Home of Gamehacking - Archiv
Problem Applying Aobscan - Druckversion

+- Home of Gamehacking - Archiv (http://archiv-homeofgamehacking.de)
+-- Forum: Coding (http://archiv-homeofgamehacking.de/forumdisplay.php?fid=15)
+--- Forum: Visual Basic 6, VB.NET (http://archiv-homeofgamehacking.de/forumdisplay.php?fid=19)
+--- Thema: Problem Applying Aobscan (/showthread.php?tid=475)

Seiten: 1 2 3

RE: Problem Applying Aobscan - giassamarkos - 24.07.2011

thanks but used this with the getmodulebase and the game just shuted down

the same with the prince of persia game
i used flags

RE: Problem Applying Aobscan - DNA - 25.07.2011

Now it is really hard to help ... i have to see it by myself to say more.

RE: Problem Applying Aobscan - giassamarkos - 25.07.2011

well ok if you have time tell me to see it

RE: Problem Applying Aobscan - giassamarkos - 25.07.2011

Well look what i mean


Visual Basic Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
 
ElseIf GetAsyncKeyState(Keys.F1) = &HFFFF8001 Then
            Dim cave As Integer = AllocMem(ProcName)
            Dim gamex86 As Int32 = GetModuleBase("brink", "gamex86.dll")
            Dim caveaddr = &H10ABF
            Dim origaddr = gamex86 + &H188A1D
            Dim cavebytes() As Byte = {&H60, &H83, &H3D, &H4, &H4, &H11, &H4, &H1, &H75, &HE, &H90, &H90, &H90, &H90, &HC7, &H87, &H98, &H1B, &H0, &H0, &HF4, &H1, &H0, &H0, &H61, &H8B, &H9F, &H98, &H1B, &H0, &H0, &HC3}
            Dim origbytes() As Byte = {&HE8, &HDE, &H75, &H1F, &HB2, &H90, &HD9, &HE8, &H33, &HF6}
            autopatcher(caveaddr, cavebytes)
            autopatcher(origaddr, origbytes)
            KeyLogger.Enabled = True
            Label12.Visible = False
            Label11.Visible = True
            sapi.Speak("Trainer Activated")
            enable.Enabled = False

but when i restart the game as you know the bytes for the origbytes
&HE8, &HDE, &H75, &H1F, &HB2, &H90, &HD9, &HE8, &H33, &HF6

the   &HDE, &H75, &H1F, &HB2 changes
so i would like to do this code injection but alwas has the caveaddr as it is without me having to put new bytes for the trainer to transport the bytes into the correct cave address

Hope you understand

RE: Problem Applying Aobscan - DNA - 25.07.2011

Ok,
go to your originalcode and follow this call (&HE8, &HDE, &H75, &H1F, &HB2)
and then tell me, where the call ends (modulebase and offset)

RE: Problem Applying Aobscan - giassamarkos - 26.07.2011

Look the module base and the offset is
"gamex86.dll"+188A1D
the assemble code is

E8 DE7577AF - call 04E30000
90 - nop


the DE7577AF changes everytime i restart the game
i need a byte like that but to be standard
i meen the address that this byte holds get changed from 04E30000
to 03E30000 or anything
and as a caveaddr = cave



RE: Problem Applying Aobscan - Acubra - 26.07.2011

(26.07.2011, 00:03)giassamarkos schrieb: Look the module base and the offset is
"gamex86.dll"+188A1D
the assemble code is

E8 DE7577AF - call 04E30000
90 - nop


the DE7577AF changes everytime i restart the game
i need a byte like that but to be standard
i meen the address that this byte holds get changed from 04E30000
to 03E30000 or anything
and as a caveaddr = cave
Hey,
the Opcodes change every time you restart the game. To use the aobscan anyways you need to use wildcards. In CE you use them by writing questionmarks, so the function will scan specific bytes, but not the ones with a questionmark. So you don't need to care for the changing opcodes due the call command.


RE: Problem Applying Aobscan - giassamarkos - 26.07.2011

i know that... this is now solved..at the moment but now i need to see the module addresses in vb thats why i need something that can make not to change


RE: Problem Applying Aobscan - giassamarkos - 26.07.2011

(26.07.2011, 00:19)Acubra schrieb:
(26.07.2011, 00:03)giassamarkos schrieb: Look the module base and the offset is
"gamex86.dll"+188A1D
the assemble code is

E8 DE7577AF - call 04E30000
90 - nop


the DE7577AF changes everytime i restart the game
i need a byte like that but to be standard
i meen the address that this byte holds get changed from 04E30000
to 03E30000 or anything
and as a caveaddr = cave
Hey,
the Opcodes change every time you restart the game. To use the aobscan anyways you need to use wildcards. In CE you use them by writing questionmarks, so the function will scan specific bytes, but not the ones with a questionmark. So you don't need to care for the changing opcodes due the call command.
But you are right
i need something like that for the origbytes too
Such as {&HE8,&H??,&H??,&H??,&H??,&H90}
but i tried and it says that it cant make an argument


RE: Problem Applying Aobscan - giassamarkos - 26.07.2011

Well Dna i suppose you remember this codesnippet

Visual Basic Code
1
2
3
4
5
6
7
8
9
10
11
12
13
 
Public Sub JmpToCave(ByVal DestinationAddi As Int32, ByVal sourceaddi As Int32, Optional ByVal NumberOfNops As Int32 = 0)
        Dim JmpBytes As Int32 = DestinationAddi - sourceaddi - 5
        Write_Byte(sourceaddi, &HE9)
        Write_Long(sourceaddi + 1, JmpBytes)
        For i = 0 To NumberOfNops - 1
            Write_Byte(sourceaddi + 5 + i, &H90)
        Next
    End Sub

    Public Function GetJmpBytes(ByVal DestinationAddi As Int32, ByVal SourceAddi As Int32)
        Dim JmpBytes As Int32 = DestinationAddi - SourceAddi - 5
        Return JmpBytes
    End Function


Ans i suppose you remember the assassin's creed brotherhood trainer that you made for me doing this

Visual Basic Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 
 If GetAsyncKeyState(VK_NUMPAD0) Then
            'ACBSP.exe+10571A7
            'ACBSP.exe+1057206
            If health = False Then

                '023BA845 codecave nowot

                modulebase = GetModuleBase(ProcName, "ACBSP.exe")

                Dim caveaddr = allocmemstart
                MsgBox(Hex(caveaddr) & " - " & Hex(modulebase))
                RemoveProtection(ProcName, caveaddr, 67)
                Dim cavebytes() As Byte = {&H83, &HF8, &H56, &HF, &H85, &H19, &H1, &H0, &H0, &H82, &H3D, &HBA, &HB, &H1, &H0, &H1, &HF, &H85, &H1, &H1, &H0, &H0, &HC7, &H46, &H58, &H0, &H5, &H0, &H0, &H89, &H46, &H58, &H56, &HE9, &HF, &H67, &H3F, &H2, &H80, &H7E, &H58, &H1, &H0, &H0, &H0, &HF, &H85, &HFF, &H0, &H0, &H0, &HC7, &H46, &H58, &H0, &H0, &H0, &H0, &H89, &H46, &H58, &H56, &HE9, &HF2, &H66, &H3F, &H2}
                Dim jmpbytes As Byte = GetJmpBytes(modulebase + &H24071FE, caveaddr + &HF)
                Write_Long(caveaddr + &H10, jmpbytes)
                autopatcher(caveaddr, cavebytes)
                JmpToCave(caveaddr, modulebase + &H24071F0)

                Console.Beep()
                health = True
                System.Threading.Thread.Sleep(500)
            ElseIf health = True Then
                modulebase = GetModuleBase(ProcName, "ACBSP.exe")


                Dim origaddr = &H24071F0
                Dim origbytes() As Byte = {&HE9, &HCA, &H98, &HC0, &HFD, &H90}
                autopatcher(origaddr, origbytes)

                Console.Beep()
                health = False
                System.Threading.Thread.Sleep(500)
            End If


First of all i dont remember actually where did you get this one
Dim jmpbytes As Byte = GetJmpBytes(modulebase + &H24071FE, caveaddr + &HF) ...the  &H24071FE...

And i did this with the brink game
doing this

Visual Basic Code
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
 
If GetAsyncKeyState(Keys.NumPad1) = &HFFFF8001 Then
            If health12 = False Then
                Dim cave As Integer = AllocMem(ProcName)
                modulebase = GetModuleBase(ProcName, "gamex86.dll")
                
                Dim caveaddr = cave
                Dim cavebytes() As Byte = {&HC7, &H87, &H98, &H1B, &H0, &H0, &HF4, &H0, &H0, &H0, &H8B, &H9F, &H98, &H1B, &H0, &H0, &HE9, &H49, &H7F, &H8D, &H58}
                Dim jmpbytes As Byte = GetJmpBytes(modulebase + &H188A23, cave + &HF)
                WriteInt32(cave + &H10, jmpbytes)
                autopatcher(caveaddr, cavebytes)
                AllocJump(caveaddr, modulebase + &H188A1D, 1)


                Console.Beep()
                Health = True
                System.Threading.Thread.Sleep(500)
            ElseIf Health = True Then
                modulebase = GetModuleBase(ProcName, "gamex86.dll")

                Dim origaddr = modulebase + &H188A1D
                Dim origbytes() As Byte = {&HE8, &H4, &H4, &H11, &H4, &H90}
                autopatcher(origaddr, origbytes)
                Console.Beep()
                Health = False
                System.Threading.Thread.Sleep(500)
            End If
        End If
    End Sub


i took that Dim jmpbytes As Byte = GetJmpBytes(modulebase + &H188A23, cave + &HF)... the   &H188A23 from the second opcode of the first intruction that holdes the health address


But i get and error
Called

OverflowException was unhandled
Arithmetic operation resulted in an overflow

Troubleshooting Tips:
Make sure you not dividing by zero

Any ideas?