Advanced programming topics
Sticky Threads
I've noticed some custom made anti-cheats like to start a process from memory pointer rather than a file for extra protection. I wrote a little code a while back to do the same, for those who would like to know how to do so. //-------------------------------------------------------- //...
Some of you might be interested in this: www.darawk.com/Code/ManualMap.rar The lower level ManualMap class in the project is used to parse a PE file, map it into memory, fix it's relocs, imports, etc.. and create a new thread at it's entry point in an arbitrary process. Essentially, it...
I was really looking forward to trying out a rootkit on the latest Snow Leopard release but Apple managed to confuse everyone again or at least root some of their KEXT functionalities - so I had to find the sysent table (which apparently isn't documented anymore). I recently tried loading my KEXT...
#include <stdio.h> #include <windows.h> #include <gl\gl.h> int Detour(DWORD dwPID, BYTE *pCodeCave, int iCodeCaveSize, DWORD dwOrig, DWORD dwByteAdd) { DWORD dwBase = 0; DWORD dwTemp = 0; HANDLE hProcess = NULL;
Updated: http://www.sendspace.com/file/1bczij Older versions: The above virtualizes x86 instructions handed off in a specific buffer. The VM itself still lacks many instructions, but overall, I'd say once I right a quick front-end tool for writing the virtualized buffer to use for you,...
Synopsis: Assemble / inject code in other processes. This is an extension of the Assembler class from AsmJit. You can use this to: * Inject code in other processes (all relocations handled automatically) * Patch / overwrite code in other processes (including own process) HANDLE...
Hey, I've been working on a hook for a few months now. It injects a binary file sort of like shellcode at a random address using VirtualAllocEx, then it injects a piece of code to the game (at a constantly used process such as GetTickCount), which jumps to the injected code. The injected code...
Do not post compile errors.. meh that about sums it up
Okay here we go, this method is from ogc re and previous ogc fb versions. First of all we need to get the TIB of the thread we want to hook in. This isn't hard at all because it's stored in the TEB of the Thread. (You may google for it). now let's go on... In the TEB we have right at the...
Normal Threads
I'm sure most of you are aware, a common issue with hardware breakpoints is that they're thread specific. Before Vista and WOW64 it was easy to break on CsrCreateThread and fix up the registers. But on 64 bit Windows 7 I get this: 0:016> x *!*Csr*CreateThread* 00000000`753db530...
Can someone point me into the right direction? I want to check a process for applied hardware breakpoints.. What are the functions to go along with for that? Thanks in advance.
Hi im looking for tutorials/example code that demonstrates/explains how to build custom controls specifically im looking for a way to display custom controls on poker client software just the way poker tracker 3 is doing it with its HUD (displaying player statistics on the Table window) ...
Hey Guys, I attached my driver to an exe's context with(KeAttachProcess) now I can simply read/write from it with RtlCopyMemory. But I cant write to Memory which is not marked as Writeable. Is there any VirtualProtect equivalent for kernel mode drivers so that I can change this memory...
Alright , so i wanted to ask the experts here: Can someone suggest any lessons or give a tut or example of searching for a byte signature or lets just say find a address automaticly by giving a string signature. I will be very grateful if someone can point me in the right direction. Thank...
Wonderin if this can be of any use for someone or modified to be useful. Not sure if its been done before..
Cheat Distribution Scheme Introduction Since I'm sharing my hacks with some friends, I want to ensure that I control who can use my hack (a robust and effective anti-leak) while still ensure that the hack won't ever get detected by the game's anti-cheat. My goal is to do this without any...
Is there any way to have a parameter that automatically gets placed in ECX in a call to a function pointer? typedef void (__thiscall *tSetPhysics)(char phys); tSetPhysics *oSetPhysics; Using S0beit's CVTableHook I created a class with a function to overwrite the original vtable entry with my...
Why is it that in SP1 my hacks don't work. They cause problems for anyone I give it to that have SP1, mainly along the lines of detours. I use a class CDetour to do global detours, and well it doesn't seem to work. When they update to SP2, the problem goes away. What is going on?
sorry didnt read the rule about not posting compile errors. Thread closed.Can someone delete this.
Hey, I'm trying to detect PunkBusters scan by PAGE_GUARD'ing my vTable hooks, I have done this with VirtualProtect(PAGE_GUARD...) and added an exception handler using AddVectoredExceptionHandler(1, MyHandler); One problem remains, how would I find out if STATUS_ACCESS_VIOLATION is triggerd from...
Hey, having problems with steam's overlay crashing when I hook the game's direct3d device. I'm using a full device replacement hook. Even if I don't do anything inside the hooks other than forward to the real function, as long as I hook the device (*ppDevice = this) this crash happens. API...
I am looking for a way to dump the content of any window to memory (bitmap information of the window content will suffice) even if this window is totally or partly obfuscated, i asked google to help me and the best thing i found was this forum :) maybe someone here can help or push me in the...
Hi, I found this interesting and know many of you will as well. The research provided in this paper describes in details how to reverse engineer and modify System Management Interrupt (SMI) handlers in the BIOS system firmware and how to implement and detect SMM keystroke logger. This work...
================================ I've been trying to figure this issue out for a while now. I did alot of research and no success. I have dual monitors, Left Panel is Dell and the Right Monitor is an HP. Nvidia Support. Nvidia has the Extended Mode which you can use your secondary monitor to...
i've read the post "Process Forking - Running Process From Memory" sticked. and its a good post, but i have a question, the function used to create a process from a .EXE image in the memory doesn't teach, how to create a image of a file,and pass to the function, please help me function used: ...
Hey guys, Just working on detouring some basic d3d stuff with the help of some people from this forum, and I seem to be running into an issue. Take this for example: oHookMe = (tHookMe)DetourFunc((BYTE*)func_ptr,(BYTE*)MyHookMe,5); MyHookMe would be something like this: void MyHookMe()...
*Removed* Figured it out thanks to kynox.
Hello, i need some help.... I have a manually mapped dll in the target remote process, now everytime i use sprintf (or any formatting func)"%f" it causes crash error "floating point support not loaded". Any suggestions?
maybe somebody an answer to my post @woodmann http://www.woodmann.com/forum/showthread.php?t=13102 thx
So I was recently playing around with the C++ boost::function_types library, which allows you to retrieve properties of functions at compile-time (return type, argument types, function arity, function calling-convention) and use these properties at runtime. I thought it would be pretty cool to...
Because current intrinsics for x86 and x64 platforms may be lacking, I'm writing my own pseudo-intrinsics library. While what you may be using aren't actual intrinsics, they'll be functions intended to run as quickly as possible (e.g. Local stack initialization isn't usually done). intrinext.h:...
Well I am trying to hook DirectInput8Create and for some reason I keep getting an error saying something about a null pointer"The instruction at "0x00000000" referenced memory at "0x00000000". The memory could not be "read".". Here is my code HRESULT MyDirectInput8Create(HINSTANCE hinst,DWORD...
Hi i no i am new here but i was wondering if some one could post a tuturial on how to make a working CS:S aimbot, but a whole hack with lotys of other stuff would be great.
Hey i used COD5 Base HOOK 1.5 and i try to make a aimkey on the aimbot. I did this. But it isnt OnPress true and OnRelease false. It is just OnPress true. And it is not working when i press L Alt nothing happend. Here is my code: //aim if(GetAsyncKeyState(VK_MENU)&1){ if (Item3 ==1); ...
Recently I've been screwing around with an Unreal Engine 3 game, and one of values I was looking for was the look angles, and I did find one angle, the one that rotates around the yaw, for some reason the pitch is nowhere to be found though. Yaw is all I really need I suppose, but the yaw is in a...
Hey Guys... i got a small problem...i used some ways but it didn't work. I just want to read out the value of a simple adress and let it increase then. exp: // read value of address getCurrentlyValue()
hey all Anyone can help me to catch a Exception via address ? I don't really understanding how i can catch a Exception handling via hardware break points esemp; i set a hwbp to address ; 0x100000
hi, im using this function from 100 in 100 ms, to check if a process is running. task manager "commit charge" is increasing 1MB per second !!!! how can i release that memory or once i already have the procId, check if the process is running ?
Hi, Im trying to hook the following function : .text:5FF65940 ; public: bool __thiscall CTableChatClient::SendText(char const *,bool) .text:5FF65940 public ?SendText@CTableChatClient@@QAE_NPBD_N@Z .text:5FF65940 ...
There are currently 1 users browsing this forum. (0 members & 1 guests)
Use this control to limit the display of threads to those newer than the specified time frame.
Allows you to choose the data by which the thread list will be sorted.
Order threads in...
Note: when sorting by date, 'descending order' will show the newest results first.
Forum Rules
