• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Page 1 of 2 12 LastLast
    Results 1 to 10 of 13
    1. #1
      Newbie
      Trollin IRL
       
      Amused
       
      Brackston's Avatar
      Join Date
      Dec 2013
      Posts
      9
      Thanks (-->)
      0
      Thanks (<--)
      1

      C++ Mid Function Hooking/Codecaving Tutorial

      John Kittz
      Hi! I have been following your tutorials for a little while now and have not been having much trouble until now. My issue is that the code I inject in this tutorial crashes the game whenever I try and fire my weapon. I get a successful inject. I was able to get .dll injection to work with the signature scanning tutorial and get my modifications to successfully work. The issue I think I am having is in the byte count or code with the memory lines. I will just go ahead and show you. I have uploaded screenshots to show you what I see on my screen.

      I have found the ammo decrement and you can see it here in this picture. Click image for larger version. 

Name:	OllyDB ammo ss.PNG 
Views:	25 
Size:	4.4 KB 
ID:	2210

      I can get a single signature by scanning just the decrement line and and the 1 line below it. This screenshot shows the highlighted lines used in the scan and results. Click image for larger version. 

Name:	Ollydbg ammo sig scan ss.PNG 
Views:	34 
Size:	36.2 KB 
ID:	2211

      From looking at the screenshot above I notice that from the starting line to where I want to end is 6 bytes away.

      FF OE
      8D 74 24 | 24

      My reasoning here is that the jump is 5 bytes which would leave the final 24 unaccounted for. You have to change this to be included or the game may crash because it will not know how to handle that last byte.

      in fleeps tutorial his count was seven so I had to change the number in the code to match my set of variables. which can be seen here Attachment 2215

      finally we get to what is my version of the set of instructions in the asm section of the code. I write out the original instruction and change what I want to change. That can be seen here. Click image for larger version. 

Name:	Ollydbg replacement code in c++.PNG 
Views:	70 
Size:	4.4 KB 
ID:	2213


      Thanks for all your great work. You make this stuff very easy to follow. I feel like I am really close to getting this solved and am just missing some minor details. I have followed many of your other tutorials with great success. Thanks again.
      Attached Thumbnails Attached Thumbnails InitiateHooks ammo code.PNG  
      Last edited by Brackston; 12-02-2013 at 07:42 AM. Reason: uploaded wrong screenshot of initiate hooks

    2. #2
      Patience you must have, my young padawan!
      Yoda be like: unce unce wub
      wub wub
       
      Coding
       
      Truth's Avatar
      Join Date
      Nov 2012
      Posts
      309
      Thanks (-->)
      19
      Thanks (<--)
      29
      Just looking at the tutorial.. the asm you got is

      _asm lea esi, [esp+0x24]


      When it should be

      __asm mov edi, [esp+0x24]


      With the 2 underscores

      Also you are missing the push edi

      Hope this helps

      Edit: Also you only have 1 underscore for the
      _declspec
      should be 2 underscores

      Though I am not sure if it matters but I assume so
      Last edited by Truth; 12-02-2013 at 05:19 AM.

    3. #3
      Newbie
      Trollin IRL
       
      Amused
       
      Brackston's Avatar
      Join Date
      Dec 2013
      Posts
      9
      Thanks (-->)
      0
      Thanks (<--)
      1
      Thanks for the reply. I know my asm instructions don't match the tutorial exactly, but that is because my lines of asm in ollydbg are slightly different than the ones used in the tutorial.
      I will write out and show the comparison.

      Tutorial: original code from olly:

      __asm DEC [ESI]
      __asm push edi
      __asm move edi, [esp+0x14]

      My ollydbg original code:

      __asm DEC [ESI]
      __asm lea esi, [esp+0x24]
      there is a call line here, but I don't think it is relevant.

      I didn't realize it was 2 underscores as well. I will test some things out and give your suggestion a try when I get done with my daily activities today. Thanks for the help.
      Last edited by Brackston; 12-02-2013 at 05:51 AM.

    4. #4
      Patience you must have, my young padawan!
      Yoda be like: unce unce wub
      wub wub
       
      Coding
       
      Truth's Avatar
      Join Date
      Nov 2012
      Posts
      309
      Thanks (-->)
      19
      Thanks (<--)
      29
      I see yea.. didn't notice on that they was different.. thought you was following the tutorial. My mistake! (really tired) :P

      Good luck!

    5. #5
      Newbie
      Trollin IRL
       
      Amused
       
      Brackston's Avatar
      Join Date
      Dec 2013
      Posts
      9
      Thanks (-->)
      0
      Thanks (<--)
      1
      I uploaded the wrong screenshot earlier at the initiate hooks part of my post. I have updated the original screenshot to be accurate...sorry for the miscommunication.

      it is still showing the wrong one in the attatched thumbnails, but you can just ignore that one. The correct one has been inserted into the post.
      Last edited by Brackston; 12-02-2013 at 07:47 AM.

    6. #6
      Hacker
      ^.^
       
      Eating
       
      NTvalk's Avatar
      Join Date
      Jul 2013
      Location
      Your RAM
      Posts
      512
      Thanks (-->)
      176
      Thanks (<--)
      145
      two underscores or one doesn't matter, just saying.

    7. Thanks till0sch thanked for this post
    8. #7
      Patience you must have, my young padawan!
      Yoda be like: unce unce wub
      wub wub
       
      Coding
       
      Truth's Avatar
      Join Date
      Nov 2012
      Posts
      309
      Thanks (-->)
      19
      Thanks (<--)
      29
      Quote Originally Posted by NTvalk View Post
      two underscores or one doesn't matter, just saying.

      That's good to know.. I was not sure as I Have not used asm in c++ yet

    9. #8
      Kim Kong Trasher
      I don't have status.
       
      Raging
       
      c5's Avatar
      Join Date
      Jul 2012
      Location
      Mankei Iland
      Posts
      1,221
      Thanks (-->)
      97
      Thanks (<--)
      491
      Step through the code and make sure it jumps back to the right position.

      Also I don't see the purpose of hooking here, if you can simply do a one byte patch on the code itself. DEC -> INC
      C++ Mid Function Hooking/Codecaving Tutorial

    10. #9
      Newbie
      Trollin IRL
       
      Amused
       
      Brackston's Avatar
      Join Date
      Dec 2013
      Posts
      9
      Thanks (-->)
      0
      Thanks (<--)
      1
      Hey c5. Thanks for the help. I started sorting through the code and could not find anything wrong at all. I went through and rewrote each section at a time and then injected the dll after each change to try and troubleshoot this. I had no luck whatsoever until I rewrote the void InitiateHooks() section of the code. Once that part was rewritten everything was working fine. I am still not sure what the exact problem was though. I compared my new InitiateHooks() section with what I had before and they are exactly the same . I left the rewritten code pasted in the bottom of the post if you wanna look at it and compare it to my screenshot from earlier.


      void InitiateHooks()
      {

      DWORD ammoAddy = FindPattern("ac_client.exe", "\xFF\x0E\x8D\x74\x24\x24", "xxxxxx");

      ammoAddy += 0;
      MsgBoxAddy(ammoAddy);

      AmmoJmpBack = ammoAddy + 0x6;

      PlaceJMP((BYTE*)ammoAddy, (DWORD)InfiniteAmmo, 6);

      The purpose for doing it this way was just so I could follow and learn the methods in the tutorial.

      I am happy I was able to get it working and feel confident in applying it in other scenarios where needed.

      Once again thanks for all your input and help.
      Last edited by Spock; 12-02-2013 at 03:42 PM.

    11. #10
      Hacker
      ^.^
       
      Eating
       
      NTvalk's Avatar
      Join Date
      Jul 2013
      Location
      Your RAM
      Posts
      512
      Thanks (-->)
      176
      Thanks (<--)
      145
      Cheats'n'Trainers
      Quote Originally Posted by Brackston View Post
      Hey c5. Thanks for the help. I started sorting through the code and could not find anything wrong at all. I went through and rewrote each section at a time and then injected the dll after each change to try and troubleshoot this. I had no luck whatsoever until I rewrote the void InitiateHooks() section of the code. Once that part was rewritten everything was working fine. I am still not sure what the exact problem was though. I compared my new InitiateHooks() section with what I had before and they are exactly the same . I left the rewritten code pasted in the bottom of the post if you wanna look at it and compare it to my screenshot from earlier.


      void InitiateHooks()
      {

      DWORD ammoAddy = FindPattern("ac_client.exe", "\xFF\x0E\x8D\x74\x24\x24", "xxxxxx");

      ammoAddy += 0;
      MsgBoxAddy(ammoAddy);

      AmmoJmpBack = ammoAddy + 0x6;

      PlaceJMP((BYTE*)ammoAddy, (DWORD)InfiniteAmmo, 6);

      The purpose for doing it this way was just so I could follow and learn the methods in the tutorial.

      I am happy I was able to get it working and feel confident in applying it in other scenarios where needed.

      Once again thanks for all your input and help.
      Good to see you got it working, but just so you know, as c5 stated above you can do this in another easier way.
      You can just overwrite the DEC to an INC.

    Page 1 of 2 12 LastLast

    Similar Game Hacker Threads

    1. Mid function hooking
      By c5 in forum Tutorials and Snippets
      Replies: 10
      Last Post: 01-29-2017, 08:03 PM
    2. [VideoTutorial] C++ Detour / Hooking Function Tutorial for Game Hacking
      By [GH]Rake in forum GH Hack Video Tutorials
      Replies: 26
      Last Post: 12-29-2016, 06:48 PM
    3. [Help] Mid Function Hooking
      By ranseier in forum Hacking Help
      Replies: 4
      Last Post: 10-21-2015, 07:27 AM
    4. [Help] Unable to get mid-function codecaving to work with this game
      By SICGames88 in forum GH Tutorials Help
      Replies: 10
      Last Post: 09-10-2015, 07:04 PM
    5. [VideoTutorial] C++ Mid Function Hooking Codecaving Tutorial DIFFICULTY [6/10]
      By Fleep in forum GH Hack Video Tutorials
      Replies: 53
      Last Post: 09-08-2015, 01:58 AM

    Tags for this Thread