Page 1 of 2 12 LastLast
Results 1 to 15 of 16
  1. #1
    R3d_L1n3's Avatar
    Join Date
    Dec 2012
    Gender
    male
    Posts
    137
    Reputation
    10
    Thanks
    208

    [Source]Making AddieLogger

    This tut was made on WarRock dump , nothing diffrent on ca just follow the steps , oh i already released this on my forum while ago so what about we quit flame :P

    Let me first explain to you how to make patterns ..

    Programs needed Are :

    1 ) Brain.exe

    2 ) Debugger (OllyBg / Ida)

    3 ) NotePad

    Lets start ..


    First Step !

    * The Addie am using is PlayerPointer !! its just example

    1 ) Run Ida pro and include old warrock dump on it befor the last update and wait until loading is finish .. ( should be like this )



    2 ) Search for the addie u want to make patern for



    3 ) Put the addie and click oK



    4 ) Should be like this for example



    5 ) Click at HexView



    6 ) The lined bytes line is the bytes we need to make pattern



    So for now our bytes of old addie are
    ' A1 E8 17 A0 00 3B C3 74 16 33 C9 41 89 98 B4 02 '

    Second Step :

    After we found the bytes for playerpointer addie on the old dump do the same steps u did on new dump ( make sure u use updated addie of player pointer )

    At end after you do same as u did on step 1 you will get this bytes
    ' A1 50 EE A4 00 3B C3 74 16 33 C9 41 89 98 C8 02 '

    Third Step :

    We have the bytes of old dump and new dump so what now ?

    Here come the last step witch is compile

    The New bytes are :


    A1 50 EE A4 00 3B C3 74 16 33 C9 41 89 98 C8 02

    The old Bytes are :

    A1 E8 17 A0 00 3B C3 74 16 33 C9 41 89 98 B4 02

    Now what u do is look at the bytes they both are made of 16 byte so the thing is u replace the diffrent byte with ' ? ' and correct byte with ' x '

    so lets start ..


    A1 50 EE A4 00 3B C3 74 16 33 C9 41 89 98 C8 02

    A1 E8 17 A0 00 3B C3 74 16 33 C9 41 89 98 B4 02

    X ? ? ? X X X X X X X X X X ? X << This is our mask ! so as u see A1 Still A1 So we replaced with ' X ' , 50 Changed to E8 so we replaced with ' ? ' and so on

    The Last Step :

    We found the mast , old bytes , new bytes now we need to make the correct pattern its not much diffrent than step 3 but this time if there diffrent byte u replace it with 0x00 ..

    Example ! :

    A1 50 EE A4 00 3B C3 74 16 33 C9 41 89 98 C8 02 << new byte

    A1 E8 17 A0 00 3B C3 74 16 33 C9 41 89 98 B4 02 << old byte

    xA1\x00\x00\x00\x00\x3B\xC3\x74\x16\x33\xC9\x41\x8 9\x98\x00\x02 = THE Pattern were gona use to get the addie , As u see A1 / A1 Didnt change at first of the two patterns so we keep it A1 but second byte of new pattern was 50 and the old one was E8 so we replaced with 0x00

    So the finaly code will be

    DWORD PlayerPointer = FindPattern((PBYTE)"\xA1\x00\x00\x00\x00\x3B\xC3\x 74\x16\x33\xC9\x41\x89\x98\x00\x02", "x???xxxxxxxxxx?x", 1, true );

    There something i didnt explain witch is how to get this

    FindPattern((PBYTE)"\xA1\x00\x00\x00\x00\x3B\xC3\x 74\x16\x33\xC9\x41\x89\x98\x00\x02", "x???xxxxxxxxxx?x", 1, true );

    its diffrent from addie to other usually its 1 or 2 i cant explain how know if its 1 or 2 u gota find ur self

    Tut is over thanks for reading ..


    Credits :
    R3d_L!n3
    UnknownPk
    NoName
    Last edited by R3d_L1n3; 02-03-2013 at 06:53 AM.

  2. The Following 11 Users Say Thank You to R3d_L1n3 For This Useful Post:

    Armour_D3D (04-18-2016),Cryptonic (02-26-2013),[MPGH]Flengo (02-03-2013),GoldWhite (02-03-2013),merp. (02-03-2013),NotRealPro (02-03-2013),Otaviomorais (02-07-2013),pDevice (02-03-2013),RobinC (02-03-2013),Skaterforeva1 (02-03-2013),The Decoder (02-03-2013)

  3. #2
    Skaterforeva1's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    Up your ass
    Posts
    917
    Reputation
    32
    Thanks
    476
    My Mood
    Psychedelic
    This makes much more since then the other tut. Very nice!

    ^Suck it!


  4. #3
    [H]aaBX's Avatar
    Join Date
    Aug 2012
    Gender
    male
    Posts
    277
    Reputation
    23
    Thanks
    1,084
    My Mood
    Asleep
    It's much easier to use SigMaker

    Thanks @Scynix for this awesome picture
     


  5. #4
    GoldWhite's Avatar
    Join Date
    Nov 2012
    Gender
    male
    Posts
    136
    Reputation
    10
    Thanks
    43
    Quote Originally Posted by [H]aaBX View Post
    It's much easier to use SigMaker
    Can you give me sigmaker?

  6. #5
    Skaterforeva1's Avatar
    Join Date
    Apr 2010
    Gender
    male
    Location
    Up your ass
    Posts
    917
    Reputation
    32
    Thanks
    476
    My Mood
    Psychedelic
    Quote Originally Posted by GoldWhite View Post
    Can you give me sigmaker?
    just Google it? Why does everyone have to do your work for you?

    ^Suck it!


  7. #6
    R3d_L1n3's Avatar
    Join Date
    Dec 2012
    Gender
    male
    Posts
    137
    Reputation
    10
    Thanks
    208
    Quote Originally Posted by [H]aaBX View Post
    It's much easier to use SigMaker
    Like i dont know ? lol this topic explain how it works , its not my job to make it easy on who want to learn

  8. #7
    Flengo's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    Ontario, Canada
    Posts
    15,695
    Reputation
    3319
    Thanks
    11,108
    My Mood
    Happy
    Not the greatest explanation. Could be a lot better.

    Need to be more detailed and organized. This is just for me.

    Still recommending @Ch40zz-C0d3r's tutorial. You end up getting better signature scans also. The method in your example will either not work or die quickly.

    His tutorial was for bette, longer lasting signatures. Although his used OllyDBG and you're using IDA.

    This should be good for beginners though who need to learn how signature scans work

    Thanks for sharing.
    Last edited by Flengo; 02-03-2013 at 11:41 AM.


    I Read All Of My PM's & VM's
    If you need help with anything, just let me know.
     
     
    VM | PM

    Publicist Since 04.04.2015
    Middleman Since Unknown - Unknown
    Global Moderator Since 08.01.2013
    Donator Since 05.29.2013

    Minion+ Since 04.18.2013

    District 187 Minion Since 04.04.2013
    Steam Minion Since 02.26.2013
    WarRock Minion Since 02.19.2013
    A.V.A Minion Since 02.13.2013
    DayZ Minion Since 01.21.2013
    Combat Arms Minion Since 12.26.2012
    Contributor Since 11.16.2012
    Member Since 05.11.2010


  9. The Following 2 Users Say Thank You to Flengo For This Useful Post:

    Ch40zz-C0d3r (02-03-2013),R3d_L1n3 (02-03-2013)

  10. #8
    R3d_L1n3's Avatar
    Join Date
    Dec 2012
    Gender
    male
    Posts
    137
    Reputation
    10
    Thanks
    208
    Quote Originally Posted by Flengo View Post
    Not the greatest explanation. Could be a lot better.

    Need to be more detailed and organized. This is just for me.

    Still recommending @Ch40zz-C0d3r's tutorial. You end up getting better signature scans also. The method in your example will either not work or die quickly.

    His tutorial was for bette, longer lasting signatures. Although his used OllyDBG and you're using IDA.

    This should be good for beginners though who need to learn how signature scans work

    Thanks for sharing.
    1 ) Could be alot better -- You cant just tell everything and this explain enough trust me

    2 ) I made collors just to help understanding :P

    3 ) I didnt ask for pin :P , just sow on forum that when sigs are posted members be like wow 'Pro' while its so easy .

    4 ) Sorry i didnt sow ch4os thread will ..

    5 ) Ehm ur way wrong u cant just say it wont work befor u check it :s , i use it for 3 month , never gaved me false addie

    6 ) Olly / ida that is opinion for me i prefer Olly for reversing , IDA other things

  11. The Following User Says Thank You to R3d_L1n3 For This Useful Post:

    [MPGH]Flengo (02-03-2013)

  12. #9
    Flengo's Avatar
    Join Date
    May 2010
    Gender
    male
    Location
    Ontario, Canada
    Posts
    15,695
    Reputation
    3319
    Thanks
    11,108
    My Mood
    Happy
    Quote Originally Posted by R3d_L1n3 View Post

    6 ) Olly / ida that is opinion for me i prefer Olly for reversing , IDA other things
    Oh nonono it'll work. But just not for everything

    But its good for others newer coders, avoiding sig maker and explaining it to them how it works


    I Read All Of My PM's & VM's
    If you need help with anything, just let me know.
     
     
    VM | PM

    Publicist Since 04.04.2015
    Middleman Since Unknown - Unknown
    Global Moderator Since 08.01.2013
    Donator Since 05.29.2013

    Minion+ Since 04.18.2013

    District 187 Minion Since 04.04.2013
    Steam Minion Since 02.26.2013
    WarRock Minion Since 02.19.2013
    A.V.A Minion Since 02.13.2013
    DayZ Minion Since 01.21.2013
    Combat Arms Minion Since 12.26.2012
    Contributor Since 11.16.2012
    Member Since 05.11.2010


  13. The Following User Says Thank You to Flengo For This Useful Post:

    R3d_L1n3 (02-03-2013)

  14. #10
    R3d_L1n3's Avatar
    Join Date
    Dec 2012
    Gender
    male
    Posts
    137
    Reputation
    10
    Thanks
    208
    Quote Originally Posted by Flengo View Post


    Oh nonono it'll work. But just not for everything

    But its good for others newer coders, avoiding sig maker and explaining it to them how it works
    i still dont use this xd calculating is better XD , but ya sig maker make life easy

  15. #11
    Ch40zz-C0d3r's Avatar
    Join Date
    Apr 2011
    Gender
    male
    Posts
    839
    Reputation
    44
    Thanks
    400
    My Mood
    Twisted
    The thing is, the addresses we are using get changed often.
    Thats why you get a reference pointing to out address, like MOV ECX, 0xADDY
    These code sections wont chnage as often, also you can make 3 sigscans or so.
    I made 3 sigscans for all and return the one which is valid. For example:
    Sig1 = your sigscan
    Sig2 = my method
    Sig3 = my method (another codesection)

    Now I compare your sig with my both and so on

    Heres the link to my tutorial: http://www.mpgh.net/forum/207-combat...ignatures.html
    Also please read the LAST post made by me on last page!!

    Progress with my game - "Disbanded"
    • Fixed FPS lag on spawning entities due to the ent_preload buffer!
    • Edit the AI code to get some better pathfinding
    • Fixed the view bug within the sniper scope view. The mirror entity is invisible now!
    • Added a new silencer for ALL weapons. Also fixed the rotation bugs
    • Added a ton of new weapons and the choice to choose a silencer for every weapon
    • Created a simple AntiCheat, noobs will cry like hell xD
    • The name will be Disbanded, the alpha starts on the 18th august 2014



    Some new physics fun (Serversided, works on every client)



    My new AI
    http://www.youtube.com/watch?v=EMSB1GbBVl8

    And for sure my 8 months old gameplay with 2 friends
    http://www.youtube.com/watch?v=Na2kUdu4d_k

  16. The Following User Says Thank You to Ch40zz-C0d3r For This Useful Post:

    R3d_L1n3 (02-03-2013)

  17. #12
    R3d_L1n3's Avatar
    Join Date
    Dec 2012
    Gender
    male
    Posts
    137
    Reputation
    10
    Thanks
    208
    Quote Originally Posted by Ch40zz-C0d3r View Post
    The thing is, the addresses we are using get changed often.
    Thats why you get a reference pointing to out address, like MOV ECX, 0xADDY
    These code sections wont chnage as often, also you can make 3 sigscans or so.
    I made 3 sigscans for all and return the one which is valid. For example:
    Sig1 = your sigscan
    Sig2 = my method
    Sig3 = my method (another codesection)

    Now I compare your sig with my both and so on

    Heres the link to my tutorial: http://www.mpgh.net/forum/207-combat...ignatures.html
    Also please read the LAST post made by me on last page!!
    Ya ofc i do that on my logger and choose valid :P , ill check it now btw ..

    Edit : ahh i see lol nice tut i didnt read everything cuz am on phone atm when i back home ill
    Last edited by R3d_L1n3; 02-03-2013 at 12:43 PM.

  18. #13
    RobinC's Avatar
    Join Date
    Nov 2012
    Gender
    male
    Location
    Mpgh.exe
    Posts
    1,771
    Reputation
    69
    Thanks
    3,657
    My Mood
    Aggressive
    For me, this is the best tutorial.
    Thanx dude .

  19. The Following User Says Thank You to RobinC For This Useful Post:

    Otaviomorais (02-07-2013)

  20. #14
    merp.'s Avatar
    Join Date
    Aug 2012
    Gender
    male
    Posts
    147
    Reputation
    10
    Thanks
    301
    My Mood
    Bored
    This is great. I was able to understand everything <- (coming from a noob)

  21. #15
    GoldWhite's Avatar
    Join Date
    Nov 2012
    Gender
    male
    Posts
    136
    Reputation
    10
    Thanks
    43
    can anyone give me pattern of dip engine?

Page 1 of 2 12 LastLast

Similar Threads

  1. [Release] [Source]Making AddieLogger
    By R3d_L1n3 in forum Combat Arms EU Hack Coding/Source Code
    Replies: 3
    Last Post: 02-08-2013, 10:31 PM
  2. [Source] How to make a DLL injector in VB
    By scimmyboy in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 12
    Last Post: 01-14-2010, 02:00 PM
  3. i have no reload source! People who make Pubs come
    By romario313 in forum Combat Arms Hack Coding / Programming / Source Code
    Replies: 19
    Last Post: 01-07-2010, 03:12 PM
  4. [Source]How to make an Auto Poster.
    By scriptkiddy in forum Visual Basic Programming
    Replies: 10
    Last Post: 10-07-2009, 08:03 PM
  5. source for combat arms hacks (make ur own hacks
    By morzan364 in forum Combat Arms Hacks & Cheats
    Replies: 15
    Last Post: 04-13-2009, 01:19 AM