Solved Problem in Mid Function Hooking / Code Caving

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

bolla

Newbie
Full Member
Mar 2, 2013
7
192
0
Hello, I downloaded the source code,(from this web) of the tutorial about Mid Function Hooking / Code Caving, when i injected it, the Addy for ammo was = 05, that's an error with Fleep's signature.

I changed it to mine, then it showed the right Ammo address,but, when i click to see if the ammo increments, the game crashes with error :

ijXO3ux.jpg


Btw, the funny part is that the first time I injected it i could fly, then i closed assault cube , opened it, inject, and i couldn't.

List Of Problems:
  • Game Crashes when i shoot
  • I cant fly,(GAME DOESNT CRASH)
  • When i Go to cheat engine to see where it jumps, i get at the jumped address : "??" (Without the quotes)

I've tried a lot of workarounds, using
C++:
AllocConsole()
with Debugging messages and i cant get it to work,That's why I'm here now.
---------------------------------------------------------------------------------------





yx8gPyx.png





-------------------------------------------------------------------------------------
Thx for your reading and attention . See ya.
 
Last edited:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,073
78,998
2,371
You got to show us a bit more code.

How does your hook look like, where are you trying to hook etc. :)
 

bolla

Newbie
Full Member
Mar 2, 2013
7
192
0
You got to show us a bit more code.

How does your hook look like, where are you trying to hook etc. :)
The code is Fleep's source code but, I'll show:

C++:
/*****************UNLIMITED AMMO************************/
	//BY changing a DEC to INC in assembly

	//Find the instruction that accesses our Yaxis, our pattern scan ensures we can find it every time
	DWORD ammoAddy = FindPattern("ac_client.exe", "\x89\x0A\x8B\x76\x14\xFF\x0E", "xxxxxxx");
	//This is because we pattern scanned a earlier to get a unique pattern
	//and the pattern that we get is e.g.
	//463274 and we want 463279 which is 5 bytes ahead
	ammoAddy+= 5;
	//MsgBoxAddy(ammoAddy);

	//Where we have to jump back to after we set infinite ammo
	AmmoJmpBack = ammoAddy + 0x7;
	//place jump to set overwrite our ammo instructions
	//instruction is 7 bytes, this is to make sure we don't 
	//leave any instructions out, this will prevent any crashes
	PlaceJMP((BYTE*)ammoAddy, (DWORD)InfiniteAmmo, 7);
Hooks.h (Only Ammo Part)
C++:
DWORD AmmoJmpBack = 0;
__declspec(naked) void InfiniteAmmo() 
{
	//here's where ammo would normally be decreased
	//we will overwrite that instruction with something else
	__asm INC [ESI]
	//Make sure all the original instructions also run(within you're set of bytes)
	//this will prevent any crashing
	__asm push edi
	//When copying instructions from cheat engine/olly make sure to change any numbers to 
	//0x so the compiler knows that its a hexadecimal value e.g. [esp+14] becomes [esp+0x14] 
	__asm mov edi,[esp+0x14] 
	//Jump back to our original code
	__asm jmp [AmmoJmpBack]
}

I think it's failing because with the Olly DBG image I post,we can see that there's no push edi, nor mov edi,[esp + 0x14] .(In his video he had them),and jmpn' 7 bytes when i only have 6 causes the crash. But it's only theory i didnt tried it yet
 

Szaka

Coder
Full Member
Nobleman
Mar 14, 2013
161
718
3
You should write universal mid function hooking code. If u understand function hooking then it shouldnt be a problem
 

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
Breakpoint your hook and step through it with a debugger and see where it crashes?!
 

bolla

Newbie
Full Member
Mar 2, 2013
7
192
0
Ok i got it to work,but now i'm trying to save Ammo address (It's on ESI) by using :
C++:
__asm MOV TotalAmmo,ESI
And then i check whether the user has pressed F1 and then i cout the value:

C++:
if(GetAsyncKeyState(VK_F1))
			std::cout << "Value  Ammo: " <<   *(int*)TotalAmmo <<std::endl;
But when i press F1 game crashes.

Wiith Visual studio JUST-IN-TIME debugger i saw that:
C++:
AMMO = 0

ESI = d5dfebc
Then why the MOV instruction didnt do anything?.


This is the full function I'm using right now:
C++:
DWORD AmmoJmpBack = 0;
DWORD TotalAmmo;
__declspec(naked) void InfiniteAmmo() 
{
	//here's where ammo would normally be decreased
	//we will overwrite that instruction with something else
	//__asm INC [ESI]
	__asm MOV TotalAmmo,ESI
	//Make sure all the original instructions also run(within you're set of bytes)
	//this will prevent any crashing
	__asm push edi
	//When copying instructions from cheat engine/olly make sure to change any numbers to 
	//0x so the compiler knows that its a hexadecimal value e.g. [esp+14] becomes [esp+0x14] 
	__asm mov edi,[esp+0x14] 
	//Jump back to our original code
	__asm jmp [AmmoJmpBack]
}
Thanks in advance.

Bolla.i
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods