Unhooking isn't evading, it's fighting GG; rather, you could inject a DLL before GG's hooks initialize, which will return information and allow manipulation of the game similar to how CE does.Originally Posted by elapidd82
Unhooking isn't evading, it's fighting GG; rather, you could inject a DLL before GG's hooks initialize, which will return information and allow manipulation of the game similar to how CE does.
You have to use Auto Attach,
So it will auto attach as soon as the game boots up.
Read/WriteProcessMemory will be hooked by gamegaurd and useless to you after gg is fully loaded.
You need to write a .dll and inject it into the game (the correct process gamegaurd starts a dummy), then you can access the memory like so...
Code:DWORD* pCurRoom = (DWORD*)0x912954; if ( bAntiKick ) { if ( *(DWORD*)pCurRoom >= 0 && *(DWORD*)pCurRoom < 1000 ) { *(DWORD*)pCurRoom += 0x3E8; } }you may also need to call VirtualProtect on the addys you need but i didn't in this games case.Code:BYTE* pWeather = (BYTE*)0x914728; char cWeatherb[59] = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"; char cWeather[59]; void mem_setweather(void) { memcpy(cWeather,(void*)pWeather,58); //save old bytes memcpy((void*)pWeather,cWeatherb,58); } void mem_rstweather(void) { memcpy((void*)pWeather,cWeather,58);//restore old bytes }
How would you use this for another game? "BYTE* pWeather = (BYTE*)0x914728;" seems game specific.
It's very game specific...
Heres an example of how you would do a health bot/hack...
edit: http://www.mediafire.com/?5twgn0qltyz found this trainer src with googleCode:int iHealth; BYTE* pYOURHEALTH = (BYTE*)0x66666666; void Thread1(void) { while(1) // loop { iHealth = *(BYTE*)pYOURHEALTH; // get health if( iHealth > 0 && iHealth < 100 ) { *(BYTE*)pYOURHEALTH = 100;//set health MySendMessage(hWnd, WM_KEYDOWN,VK_F5,0); // or press a key or click the mouse... MySendMessage(hWnd, WM_KEYUP,VK_F5,0); } Sleep(200); } }
Examples of:
1. Dialogues
2. Hotkeys
3. Making a Dll
4. Writing Bytes at a Addy
5. Codecaves
6. Read/Writing Pointers
7. Multiple Threads
8. Trampoline Bypass
9. Finding Addys via Aob scans (dynamic)
iisv3in please stop posting advice, you clearly have no idea what you are talking about or even posting.
Patrick: we talked for 6 hours today
Tamimego: yarp
Patrick: exactly 6 hours
Patrick: we are like girls
Tamimego: no
Tamimego: we are like programmers
Hi All,
Just wanted to give you folks an update based on the all advice so far. And thank you so much for the help.
So I created
1. an exe to launch the game (my game rightnow is notepad.exe)
2. inject my custom dll as soon as the game is loaded.
3. a shared segment and as well as a way to execute remote processes using CreateRemoteThread() (There are limitation on how these processes are used, so it's tricky..)
so I think i am getting a bit closer now, dont you think?
I tried to inject a simple dll in the game, and even though the dll doesn't really do anything ... gameguard doesn't seem to know that a dll is injected.. so that's good news so far.
My question this time is:
The bot: how should I go about this. should i use the remote process to control the bot (to me, that is really cool because the bot is a part of the game now)? is this really an overkill.
As Albert Einstein said: "Everything should be made as simple as possible, but not simpler." What do you guys think?
My other question is that:
CE ... yes, it helps me a lot in looking for base addresses and value searches.. how am I going to find for example , my current hitpoint ? using this dll injection method? do i have to dump the data from memory and somehow search for that value?
Sort-of; you could take a look at CE's memory scanner, port it to the language you're writing your DLL in, then have the DLL handle the scanning for you. That's how I'd go about this.
You want to control your bot with a dialog box that you can make in the resource editor and also hotkeys if you want to not alt+tab if the game is fullscreen. I already posted an example of how to do both of these things. I can post an example from my gameguard bypassed cheat for gunbound's dialog box and hotkey methods if you dont understand the other examples.
If you really wanted to overkill it (make it reet) you could use a DirectDrawHook to draw whatever you want menus, infos, ect on top of the game. If you wanted to do this I could show you some examples from my GB hack.
You find the addys or pointers with CE then code them into the bot. If you want your have your bot autoupdate you would want to do pattern scanning. There is all kinds of info on these forums about pattern scanning. search dwFindPattern
I just wanted to let you folks know that after spending countless hours, i was able to finish what I started, thanks to you all
DATS MY BOY RIGHT THERE KEEP IT UP MAN
Thanks Guy.
What's vectored exception handling? How do I use it to "gain context information, hook functions, etc"?
Vectored exception handling is a method of handling exceptions; you can add a VE handler by using the AddVectoredExceptionHandler function, then force an exception through some means. When you do this, the kernel will switch the context of the thread the error occured in, then save the other copy as a parameter to hand off to the handler.
Just take a look at my detours library for an example of it being used for such a feat.
Last edited by Guy; 02-17-2010 at 04:11 PM.
nice work dude hope that we can try it!!
Anyone knows if this method work for maplesea as well?
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
