslut cube is would i change mine to this ?
      __declspec(naked) void GetPlayerYaxis()
      {
      __asm fld dword ptr [EAX+04]
      __asm MOV YaxisRegister,EAX
      __asm fstp dword ptr [ecx+04]
      __asm jmp [FlyingJmpBack]
      }

      the example
      DWORD flyAddy = FindPattern("ac_client.exe", "\x8B\x4E\x3C\x89\x56\x08", "xxxxxx");
      //MsgBoxAddy(flyAddy);

      //Where we have to jump back to after we take the y axis
      FlyingJmpBack = flyAddy + 0x6;
      //place jump to grab our Y axis so we can fly
      //instruction is 6 bytes because we are replacing 2 instructions
      PlaceJMP((BYTE*)flyAddy, (DWORD)GetPlayerYaxis, 6);
      }
      DWORD WINAPI OverwriteValues()
      YAxisPtr = YaxisRegister + 0x3C;

      my code



      //Find the instruction that accesses our Yaxis, our pattern scan ensures we can find it every time
      DWORD flyAddy = FindPattern("i.exe", "\xD9\x40\x04\xD9\x59\x04\xD9\x40\x08\xD9\x59\x08\ xEB\x2D", "xxxxxxxxxxxxxx");
      //MsgBoxAddy(flyAddy);
      flyAddy-=12;
      //Where we have to jump back to after we take the y axis
      FlyingJmpBack = flyAddy + 0x6;
      //place jump to grab our Y axis so we can fly
      //instruction is 6 bytes because we are replacing 2 instructions
      PlaceJMP((BYTE*)flyAddy, (DWORD)GetPlayerYaxis, 6);
      }
      YAxisPtr = YaxisRegister + 0x04;

      so my question is did i change that stuff correctly and if so do i still have to change anything in functions since my is dword ptr and your code changes what ever to dword ptr?
      and is there any suggustion how i can get this to work in my game by changing your code instead of writing new code?

      //Print our pattern scan results if necessary
      void MsgBoxAddy(DWORD addy)
      {
      char szBuffer[1024];
      sprintf(szBuffer, "Addy: %02x", addy);
      MessageBox(NULL, szBuffer, "Title", MB_OK);
      }



      #pragma region Mid Function Hook/Code cave
      /*Credits to InSaNe on MPGH for the original function*/
      //We make Length at the end optional as most jumps will be 5 or less bytes
      void PlaceJMP(BYTE *Address, DWORD jumpTo, DWORD length = 5)
      {
      DWORD dwOldProtect, dwBkup, dwRelAddr;

      //give that address read and write permissions and store the old permissions at oldProtection
      VirtualProtect(Address, length, PAGE_EXECUTE_READWRITE, &dwOldProtect);

      // Calculate the "distance" we're gonna have to jump - the size of the JMP instruction
      dwRelAddr = (DWORD) (jumpTo - (DWORD) Address) - 5;

      // Write the JMP opcode @ our jump position...
      *Address = 0xE9;

      // Write the offset to where we're gonna jump
      //The instruction will then become JMP ff002123 for example
      *((DWORD *)(Address + 0x1)) = dwRelAddr;

      // Overwrite the rest of the bytes with NOPs
      //ensuring no instruction is Half overwritten(To prevent any crashes)
      for(DWORD x = 0x5; x < length; x++)
      *(Address + x) = 0x90;

      // Restore the default permissions
      VirtualProtect(Address, length, dwOldProtect, &dwBkup);
      }


      #pragma endregion



      #pragma region PATTERN SCANNING
      //Get all module related info, this will include the base DLL.
      //and the size of the module
      MODULEINFO GetModuleInfo( char *szModule )
      {
      MODULEINFO modinfo = {0};
      HMODULE hModule = GetModuleHandle(szModule);
      if(hModule == 0)
      return modinfo;
      GetModuleInformation(GetCurrentProcess(), hModule, &modinfo, sizeof(MODULEINFO));
      return modinfo;
      }


      DWORD FindPattern(char *module, char *pattern, char *mask)
      {
      //Get all module related information
      MODULEINFO mInfo = GetModuleInfo(module);

      //Assign our base and module size
      //Having the values right is ESSENTIAL, this makes sure
      //that we don't scan unwanted memory and leading our game to crash
      DWORD base = (DWORD)mInfo.lpBaseOfDll;
      DWORD size = (DWORD)mInfo.SizeOfImage;

      //Get length for our mask, this will allow us to loop through our array
      DWORD patternLength = (DWORD)strlen(mask);

      for(DWORD i = 0; i < size - patternLength; i++)
      {
      bool found = true;
      for(DWORD j = 0; j < patternLength; j++)
      {
      //if we have a ? in our mask then we have true by default,
      //or if the bytes match then we keep searching until finding it or not
      found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
      }

      //found = true, our entire pattern was found
      //return the memory addy so we can write to it
      if(found)
      {
      return base + i;
      }
      }

      return NULL;
      }
      Last edited by x1jester; 08-08-2014 at 01:16 PM.

    3. #23
      Jr.Coder
      Learning to hack games!
       
      No Status
       
      HalfWayToHell333's Avatar
      Join Date
      Jun 2014
      Posts
      82
      Thanks (-->)
      20
      Thanks (<--)
      23
      @x1jester

      I could be wrong , but your Searchpattern looks very long , did You got the right Singal ?

    4. #24
      Newbie
      Learning to hack games!
       
      Feeling Normal
       
      x1jester's Avatar
      Join Date
      Jul 2014
      Posts
      5
      Thanks (-->)
      0
      Thanks (<--)
      1
      Quote Originally Posted by HalfWayToHell333 View Post
      @x1jester

      I could be wrong , but your Searchpattern looks very long , did You got the right Singal ?
      yea that was the only way to get 1 search reslut.. but i dont know how to code the dll at all i just gave up no worries
      guess i have to re find y every time i start the game for my self
      super lame but cant do anything about it because theres other part of that y axis dll i would need to change im sure because their code changes it to dword but mines already dword right?

    5. #25
      Jr.Coder
      Learning to hack games!
       
      No Status
       
      HalfWayToHell333's Avatar
      Join Date
      Jun 2014
      Posts
      82
      Thanks (-->)
      20
      Thanks (<--)
      23
      To check if you got the right Adress

      just do this:

      //Find the instruction that accesses our Yaxis, our pattern scan ensures we can find it every time
      DWORD flyAddy = FindPattern("i.exe", "\xD9\x40\x04\xD9\x59\x04\xD9\x40\x08\xD9\x59\ x08\ xEB\x2D", "xxxxxxxxxxxxxx");

      //flyAddy-=12;//do no changes to the flyAddy!
      MsgBoxAddy(flyAddy); //uncomment this ,it will display the current Adress , compare it to the Adress you found with Cheat Engine , and recalculate , that`s how i solved a similar Problem

      //Where we have to jump back to after we take the y axis
      FlyingJmpBack = flyAddy + 0x6;
      //place jump to grab our Y axis so we can fly
      //instruction is 6 bytes because we are replacing 2 instructions
      PlaceJMP((BYTE*)flyAddy, (DWORD)GetPlayerYaxis, 6);
      }

    6. #26
      Newbie
      I have no stati.
       
      Hacking
       
      kosyumote's Avatar
      Join Date
      Nov 2014
      Posts
      1
      Thanks (-->)
      0
      Thanks (<--)
      0
      Does anyone know if this would work:

      instead of looping infinitely, set up a low level hook (SetWindowsHookEx with idHook = WH_KEYBOARD_LL) to scan for the appropriate button press. Is there even a difference in functionality between the two, or does SetWindowsHookEx work more efficiently?

      EDIT: reading a bit more, it seems that the hook set up with SetWindowsHookEx only calls when "a new keyboard input event is about to be posted into a thread input queue." So assuming you're clicking less than 60000/150 = 400 times a minute, the windowshook is a little better. Don't really feel like testing this out, but if i run into a situation where this is useful I might remember to edit this comment.
      Last edited by kosyumote; 11-02-2014 at 02:23 AM.

    7. #27
      Global Moderator
      give me my colorz back
      FeelsBadMan
       
      Coding
       
      till0sch's Avatar
      Join Date
      Oct 2012
      Location
      Germany.
      Posts
      1,167
      Thanks (-->)
      179
      Thanks (<--)
      338
      Will these people one day notice that there are [code] tags

    8. Thanks Liduen, squeenie thanked for this post
    9. #28
      Newbie
      Learning to hack games!
       
      Sad
       
      it-ty's Avatar
      Join Date
      Jan 2015
      Posts
      26
      Thanks (-->)
      11
      Thanks (<--)
      0
      DWORD ammoAddy = FindPattern("ac_client.exe", "\x89\x0A\x8B\x76\x14\xFF\x0E", "xxxxxxx");
      ammoAddy+= 5;
      AmmoJmpBack = ammoAddy + 0x7;
      PlaceJMP((BYTE*)ammoAddy, (DWORD)InfiniteAmmo, 7);


      if i will mod. code back default code with hotkey ????

    10. #29
      Administrator
      Hacked By Jesus
       
      Reversing
       
      [GH]Rake's Avatar
      Join Date
      Jan 2014
      Location
      USA
      Posts
      2,953
      Thanks (-->)
      637
      Thanks (<--)
      884
      Quote Originally Posted by it-ty View Post
      DWORD ammoAddy = FindPattern("ac_client.exe", "\x89\x0A\x8B\x76\x14\xFF\x0E", "xxxxxxx");
      ammoAddy+= 5;
      AmmoJmpBack = ammoAddy + 0x7;
      PlaceJMP((BYTE*)ammoAddy, (DWORD)InfiniteAmmo, 7);


      if i will mod. code back default code with hotkey ????
      I don't understand what you're asking

    11. #30
      Hacker
      shell toes yes
       
      Lagging
       
      squeenie's Avatar
      Join Date
      Mar 2013
      Posts
      717
      Thanks (-->)
      598
      Thanks (<--)
      221
      CheatTheGame
      Quote Originally Posted by AnomanderRake View Post
      I don't understand what you're asking
      I think he wants to be able to toggle it.

      Quote Originally Posted by it-ty View Post
      DWORD ammoAddy = FindPattern("ac_client.exe", "\x89\x0A\x8B\x76\x14\xFF\x0E", "xxxxxxx");
      ammoAddy+= 5;
      AmmoJmpBack = ammoAddy + 0x7;
      PlaceJMP((BYTE*)ammoAddy, (DWORD)InfiniteAmmo, 7);


      if i will mod. code back default code with hotkey ????
      Rewrite the original bytes and it will no longer jump

    12. Thanks it-ty thanked for this post
    Page 3 of 6 FirstFirst 12345 ... LastLast

    Similar Game Hacker Threads

    1. Mid function hooking
      By c5 in forum Tutorials and Snippets
      Replies: 10
      Last Post: 01-29-2017, 08:03 PM
    2. [VideoTutorial] C++ Detour / Hooking Function Tutorial for Game Hacking
      By [GH]Rake in forum GH Hack Video Tutorials
      Replies: 26
      Last Post: 12-29-2016, 06:48 PM
    3. [Help] Mid Function Hooking
      By ranseier in forum Hacking Help
      Replies: 4
      Last Post: 10-21-2015, 07:27 AM
    4. [Help] Unable to get mid-function codecaving to work with this game
      By SICGames88 in forum GH Tutorials Help
      Replies: 10
      Last Post: 09-10-2015, 07:04 PM
    5. [Help] C++ Mid Function Hooking/Codecaving Tutorial
      By Brackston in forum GH Tutorials Help
      Replies: 12
      Last Post: 12-04-2013, 03:19 PM

    Tags for this Thread