• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Results 1 to 3 of 3
    1. #1
      The Angel Of Verdun
      Always More To Code!
       
      Lurking
       
      Nether's Avatar
      Join Date
      Dec 2013
      Location
      England, SW
      Posts
      299
      Thanks (-->)
      54
      Thanks (<--)
      186

      Code Cave Patching - Always Something!

      John Kittz
      Hey Guys,

      I was really hesitant to ask for help but this is driving me insane, I can seem to write my Bytes In The jump/cave correctly(ish) it seems to write 0x00 a few more times pushing/overwriting my return jump address/bytes - i actualy had it working earlier just a mis calculation on the return but that has been sorted now but i cannot remember how i did it - i know its due to the data types or maybe an error with the maths but its been hard to sleep as I cant stop thinking about this, I will attach my source and pictures to explain better what happens.

      Before Anything (Memory).
      Code Cave Patching - Always Something!

      Code Injected/Cave Created.
      Code Cave Patching - Always Something!

      The Jump Followed.
      Code Cave Patching - Always Something!

      Jump Returns Correct Address For Return (although its +1 in memory than it should be im sure thats just me going abit to far with maths) - if i dont write any bytes to the cave.
      Code Cave Patching - Always Something!

      Now I have been trying to Solve this for hours now :L

      Spoiler: Source Code


      WRITE MEMORY FUNCTION
      	//WRITE MEMORY
      template <class cData>

      void write(DWORD (Address), cData ValueToWrite)
      {
      VirtualProtectEx(hProcess, (LPVOID)(Address), sizeof(ValueToWrite), PAGE_EXECUTE_READWRITE, &Prot); // Remove protection on protected addresses
      WriteProcessMemory(hProcess, (LPVOID)(Address), &ValueToWrite, sizeof(cData), NULL);
      VirtualProtectEx(hProcess, (LPVOID)(Address), sizeof(ValueToWrite), Prot, new DWORD); // Restore protection to address after write
      }


      NOP FUNCTION

      void Patch(DWORD Address, int size){

      DWORD PT = 0x90;

      for(int i = 0; i < size; i++){
      DWORD TMP = Address + i;
      WriteProcessMemory(hProcess, (LPVOID)TMP, &PT, sizeof(BYTE), NULL);
      }
      }




      DWORD ProcMem::Jump(DWORD Address, DWORD Bytes[]){

      int size = sizeof(Bytes);

      //Create CodeCave
      DWORD CodeCave = NULL; // initialize variable
      CodeCave = (DWORD)VirtualAllocEx(hProcess, NULL, 512, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE); // Allocate memory for us to use and grab the start address of that page(CAVE)

      //calculate jump/return in BYTES
      DWORD RetJmp = ((DWORD)Address + 5);


      //Writing To The CodeCave
      DWORD JMP = 0xE9; // JMP OpCode/Byte
      write<DWORD>((DWORD)CodeCave + size, JMP); //write E9 as first byte (JMP) (after written bytes) - to the first address of the allocated page
      write<DWORD>((DWORD)CodeCave + size + 1, RetJmp); //after E9(First Byte) write the jmp back address in bytes that we got with RetJmp. {maybe loop this}

      //Calculate Bytes For JMP From First Address in BYTES
      DWORD BaseJmp = CodeCave - ((DWORD)Address + 5);

      //if the size of the array is 5 bytes or more it will NOP the next address
      if(size >= 5){
      Patch((DWORD)Address +5, 1);
      }

      // info to jump from first address
      write<DWORD>((DWORD)Address, JMP); //Base Address, Write E9 For Jump
      write<DWORD>((DWORD)Address +1, BaseJmp); // Write The next byte++ of the address were jumping from with BaseJmp Bytes(Calculated To CodeCave Address)

      return CodeCave; //Return CodeCave Address That We Wrote To So We Can DeAllocate Later
      }

      BOOL ProcMem::Inject(DWORD Address, DWORD Bytes[]){

      DWORD TMP = Jump((DWORD)Address, Bytes);

      for(int i = 0; i <sizeof(Bytes); i++){
      write<DWORD>((DWORD)TMP+i, Bytes[i]); // overwrites my Jump Back and other Bytes
      }

      return true;
      }



      DWORD BB[] = {0xC7, 0x46, 0x3C, 0x00, 0x00, 0x00, 0x00};
      mem.Inject(0x76999B, BB);




      Maybe I should use just WriteProcessMemory to make sure its not my write function - ill give it a try now and update back here.

      its very fustrating as i keep getting close then getting Something goes wrong, i havnt been able to sleep in awhile so maybe its something stupid - but yeah i tried for for like 2 days with this maybe i should of spent some more time on it i just kind of really want to know where im going wrong here as well Ill be trying to be working with memory a lot.

      honestly this is probably due to lack of sleep but feel free to take a look
      Last edited by Nether; 01-06-2014 at 01:10 AM.
      No Need For Anything Extravagant, Your Blood As A Present Shall Suffice.

    2. #2
      Kim Kong Trasher
      I don't have status.
       
      Raging
       
      c5's Avatar
      Join Date
      Jul 2012
      Location
      Mankei Iland
      Posts
      1,221
      Thanks (-->)
      97
      Thanks (<--)
      491
      From a quick look retJmp looks wrong you want to calculate it like you did with the other jump. I'm on my phone though, can't say much more
      Code Cave Patching - Always Something!

    3. #3
      The Angel Of Verdun
      Always More To Code!
       
      Lurking
       
      Nether's Avatar
      Join Date
      Dec 2013
      Location
      England, SW
      Posts
      299
      Thanks (-->)
      54
      Thanks (<--)
      186
      Cheats'n'Trainers
      Quote Originally Posted by c5 View Post
      From a quick look retJmp looks wrong you want to calculate it like you did with the other jump. I'm on my phone though, can't say much more
      you were right about the RetJmp - got it partly working but i need to perfect it .
      @crazywink thread can be closed
      Attached Thumbnails Attached Thumbnails rbx2.png  
      Last edited by Nether; 01-06-2014 at 02:32 AM.
      No Need For Anything Extravagant, Your Blood As A Present Shall Suffice.

    Similar Game Hacker Threads

    1. [Help] C++ ESP AIMBOT SOURCE CODE GDI Drawing Source Code Help Please
      By PimpinRice in forum GH Tutorials Help
      Replies: 10
      Last Post: 10-25-2014, 04:14 PM
    2. A bit of Code Cave help in C++?
      By xploiitz in forum C/C++
      Replies: 9
      Last Post: 07-28-2012, 01:18 AM

    Tags for this Thread