• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Results 1 to 6 of 6
    1. #1
      Newbie
      Eating donnas
       
      Raging
       
      bolla's Avatar
      Join Date
      Mar 2013
      Posts
      7
      Thanks (-->)
      2
      Thanks (<--)
      0

      Angry Problem in Mid Function Hooking / Code Caving

      John Kittz
      Hello, I downloaded the source code,(from this web) of the tutorial about Mid Function Hooking / Code Caving, when i injected it, the Addy for ammo was = 05, that's an error with Fleep's signature.

      I changed it to mine, then it showed the right Ammo address,but, when i click to see if the ammo increments, the game crashes with error :

      Click image for larger version. 

Name:	ijXO3ux.jpg 
Views:	20 
Size:	177.3 KB 
ID:	2299


      Btw, the funny part is that the first time I injected it i could fly, then i closed assault cube , opened it, inject, and i couldn't.

      List Of Problems:
      • Game Crashes when i shoot
      • I cant fly,(GAME DOESNT CRASH)
      • When i Go to cheat engine to see where it jumps, i get at the jumped address : "??" (Without the quotes)


      I've tried a lot of workarounds, using
      AllocConsole()
      with Debugging messages and i cant get it to work,That's why I'm here now.
      ---------------------------------------------------------------------------------------





      Click image for larger version. 

Name:	yx8gPyx.png 
Views:	13 
Size:	41.6 KB 
ID:	2300





      -------------------------------------------------------------------------------------
      Thx for your reading and attention . See ya.
      Last edited by bolla; 12-25-2013 at 02:47 PM.

    2. #2
      Learning to hack games!
       
      Feeling Normal
       
      's Avatar
      Join Date
      Jan 1970
      Posts
      0
      Thanks (-->)
      294
      Thanks (<--)
      328
      You got to show us a bit more code.

      How does your hook look like, where are you trying to hook etc.

    3. #3
      Newbie
      Eating donnas
       
      Raging
       
      bolla's Avatar
      Join Date
      Mar 2013
      Posts
      7
      Thanks (-->)
      2
      Thanks (<--)
      0
      Quote Originally Posted by Agent Smith View Post
      You got to show us a bit more code.

      How does your hook look like, where are you trying to hook etc.
      The code is Fleep's source code but, I'll show:


      /*****************UNLIMITED AMMO************************/
      //BY changing a DEC to INC in assembly

      //Find the instruction that accesses our Yaxis, our pattern scan ensures we can find it every time
      DWORD ammoAddy = FindPattern("ac_client.exe", "\x89\x0A\x8B\x76\x14\xFF\x0E", "xxxxxxx");
      //This is because we pattern scanned a earlier to get a unique pattern
      //and the pattern that we get is e.g.
      //463274 and we want 463279 which is 5 bytes ahead
      ammoAddy+= 5;
      //MsgBoxAddy(ammoAddy);

      //Where we have to jump back to after we set infinite ammo
      AmmoJmpBack = ammoAddy + 0x7;
      //place jump to set overwrite our ammo instructions
      //instruction is 7 bytes, this is to make sure we don't
      //leave any instructions out, this will prevent any crashes
      PlaceJMP((BYTE*)ammoAddy, (DWORD)InfiniteAmmo, 7);


      Hooks.h (Only Ammo Part)

      DWORD AmmoJmpBack = 0;
      __declspec(naked) void InfiniteAmmo()
      {
      //here's where ammo would normally be decreased
      //we will overwrite that instruction with something else
      __asm INC [ESI]
      //Make sure all the original instructions also run(within you're set of bytes)
      //this will prevent any crashing
      __asm push edi
      //When copying instructions from cheat engine/olly make sure to change any numbers to
      //0x so the compiler knows that its a hexadecimal value e.g. [esp+14] becomes [esp+0x14]
      __asm mov edi,[esp+0x14]
      //Jump back to our original code
      __asm jmp [AmmoJmpBack]
      }



      I think it's failing because with the Olly DBG image I post,we can see that there's no push edi, nor mov edi,[esp + 0x14] .(In his video he had them),and jmpn' 7 bytes when i only have 6 causes the crash. But it's only theory i didnt tried it yet

    4. #4
      Coder
      Kappa
       
      Hacking
       
      Szaka's Avatar
      Join Date
      Mar 2013
      Posts
      168
      Thanks (-->)
      1
      Thanks (<--)
      6
      You should write universal mid function hooking code. If u understand function hooking then it shouldnt be a problem

    5. #5
      Global Moderator
      give me my colorz back
      FeelsBadMan
       
      Coding
       
      till0sch's Avatar
      Join Date
      Oct 2012
      Location
      Germany.
      Posts
      1,168
      Thanks (-->)
      179
      Thanks (<--)
      340
      Breakpoint your hook and step through it with a debugger and see where it crashes?!

    6. #6
      Newbie
      Eating donnas
       
      Raging
       
      bolla's Avatar
      Join Date
      Mar 2013
      Posts
      7
      Thanks (-->)
      2
      Thanks (<--)
      0
      Cheats'n'Trainers
      Ok i got it to work,but now i'm trying to save Ammo address (It's on ESI) by using :

      __asm MOV TotalAmmo,ESI


      And then i check whether the user has pressed F1 and then i cout the value:


      if(GetAsyncKeyState(VK_F1))
      std::cout << "Value Ammo: " << *(int*)TotalAmmo <<std::endl;


      But when i press F1 game crashes.

      Wiith Visual studio JUST-IN-TIME debugger i saw that:

      AMMO = 0

      ESI = d5dfebc

      Then why the MOV instruction didnt do anything?.


      This is the full function I'm using right now:

      DWORD AmmoJmpBack = 0;
      DWORD TotalAmmo;
      __declspec(naked) void InfiniteAmmo()
      {
      //here's where ammo would normally be decreased
      //we will overwrite that instruction with something else
      //__asm INC [ESI]
      __asm MOV TotalAmmo,ESI
      //Make sure all the original instructions also run(within you're set of bytes)
      //this will prevent any crashing
      __asm push edi
      //When copying instructions from cheat engine/olly make sure to change any numbers to
      //0x so the compiler knows that its a hexadecimal value e.g. [esp+14] becomes [esp+0x14]
      __asm mov edi,[esp+0x14]
      //Jump back to our original code
      __asm jmp [AmmoJmpBack]
      }



      Thanks in advance.

      Bolla.i
      Last edited by bolla; 12-26-2013 at 05:51 AM.

    Similar Game Hacker Threads

    1. Mid function hooking
      By c5 in forum Tutorials and Snippets
      Replies: 10
      Last Post: 01-29-2017, 08:03 PM
    2. [Help] Mid Function Hooking in C#?
      By ranseier in forum C#
      Replies: 2
      Last Post: 04-04-2016, 12:49 AM
    3. [Help] Proper/Easy To Read example of Code Caving.
      By Alaygro in forum Hacking Help
      Replies: 7
      Last Post: 12-27-2015, 07:31 AM
    4. [Help] Chat Function Hooking
      By Lovelace in forum C/C++
      Replies: 6
      Last Post: 11-29-2015, 08:10 PM
    5. [Help] Mid Function Hooking
      By ranseier in forum Hacking Help
      Replies: 4
      Last Post: 10-21-2015, 07:27 AM

    Tags for this Thread