Solved Code Cave Patching - Always Something!

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat
Status
Not open for further replies.

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
Hey Guys,

I was really hesitant to ask for help but this is driving me insane, I can seem to write my Bytes In The jump/cave correctly(ish) it seems to write 0x00 a few more times pushing/overwriting my return jump address/bytes - i actualy had it working earlier just a mis calculation on the return but that has been sorted now but i cannot remember how i did it - i know its due to the data types or maybe an error with the maths but its been hard to sleep as I cant stop thinking about this, I will attach my source and pictures to explain better what happens.

Before Anything (Memory).


Code Injected/Cave Created.


The Jump Followed.


Jump Returns Correct Address For Return (although its +1 in memory than it should be im sure thats just me going abit to far with maths) - if i dont write any bytes to the cave.


Now I have been trying to Solve this for hours now :L

WRITE MEMORY FUNCTION
C++:
	//WRITE MEMORY
	template <class cData>
	
	void write(DWORD (Address), cData ValueToWrite)
	{	
		VirtualProtectEx(hProcess, (LPVOID)(Address), sizeof(ValueToWrite), PAGE_EXECUTE_READWRITE, &Prot); // Remove protection on protected addresses	
		WriteProcessMemory(hProcess, (LPVOID)(Address), &ValueToWrite, sizeof(cData), NULL);	
		VirtualProtectEx(hProcess, (LPVOID)(Address), sizeof(ValueToWrite), Prot, new DWORD); // Restore protection to address after write
	}
NOP FUNCTION
C++:
	void Patch(DWORD Address, int size){
	
		DWORD PT = 0x90;
		
		for(int i = 0; i < size; i++){
			DWORD TMP = Address + i;
			WriteProcessMemory(hProcess, (LPVOID)TMP, &PT, sizeof(BYTE), NULL); 
		}
	}

C++:
DWORD ProcMem::Jump(DWORD Address, DWORD Bytes[]){

	int size = sizeof(Bytes);

	//Create CodeCave
	DWORD CodeCave = NULL; // initialize variable
	CodeCave = (DWORD)VirtualAllocEx(hProcess, NULL,  512, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);  // Allocate memory for us to use and grab the start address of that page(CAVE)

	//calculate jump/return in BYTES
      DWORD RetJmp = ((DWORD)Address + 5);
        

	//Writing To The CodeCave
	DWORD JMP = 0xE9; // JMP OpCode/Byte
    write<DWORD>((DWORD)CodeCave + size, JMP); //write E9 as first byte (JMP) (after written bytes) - to the first address of the allocated page
    write<DWORD>((DWORD)CodeCave + size + 1, RetJmp); //after E9(First Byte) write the jmp back address in bytes that we got with RetJmp. {maybe loop this}
	
    //Calculate Bytes For JMP From First Address in BYTES
    DWORD BaseJmp = CodeCave - ((DWORD)Address + 5);
    
    //if the size of the array is 5 bytes or more it will NOP the next address
    if(size >= 5){   
		Patch((DWORD)Address +5, 1);
    }

    // info to jump from first address
    write<DWORD>((DWORD)Address, JMP); //Base Address, Write E9 For Jump
    write<DWORD>((DWORD)Address +1, BaseJmp); // Write The next byte++ of the address were jumping from with BaseJmp Bytes(Calculated To CodeCave Address)
 
	return CodeCave; //Return CodeCave Address That We Wrote To So We Can DeAllocate Later
} 

BOOL ProcMem::Inject(DWORD Address, DWORD Bytes[]){

	DWORD TMP = Jump((DWORD)Address, Bytes);
	
	for(int i = 0; i <sizeof(Bytes); i++){
		write<DWORD>((DWORD)TMP+i, Bytes[i]); // overwrites my Jump Back and other Bytes
	}
	
	return true;
}
C++:
	DWORD BB[] = {0xC7, 0x46, 0x3C, 0x00, 0x00, 0x00, 0x00};
	mem.Inject(0x76999B, BB);

Maybe I should use just WriteProcessMemory to make sure its not my write function - ill give it a try now and update back here.

its very fustrating as i keep getting close then getting Something goes wrong, i havnt been able to sleep in awhile so maybe its something stupid - but yeah i tried for for like 2 days with this maybe i should of spent some more time on it i just kind of really want to know where im going wrong here as well Ill be trying to be working with memory a lot.

honestly this is probably due to lack of sleep but feel free to take a look :)
 
Last edited:

c5

Kim Kong Trasher
Dank Tier VIP
Dank Tier Donator
Jul 19, 2012
1,187
19,938
76
From a quick look retJmp looks wrong you want to calculate it like you did with the other jump. I'm on my phone though, can't say much more
 

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
From a quick look retJmp looks wrong you want to calculate it like you did with the other jump. I'm on my phone though, can't say much more
you were right about the RetJmp - got it partly working but i need to perfect it :D.
crazywink thread can be closed
 

Attachments

You can download 0 Attachments
Last edited:
Status
Not open for further replies.
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods