Go Back   UnKnoWnCheaTs - Multiplayer Game Hacking and Cheats

  • read/writeprocessmemory read/writeprocessmemory
    sponsored advertisements
    Authenticator Code
    Reply
     
    Thread Tools

    read/writeprocessmemory
    Old 10th November 2009, 08:00 AM   #1
    smaller
    too old for this ****

    smaller's Avatar

    Join Date: May 2008
    Location: my own imagination
    Posts: 1,278
    Reputation: 5476
    Rep Power: 404
    smaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATS
    Recognitions Award symbolizing a retired staff member who dedicated a notable amount of time and effort to their past staff position. Former Staff
    Members who have contributed financial support towards UnKnoWnCheaTs. Donator (1)
    Points: 32,485, Level: 27
    Points: 32,485, Level: 27 Points: 32,485, Level: 27 Points: 32,485, Level: 27
    Level up: 17%, 1,415 Points needed
    Level up: 17% Level up: 17% Level up: 17%
    Activity: 2.4%
    Activity: 2.4% Activity: 2.4% Activity: 2.4%
    Last Achievements read/writeprocessmemoryread/writeprocessmemoryread/writeprocessmemoryread/writeprocessmemory
    read/writeprocessmemory

    umm is it possible to do something like this:
    Code:
    pReal_PostRender = (void (__stdcall *)(float))((DWORD)pPostRenderHook + *pPostRenderHook + 4);
        VirtualProtect(pPostRenderHook, sizeof(DWORD), PAGE_READWRITE, &Protect);
        *pPostRenderHook = (DWORD)Hooked_PostRender - ((DWORD)pPostRenderHook + 4);
        VirtualProtect(pPostRenderHook, sizeof(DWORD), Protect, &Protect);
    with this:
    Code:
    WINBASEAPI
    BOOL
    WINAPI
    ReadProcessMemory(
        __in      HANDLE hProcess,
        __in      LPCVOID lpBaseAddress,
        __out_bcount_part(nSize, *lpNumberOfBytesRead) LPVOID lpBuffer,
        __in      SIZE_T nSize,
        __out_opt SIZE_T * lpNumberOfBytesRead
        );
    
    WINBASEAPI
    BOOL
    WINAPI
    WriteProcessMemory(
        __in      HANDLE hProcess,
        __in      LPVOID lpBaseAddress,
        __in_bcount(nSize) LPCVOID lpBuffer,
        __in      SIZE_T nSize,
        __out_opt SIZE_T * lpNumberOfBytesWritten
        );
    ?

    i see over 9000 people doing this for a simpler prog in VB:

    Code:
    Try
                Dim M As ProcessModule
                Dim MAddress As Integer
                Dim Address As Integer
                Dim Value As Integer
    
                If Process.GetProcessesByName("Solitaire").Length = 0 Then
                    Exit Sub
                End If
                Dim Handle As Integer = Process.GetProcessesByName("Solitaire")(0).Handle
                Dim HandleP As Process() = Process.GetProcessesByName("Solitaire")
    
                For Each M In HandleP(0).Modules
                    If "Solitaire.exe" = M.ModuleName Then
                        MAddress = M.BaseAddress
                    End If
                Next
    
                ReadProcessMemory(Handle, MAddress + &H82848, Value, 4, 0)
                Address = Value + &H2C
                ReadProcessMemory(Handle, Address, Value, 4, 0)
                Address = Value + &H10
    
                'And Write To The Final Address
                WriteProcessMemory(Handle, Address, 1000, 4, 0)
            Catch ex As Exception
                MsgBox(Err.Description)
            End Try


    Thx.
    __________________


    Quote:
    Originally Posted by TarkovEnjoer View Post
    Without a second PC, the cheat will not work? If I write my cheat without a second PC, I won't be able to run it, so that they wouldn't find me?

    Last edited by smaller; 10th November 2009 at 08:03 AM.
    smaller is offline
    Reply With Quote

    Old 10th November 2009, 11:07 AM   #2
    ultimate-tester
    A Forum Hero

    ultimate-tester's Avatar

    Join Date: Sep 2008
    Location: The Netherlands
    Posts: 1,751
    Reputation: 1370
    Rep Power: 0
    ultimate-tester has made all of you their subservient e-slavesultimate-tester has made all of you their subservient e-slavesultimate-tester has made all of you their subservient e-slavesultimate-tester has made all of you their subservient e-slavesultimate-tester has made all of you their subservient e-slavesultimate-tester has made all of you their subservient e-slavesultimate-tester has made all of you their subservient e-slavesultimate-tester has made all of you their subservient e-slavesultimate-tester has made all of you their subservient e-slavesultimate-tester has made all of you their subservient e-slaves
    Recognitions Award symbolizing a retired staff member who dedicated a notable amount of time and effort to their past staff position. Former Staff
    Make a simple hook on WriteProcessMemory? Of course that's possible!
    U can use that function.. how's it called? GetProcAdress or something?

    Be aware that it's a bool, so at the end of the hooked function, U need to return something.

    if you return 0 there, then WriteProcessMemory will be FULLY disabled for the application U hooked it in.
    if you return > 0, it will always return succeed.
    if you return itself (return _WriteProcessMemory), it will return normal values like it should.
    ultimate-tester is offline
    Reply With Quote

    Old 10th November 2009, 02:39 PM   #3
    okidoki
    UC Supporter

    okidoki's Avatar

    Join Date: Jan 2004
    Location: Altar of Storms
    Posts: 290
    Reputation: 3466
    Rep Power: 496
    okidoki is a legend in the cheating communityokidoki is a legend in the cheating communityokidoki is a legend in the cheating communityokidoki is a legend in the cheating communityokidoki is a legend in the cheating communityokidoki is a legend in the cheating communityokidoki is a legend in the cheating communityokidoki is a legend in the cheating communityokidoki is a legend in the cheating communityokidoki is a legend in the cheating communityokidoki is a legend in the cheating community
    Hi,

    Here is some old code that may could help you:
    Code:
    // KUSER_SHARED_DATA UserSharedData
    #define SYSENTER_SHAREDUSERDATA						0x7FFE0000
    
    // UserSharedData.SystemCall -> KiFastSystemCall
    #define SYSENTER_SYSTEMCALL							0x0300
    
    // UserSharedData.SystemCallReturn -> KiFastSystemCallRet
    #define SYSENTER_SYSTEMCALLRETURN					0x0304
    Code:
    // NtReadVirtualMemory
    
    #define SYSCALL_NTREADVIRTUALMEMORY_XP				0x00BA
    #define SYSCALL_NTREADVIRTUALMEMORY_VISTA			0x0102
    #define SYSCALL_NTREADVIRTUALMEMORY_SEVEN			0x003C
    Code:
    // NtWriteVirtualMemory
    
    #define SYSCALL_NTWRITEVIRTUALMEMORY_XP				0x0115
    #define SYSCALL_NTWRITEVIRTUALMEMORY_VISTA			0x0167
    #define SYSCALL_NTWRITEVIRTUALMEMORY_SEVEN			0x0037
    Code:
    // NtProtectVirtualMemory
    
    #define SYSCALL_NTPROTECTVIRTUALMEMORY_XP			0x0089
    #define SYSCALL_NTPROTECTVIRTUALMEMORY_VISTA		0x00CF
    #define SYSCALL_NTPROTECTVIRTUALMEMORY_SEVEN		0x004D
    NTDLL.DLL
    Code:
    NTSTATUS NTAPI NtReadVirtualMemory( HANDLE processHandle, PVOID baseAddress, PVOID buffer, ULONG numberOfBytesToRead, PULONG numberOfBytesReaded )
    {
    	/*
    		.text:7C91D9FE		mov eax, 0BAh			; Syscall index
    		.text:7C91DA03		mov edx, 7FFE0300h	; UserSharedData.SystemCall
    		.text:7C91DA08		call dword ptr [edx]		; KiFastSystemCall
    		.text:7C91DA0A		retn 14h
    	*/
    
    	_asm
    	{
    		MOV EAX, SYSCALL_NTREADVIRTUALMEMORY_XP;
    
    		// KiFastSystemCall
    		MOV EDX, SYSENTER_SHAREDUSERDATA;
    		XOR EDX, SYSENTER_SYSTEMCALL;
    	
    		PUSH DWORD PTR [EDX];
    		RET;
    	}
    }
    Code:
    NTSTATUS NTAPI NtWriteVirtualMemory( HANDLE processHandle, PVOID baseAddress, PVOID buffer, ULONG numberOfBytesToWrite, PULONG numberOfBytesWritten )
    {
    	/*
    		.text:7C91DFAE		mov eax, 115h			; Syscall  index
    		.text:7C91DFB3		mov edx, 7FFE0300h	; UserSharedData.SystemCall
    		.text:7C91DFB8		call dword ptr [edx]		; KiFastSystemCall
    		.text:7C91DFBA		retn 14h
    	*/
    
    	_asm
    	{
    		MOV EAX, SYSCALL_NTWRITEVIRTUALMEMORY_XP;
    
    		// KiFastSystemCall
    		MOV EDX, SYSENTER_SHAREDUSERDATA;
    		XOR EDX, SYSENTER_SYSTEMCALL;
    		
    		PUSH DWORD PTR [EDX];
    		RET;
    	}
    }
    Code:
    NTSTATUS NTAPI NtProtectVirtualMemory( HANDLE processHandle, PVOID *baseAddress, PULONG numberOfBytesToProtect, ULONG newAccessProtection, PULONG oldAccessProtection )
    {
    	/*
    		.text:7C91DFAE		mov eax, 89h			; Syscall  index
    		.text:7C91DFB3		mov edx, 7FFE0300h	; UserSharedData.SystemCall
    		.text:7C91DFB8		call dword ptr [edx]		; KiFastSystemCall
    		.text:7C91DFBA		retn 14h
    	*/
    
    	_asm
    	{
    		MOV EAX, SYSCALL_NTPROTECTVIRTUALMEMORY_XP;
    
    		// KiFastSystemCall
    		MOV EDX, SYSENTER_SHAREDUSERDATA;
    		XOR EDX, SYSENTER_SYSTEMCALL;
    		
    		PUSH DWORD PTR [EDX];
    		RET;
    	}
    }
    KERNEL32.DLL
    Code:
    BOOL WINAPI ReadProcessMemory( HANDLE process, LPCVOID address, LPVOID buffer, SIZE_T size, SIZE_T *bytesRead )
    {
    	NTSTATUS status = NtReadVirtualMemory( process, address, buffer, size, bytesRead );
    
    	return !status;
    }
    Code:
    BOOL WINAPI WriteProcessMemory( HANDLE process, LPVOID address, LPCVOID buffer, SIZE_T size, SIZE_T *bytesWritten )
    {
    	NTSTATUS status = NtWriteVirtualMemory( process, address, buffer, size, bytesWritten );
    
    	return !status;
    }
    Code:
    BOOL WINAPI VirtualProtectEx( HANDLE process, LPVOID address, SIZE_T size,DWORD newProt, LPDWORD oldProt )
    {
    	NTSTATUS status = NtProtectVirtualMemory( process, &address, &size, newProt, oldProt );
    
    	return !status;
    }
    Code:
    BOOL WINAPI VirtualProtect( LPVOID address, SIZE_T size, DWORD newProt, LPDWORD oldProt )
    {
    	return VirtualProtectEx( ( HANDLE )0xFFFFFFFF, address, size, newProt, oldProt );
    }
    Regards.
    __________________
    Thrall, a young Orc raised as a Human slave and gladiator...

    Last edited by okidoki; 16th November 2009 at 08:44 AM. Reason: Added VirtualProtect
    okidoki is offline
    Reply With Quote

    Old 11th November 2009, 02:38 AM   #4
    smaller
    too old for this ****

    smaller's Avatar

    Threadstarter
    Join Date: May 2008
    Location: my own imagination
    Posts: 1,278
    Reputation: 5476
    Rep Power: 404
    smaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATSsmaller DEFINES UNKNOWNCHEATS
    Recognitions Award symbolizing a retired staff member who dedicated a notable amount of time and effort to their past staff position. Former Staff
    Members who have contributed financial support towards UnKnoWnCheaTs. Donator (1)
    Points: 32,485, Level: 27
    Points: 32,485, Level: 27 Points: 32,485, Level: 27 Points: 32,485, Level: 27
    Level up: 17%, 1,415 Points needed
    Level up: 17% Level up: 17% Level up: 17%
    Activity: 2.4%
    Activity: 2.4% Activity: 2.4% Activity: 2.4%
    Last Achievements read/writeprocessmemoryread/writeprocessmemoryread/writeprocessmemoryread/writeprocessmemory
    Thank you for this info. Will fiddle around when I get to my pc
    __________________


    Quote:
    Originally Posted by TarkovEnjoer View Post
    Without a second PC, the cheat will not work? If I write my cheat without a second PC, I won't be able to run it, so that they wouldn't find me?
    smaller is offline
    Reply With Quote
    Reply


    Similar Threads
    Thread Thread Starter Forum Replies Last Post
    How WriteProcessMemory Works and Why You Can't Protect Your "Offsets" Max_Power General Programming and Reversing 10 25th October 2015 03:57 AM
    [Information] A potential WriteProcessMemory alternative pkecobpm C and C++ 26 2nd February 2012 08:28 PM
    [Help] VAC - WriteProcessMemory Momo5000 Anti-Cheat Bypass 8 2nd May 2011 09:26 PM
    [Help] Little help with writeprocessmemory to change code in memory please! X800XTPE VB.NET 0 26th March 2006 04:06 PM
    [Question] WriteProcessMemory Alternative xheatstroke VB.NET 6 24th March 2006 11:47 PM


    Thread Tools

    Forum Jump


    All times are GMT. The time now is 04:50 PM.

    Contact Us - Toggle Dark Theme
    Terms of Use Information Privacy Policy Information
    Copyright ©2000-2024, Unknowncheats™
    read/writeprocessmemory read/writeprocessmemory
    sponsored advertisement
    no new posts