Administrators Jon Posted November 28, 2004 Administrators Posted November 28, 2004 how do you make .dll's? only c and c++ or.......? Yeah, I used C. I think you can make them in VB/Delphi - not sure though. Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/
layer Posted November 28, 2004 Posted November 28, 2004 (edited) not QBASIC right? you can use ASM right? ive tried making ASM programs, but it looks so much like chinese, like, MOV EAX I ahve no idea what any of that meant poorly put together help file too, i was using GoAsm, so i did html, batch, tried java, now im on auto it and its the easiest right next to batch... qbasic has like the same functions as autoit and how much do like, the C programs cost? EH; my second asm program was this DATA SECTION WRKEEP DD 0 CODE SECTION START: PUSH -11 CALL GetStdHandle PUSH 0, ADDR WRKEEP PUSH 11, 'Hello World' PUSH EAX CALL WriteFile MOV EAX,0 RET this didnt even stay on the screen... and my first was CODE SECTION START: RET this was a do nothing app Edited November 28, 2004 by layer FootbaG
Administrators Jon Posted November 28, 2004 Administrators Posted November 28, 2004 not QBASIC right? you can use ASM right? ive tried making ASM programs, but it looks so much like chinese, like, MOV EAX I ahve no idea what any of that meant poorly put together help file too, i was using GoAsm, so i did html, batch, tried java, now im on auto it and its the easiest right next to batch... qbasic has like the same functions as autoit and how much do like, the C programs cost?I actually used DevCPP to do that one (free).http://www.bloodshed.net/download.html Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/
layer Posted November 28, 2004 Posted November 28, 2004 thanks Jon. I could expand autoit with this eh? FootbaG
faldo Posted November 28, 2004 Author Posted November 28, 2004 (edited) I don't know if the DLL works properly (I couldn't get it to change anything, but you need to know the right addresses - which I don't). The DLL contains two functions for reading/writing bytes given a process PID (you can get this from the RUN function as shown)$pid = Run("notepad.exe") _ProcessWriteByte($pid, 6335173, 0x00) $byte = _ProcessReadByte($pid, 6335173) Func _ProcessReadByte($mypid, $myoffset) $result = DllCall("gamedll.dll", "int", "ProcessReadByte", "int", $mypid, "long", $myoffset) Return $result[0] EndFunc Func _ProcessWriteByte($mypid, $myoffset, $mybyte) $result = DllCall("gamedll.dll", "none", "ProcessWriteByte", "int", $mypid, "long", $myoffset, "int", $mybyte) EndFuncPut the attached dll in the the working directory.<{POST_SNAPBACK}>I thank you for your efforts... and i will test this right away... but i must ask you some things...Where do i put the bytes to be read or written? Since there are no helpfiles for the functions you created... do i have to define $myoffset before this function or do i enter my offset instead of 0x00? Is 6335173 the address? Any other parameters that could be changed of should be changed?*edited*When i try to run this, i get the error telling me that "_ProcessWriteByte" is not a known function... what did i miss? :o/ Edited November 28, 2004 by faldo Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API
Marc Posted November 29, 2004 Posted November 29, 2004 (edited) I don't know if the DLL works properly (I couldn't get it to change anything, but you need to know the right addresses - which I don't).<{POST_SNAPBACK}>Hi Jon,many thanks for your efforts, works great! Tried it on the game "zuma" from PopCap Games, where at Offset $4214f2 the bytes "89 8e c0 00 00 00" exist, which substract one life after you loose a level.For whom it concerns: found this address using CheatEngine, a free game trainer (not only free, but the best existing trainer tool ever!)So...$pid = Run("zuma.exe") for $i = 0 to 5 _ProcessWriteByte($pid, Dec("4214f2")+$i, 0x90) Next Func _ProcessWriteByte($mypid, $myoffset, $mybyte) $result = DllCall("gamedll.dll", "none", "ProcessWriteByte", "int", $mypid, "long", $myoffset, "int", $mybyte) EndFuncAnd - gotcha - you don't loose any more lives!. Great thing May I talk you into including a _GetProcessID function, so the game does not have to be startet from AutoIt? Edit: just saw that the new unstable release has a WinGetProcess function - cool! Best regardsMarc Edited November 29, 2004 by Marc Any of my own codes posted on the forum are free for use by others without any restriction of any kind. (WTFPL)
layer Posted November 29, 2004 Posted November 29, 2004 so you could get any adress for any game? or only certain ones... the site isn't loading for me as of now!! i was at my cusins, it loaded, hten it got really slow and dint load, and now the page isnt laoding at my house... errr FootbaG
faldo Posted November 30, 2004 Author Posted November 30, 2004 I'm still getting the error telling me that "_ProcessWriteByte" is not a known function... could someone please make a simple example of a script accessing the functions within this .dll? I'm really exited to give this a try =o) Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API
Administrators Jon Posted November 30, 2004 Administrators Posted November 30, 2004 I'm still getting the error telling me that "_ProcessWriteByte" is not a known function... could someone please make a simple example of a script accessing the functions within this .dll?I'm really exited to give this a try =o)The example I gave should work if you cut and paste it. If not then something else is very wrong. Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/
faldo Posted November 30, 2004 Author Posted November 30, 2004 The example I gave should work if you cut and paste it. If not then something else is very wrong.<{POST_SNAPBACK}>I understand that i'm doing something wrong... but i can't figure out how _ProcessWriteByte can be a function without having any Func command defining it??? i thought all functions started with "Func" ?My script hangs on the second line:$pid = Run("BF1942.exe") _ProcessWriteByte($pid, 46AFBF, 0x00)Since it sais "_ProcessWriteByte" is an unknown function??? I'm sorry if i'm beeing newbieish, but i'm certainly missing something you guys take for granted :o/ Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API
Administrators Jon Posted November 30, 2004 Administrators Posted November 30, 2004 (edited) I understand that i'm doing something wrong... but i can't figure out how _ProcessWriteByte can be a function without having any Func command defining it??? i thought all functions started with "Func" ?My script hangs on the second line:$pid = Run("BF1942.exe") _ProcessWriteByte($pid, 46AFBF, 0x00)Since it sais "_ProcessWriteByte" is an unknown function??? I'm sorry if i'm beeing newbieish, but i'm certainly missing something you guys take for granted :o/Er yeah, the func is defined up there. There are two functions, both defined with Func/EndFuncAre you sure the error isn't pointing to the 46AFBF which should be 0x46AFBF ? Edited November 30, 2004 by Jon Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/
faldo Posted December 1, 2004 Author Posted December 1, 2004 This is how i see it, please correct point of view... $pid = Run("notepad.exe") _ProcessWriteByte($pid, 6335173, 0x00) <--- What function is this line part of? $byte = _ProcessReadByte($pid, 6335173) <--- What function is this line part of? Func _ProcessReadByte($mypid, $myoffset) <---Start of 1st function $result = DllCall("gamedll.dll", "int", "ProcessReadByte", "int", $mypid, "long", $myoffset) Return $result[0] EndFunc <---End of 1st function Func _ProcessWriteByte($mypid, $myoffset, $mybyte) <---Start of 2nd function $result = DllCall("gamedll.dll", "none", "ProcessWriteByte", "int", $mypid, "long", $myoffset, "int", $mybyte) EndFunc <---End of 2nd function I guess my error is that i'm looking at all this in chronologic order? Is "_ProcessWriteByte" called by a function further down in the script? Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API
Administrators Jon Posted December 2, 2004 Administrators Posted December 2, 2004 Code looks fine. You _have_ downloaded the beta release that contains the DllCall haven't you? I assumed you had as we were talking about dlls and things... Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/
faldo Posted December 6, 2004 Author Posted December 6, 2004 (edited) Code looks fine. You _have_ downloaded the beta release that contains the DllCall haven't you? I assumed you had as we were talking about dlls and things...<{POST_SNAPBACK}>Yes i have... but i still get the error I just can't figure out why it gives me the error :S Edited December 6, 2004 by faldo Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API
SlimShady Posted December 6, 2004 Posted December 6, 2004 Yes i have... but i still get the error I just can't figure out why it gives me the error :S<{POST_SNAPBACK}>Can you try this again, please. And tell us exactly what error message you get.$pid = Run("notepad.exe") _ProcessWriteByte($pid, 6335173, 0x00) $byte = _ProcessReadByte($pid, 6335173) Func _ProcessReadByte($mypid, $myoffset) $result = DllCall("gamedll.dll", "int", "ProcessReadByte", "int", $mypid, "long", $myoffset) Return $result[0] EndFunc Func _ProcessWriteByte($mypid, $myoffset, $mybyte) $result = DllCall("gamedll.dll", "none", "ProcessWriteByte", "int", $mypid, "long", $myoffset, "int", $mybyte) EndFunc
Guest Stork Posted January 4, 2005 Posted January 4, 2005 woot my first post !! Nice little dll, you might want to provide the means to write a defined lenght of bytes in one shot. There are two things you can do when poking game memory, change parameters of the game or change the actual code of the game. In the first case a byte by byte write to change parameters usually has little effect on game stability, but the second can cause you problems. It's my understanding (read: noob to C++ game trainer programing) that the writeMemoryProcess function esentually freezes the execution of the code being injected until the write process is complete. this is done to insure that the program does not access the memory during the write process. If I need to write multiple bytes to a process you'll have to run the writeMemoryProcess function several times which has the potential for a crashed proggy. If for example I needed to change the location of a jump "e9 ab 12 34 56" to "e9 56 43 21 ab", something common with dll injection . I would need to cycle your dll function 4 times to replace "ab 12 34 56" with "56 34 12 ab". Between each cycle of the function the injected process is released and allowed to execute until the next writeMemoryProcess call. If by chance (dumb luck) the injected code trys to execute the memory location where I'm injecting It will most likely crash the program. Something to ponder....
Administrators Jon Posted January 4, 2005 Administrators Posted January 4, 2005 woot my first post !!Nice little dll, you might want to provide the means to write a defined lenght of bytes in one shot.There are two things you can do when poking game memory, change parameters of the game or change the actual code of the game. In the first case a byte by byte write to change parameters usually has little effect on game stability, but the second can cause you problems.It's my understanding (read: noob to C++ game trainer programing) that the writeMemoryProcess function esentually freezes the execution of the code being injected until the write process is complete. this is done to insure that the program does not access the memory during the write process. If I need to write multiple bytes to a process you'll have to run the writeMemoryProcess function several times which has the potential for a crashed proggy.If for example I needed to change the location of a jump "e9 ab 12 34 56" to "e9 56 43 21 ab", something common with dll injection . I would need to cycle your dll function 4 times to replace "ab 12 34 56" with "56 34 12 ab". Between each cycle of the function the injected process is released and allowed to execute until the next writeMemoryProcess call. If by chance (dumb luck) the injected code trys to execute the memory location where I'm injecting It will most likely crash the program.Something to ponder....I was going to do 2 bytes, 4 bytes and accept a string of hex like "ff34d4....." of any length. Also a scanner that you can run once, change something and then run again (to detect something like number of lives decreasing).No time though! Deployment Blog: https://www.autoitconsulting.com/site/blog/ SCCM SDK Programming: https://www.autoitconsulting.com/site/sccm-sdk/
faldo Posted January 4, 2005 Author Posted January 4, 2005 (edited) I was going to do 2 bytes, 4 bytes and accept a string of hex like "ff34d4....." of any length. Also a scanner that you can run once, change something and then run again (to detect something like number of lives decreasing).No time though! <{POST_SNAPBACK}>Read and write of more than one byte would be awsome... 4 bytes would come in good handy! But if you don't have the time it's okey... you've done more than i would ever have imagined so far with the game.dll... thanx a million times Jon!-------------------------------------------------------------------------------Can you try this again, please. And tell us exactly what error message you get.$pid = Run("notepad.exe") _ProcessWriteByte($pid, 6335173, 0x00) $byte = _ProcessReadByte($pid, 6335173) Func _ProcessReadByte($mypid, $myoffset) $result = DllCall("gamedll.dll", "int", "ProcessReadByte", "int", $mypid, "long", $myoffset) Return $result[0] EndFunc Func _ProcessWriteByte($mypid, $myoffset, $mybyte) $result = DllCall("gamedll.dll", "none", "ProcessWriteByte", "int", $mypid, "long", $myoffset, "int", $mybyte) EndFunc<{POST_SNAPBACK}>It worked! The script no longer gives me the error message, i believe i missunderstood the function abit... i was typing in the address in hexadecimal, it all cleard out when i converted it into decimal... thanx for the hint Slim!Oh, another thing... is there a way to get the pid from the program without having to run it like a loader? Edited January 4, 2005 by faldo Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API
faldo Posted January 4, 2005 Author Posted January 4, 2005 (edited) ProcessExists<{POST_SNAPBACK}>Great... thanx alot!Now all that is left to fix in the game.dll/function is the possibility to write and read to/from 4byte values and it will be the new ultimate game trainer making tool! wieeeh!Btw, Jon... the scanner function is not that important, reading/writing to/from 4byte values is kinda crucial though I got ahold of this VB source... hope it helps abit:Private Declare Function ReadProcessMemory Lib "kernel32" (ByVal ProcessID As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesRead As Long) As Long Private Declare Function WriteProcessMemory Lib "kernel32" (ByVal ProcessID As Long, ByVal lpBaseAddress As Any, lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long Private Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long Private Declare Function GetKeyPress Lib "user32" Alias "GetAsyncKeyState" (ByVal Key As Long) As Integer Dim WindowName As String Dim Program As New Class1 Dim TestFindWindow As Integer Dim pId As Long 'ProcessID Dim hProc As Long Dim pHandle As Long 'Process Handle Dim BaseBuffer As Long Dim BaseBuffer0 As Long 'buffer Dim BaseBuffer1 As Long 'buffer Dim BaseBuffer2 As Long 'buffer Dim BaseBuffer3 As Long 'buffer Dim BaseBuffer4 As Long 'buffer Dim BaseBuffer5 As Long 'buffer Dim BaseBuffer6 As Long 'buffer Dim BaseBuffer7 As Long 'buffer Dim BaseBuffer10 As Long Dim OpcodeBuffer As LongPrivate Sub Form_Load() 'Get window handle WindowName = "RallyXT v1.0" Dim hwnd As Long 'Item Handle hwnd = FindWindow(vbNullString, "RallyXT v1.0") 'Make sure the window is open 'Get PID PID = ProcessID GetWindowThreadProcessId hwnd, pId 'Obtain Proccesss handle pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pId) hProc = GetHProcExe("game.exe") End SubPrivate Sub btnProtect_Click() hProc = GetHProcExe("game.exe") Call ReadProcessMemory(hProc, &H36F8D1, BaseBuffer7, 4&, 4) Call ReadProcessMemory(hProc, BaseBuffer7 + 368, BaseBuffer1, 4&, 4) Call WriteProcessMemory(hProc, BaseBuffer1 + 172, &H1, 1&, 1) End SubI believe the "4&, 4" and "1&, 1" at the end of the calls represent the number of bytes of the value.Clearly this code uses basebuffers as "variables" to hold DMA address locations in (if you wonder why they're there ) It's one way to "defeat DMA". Edited January 5, 2005 by faldo Check out my other scripts: RDP antihammer/blacklist generator | Phemex cryptocurrency exchange API
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now