SpeedHack: Not Complete (Please Help if you can)

[why06]

This speed hack seems logical to me and has no compile time errors, So Im guessing it loads correctly. However the speedhack simply does not work. As you can tell its kind of messy. There are parts merely commented out, while I set my focus to another part of the program. For this reason I will describe the program in 3 logical parts. This will make it easy to understand:

1. The Detours. There are three detours set in this program to alter the Windows API functions:
timeGetTime()
QueryPerformanceCounter()
GetTickCount()

2. The Speed Controls. This part adjusts the speed. Do not pay to much attention to the create window thing. Im working on implementing that inside of the hack. Unless ofcourse you want to offer help which I'll gladly except. Focus more on the factors controlling the speed of the detoured functions.

3. The DllMain.
The fault might be here. Maybe it is not loading correctly. To be honest I don't know. All I know is the game does not shut down when I inject it anymore, but perhaps it could be many things.


However it has to be something wrong with one or more these 3 logical sections. For some reason I have a feeling that its the DllMain, because thats where I had a problem last time. I forgot to return true and the program didn't load of initialize properly. not sure =/

[PHP]
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include "detours.h"
/****************NOTES**********************
Title: SpeedHack v.0.1
This is a C++ style conversion of Dark_Byte's Speedhack. Completely recoded, from the
ground up, using a slight aleration of DB's original method, with the Detours Library 2.1
provided by Microsoft, rather then hooking. This is still in aplha testing.
Might be some problems with a smooth dialing of speed due to factor conversions
Also lacks UI, but plan on adding in next compilation.
Thanks to: Hell_Demon & Matrix_NEO006
Credits: why06 (why06mail@gmail.com) for MPGH.net
********************************************/

DWORD (__stdcall *Real_timeGetTime)(void) = ( DWORD(WINAPI *)(void))GetProcAddress(GetModuleHandleA("Kernel32 .dll"),"timeGetTime");
BOOL (__stdcall *Real_QPC)(LARGE_INTEGER *lp) = (BOOL(WINAPI *)(LARGE_INTEGER *))GetProcAddress(GetModuleHandleA("Kernel32.dll") , "QueryPerformanceCounter");
DWORD (WINAPI *Real_GetTickCount)(void) = (DWORD (WINAPI *)(void))GetProcAddress(GetModuleHandleA("Kernel32 .dll"), "GetTickCount");
HWND hBox;
char buf[200] = {0};


float factorset = 2.0;//initial value: 1.0
bool speedhack = 1;//initial state: off

void SpeedLoop()
{

HWND hWnd;
hWnd = (HWND)GetForegroundWindow();
hBox = CreateWindowA("button", "Change Points", WS_VISIBLE | WS_CHILD, 50, 105, 100, 20, hWnd, (HMENU)1, NULL, NULL);
while(1)
{
GetDlgItemTextA(hBox, 4, buf, 256); //get the text or integer that user has entered and store it in buf
factorset = atoi(buf); //macro atoi, to convert the string to an integer,

/*
if(GetAsyncKeyState(0x5A))//Z key
{
factorset -= .25;
}
if(GetAsyncKeyState(0x43))//C key
{
factorset += .25;
}
if(GetAsyncKeyState(0x54))//T key
{
if(speedhack)speedhack = 0;//off
else speedhack = 1;//on
}
*/
Sleep(30);
}
}

DWORD My_timeGetTime()
{
float factor = 1.0;
DWORD currentreal = 0;

if(speedhack)factor = factorset;
else factor = 1.0;

static DWORD oldtGT = 0;
if(oldtGT==0)
{
oldtGT = Real_timeGetTime();
return oldtGT;
}
currentreal = Real_timeGetTime();

DWORD newret;
newret = currentreal + (DWORD)((currentreal-oldtGT)*(factor-1));

oldtGT=currentreal;
return newret;
}

BOOL My_QPC(LARGE_INTEGER *lp)
{
static __int64 oldfake = 0;
static __int64 oldreal = 0;
float factor = 1.0;

if(speedhack)factor = factorset;//remember this variable
else factor = 1.0;

__int64 newvalue;

if( oldfake == 0 || oldreal == 0 )
{
oldfake = lp->QuadPart;
oldreal = lp->QuadPart;
}
newvalue = lp->QuadPart;

newvalue = oldfake + (__int64)((newvalue - oldreal) * (factor-1));

oldreal = lp->QuadPart;
oldfake = newvalue;

lp->QuadPart = newvalue;
return Real_QPC(lp);
}

DWORD My_GetTickCount()
{
float factor = 1.0;
DWORD new_count = 0;
DWORD currentreal = 0;

if(speedhack)factor = factorset;//on
else factor = 1;//off

static DWORD old_count = 0;
if(old_count == 0)
{
old_count = Real_GetTickCount();
return old_count;
}
currentreal = Real_GetTickCount();
new_count = currentreal + (DWORD)(new_count-old_count) * (factor-1);

old_count = currentreal;
return new_count;
}


BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
{
switch( dwReason )
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls( hModule );
DetourTransactionBegin();
DetourUpdateThread( GetCurrentThread() );
DetourAttach( &(PVOID&)Real_timeGetTime, My_timeGetTime);
DetourAttach( &(PVOID&)Real_QPC, My_QPC );
DetourAttach( &(PVOID&)Real_GetTickCount, My_GetTickCount);
DetourTransactionCommit();
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)SpeedLoop, NULL, NULL, NULL);
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread( GetCurrentThread() );
DetourDetach( &(PVOID&)Real_timeGetTime, My_timeGetTime);
DetourDetach( &(PVOID&)Real_QPC, My_QPC );
DetourDetach(&(PVOID&)Real_GetTickCount, My_GetTickCount);
DetourTransactionCommit();
break;
}
return TRUE;
}

[/PHP]

Its a lot of code, so it may be easier to look at in a compiler. I've been going over it all day myself, so I figure its about time to ask for some help. Windows is definitely not my specialty... ;l (or anything for that matter, but no need to get picky )

[why06]

Awww... no replies?

Well good news anyway. Turns out I needed to compile it in release mode. The .obj was not linking with the detours.lib.

Now that that's out of the way, it means the problem is a code problem and not a configuration problem. Im going to focus on logical sections 1 & 2 now.

Hmmm... Im beginning to think Combat Arms may hook the time functions to prevent tampering. I will test this on other games to see if that's true. Well... maybe tommorrow... yawn.

[ilovecookies]

Awww... no replies?

Well good news anyway. Turns out I needed to compile it in release mode. The .obj was not linking with the detours.lib.

Now that that's out of the way, it means the problem is a code problem and not a configuration problem. Im going to focus on logical sections 1 & 2 now.

Hmmm... Im beginning to think Combat Arms may hook the time functions to prevent tampering. I will test this on other games to see if that's true. Well... maybe tommorrow... yawn.

VAC and VAC2 don't hook timeGetTime, and HS is way crappier than VAC, so I doubt they hook it. See if I can't google up a bit more for you.

LOL@ My fail, I went to the HS main website looking to see if they tell what functions they hook. I R Nub. But I turned up this piece of information. HS Pro protects against speed hacks, so they very well may have hooked timeGetTime.

[Hell_Demon]

You do place the hooks from an injected DLL right?
Try using a static value for the factor(e.g. 5.0f) to test wether it functions at all.
I think the issue comes from the GetItemDlgTextA part

[why06]

Try using a static value for the factor(e.g. 5.0f) to test wether it functions at all.
I think the issue comes from the GetItemDlgTextA part

Did all that... didn't work.

You do place the hooks from an injected DLL right?

Hmmmm? I don't see how else I could do it other then injecting it... =/

NEW VERSION

I tested this in Assualt Cube to see if it was just CA.... didnt' work there either . ;l
[php]
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include "detours.h"
/****************NOTES**********************
Title: SpeedHack v.0.1
This is a C++ style conversion of Dark_Byte's Speedhack. Completely recoded, from the
ground up, using a slight aleration of DB's original method, with the Detours Library 2.1
provided by Microsoft, rather then hooking. This is still in aplha testing.
Might be some problems with a smooth dialing of speed due to factor conversions
Also lacks UI, but plan on adding in next compilation.
Thanks to: Hell_Demon & Matrix_NEO006
Credits: why06 (why06mail@gmail.com) for MPGH.net
********************************************/

DWORD (__stdcall *Real_timeGetTime)(void) = ( DWORD(WINAPI *)(void))GetProcAddress(GetModuleHandleA("Kernel32 .dll"),"timeGetTime");
BOOL (__stdcall *Real_QPC)(LARGE_INTEGER *lp) = (BOOL(WINAPI *)(LARGE_INTEGER *))GetProcAddress(GetModuleHandleA("Kernel32.dll") , "QueryPerformanceCounter");
DWORD (WINAPI *Real_GetTickCount)(void) = (DWORD (WINAPI *)(void))GetProcAddress(GetModuleHandleA("Kernel32 .dll"), "GetTickCount");
//HWND hBox;
//char buf[200] = {0};


float factorset = 2.0;//initial value: 1.0
bool speedhack = 1;//initial state: off

void SpeedLoop()
{

//HWND hWnd;
//hWnd = (HWND)GetForegroundWindow();
//hBox = CreateWindowA("button", "Change Points", WS_VISIBLE | WS_CHILD, 50, 105, 100, 20, hWnd, (HMENU)1, NULL, NULL);
while(1)
{
//GetDlgItemTextA(hBox, 4, buf, 256); //get the text or integer that user has entered and store it in buf
//factorset = atoi(buf); //macro atoi, to convert the string to an integer,


if(GetAsyncKeyState(VK_NUMPAD0))//Z key
{
factorset -= .25;
}
if(GetAsyncKeyState(VK_NUMPAD1))//C key
{
factorset += .25;
}
if(GetAsyncKeyState(VK_INSERT))//T key
{
if(speedhack)speedhack = 0;//off
else speedhack = 1;//on
}

Sleep(30);
}
}

DWORD My_timeGetTime()
{
float factor = 1.0;
DWORD currentreal = 0;

if(speedhack)factor = factorset;
else factor = 1.0;

static DWORD oldtGT = 0;
if(oldtGT==0)
{
oldtGT = Real_timeGetTime();
return oldtGT;
}
currentreal = Real_timeGetTime();

DWORD newret;
newret = currentreal + (DWORD)((currentreal-oldtGT)*(factor));//-1

oldtGT=currentreal;
return newret;
}

BOOL My_QPC(LARGE_INTEGER *lp)
{
static __int64 oldfake = 0;
static __int64 oldreal = 0;
float factor = 1.0;

if(speedhack)factor = factorset;//remember this variable
else factor = 1.0;

__int64 newvalue;

if( oldfake == 0 || oldreal == 0 )
{
oldfake = lp->QuadPart;
oldreal = lp->QuadPart;
}
newvalue = lp->QuadPart;

newvalue = oldfake + (__int64)((newvalue - oldreal) * (factor));//-1

oldreal = lp->QuadPart;
oldfake = newvalue;

lp->QuadPart = newvalue;
return Real_QPC(lp);
}

DWORD My_GetTickCount()
{
float factor = 1.0;
DWORD new_count = 0;
DWORD currentreal = 0;

if(speedhack)factor = factorset;//on
else factor = 1;//off

static DWORD old_count = 0;
if(old_count == 0)
{
old_count = Real_GetTickCount();
return old_count;
}
currentreal = Real_GetTickCount();
new_count = currentreal + (DWORD)(new_count-old_count) * (factor);//-1

old_count = currentreal;
return new_count;
}


BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
{
switch( dwReason )
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls( hModule );
DetourTransactionBegin();
DetourUpdateThread( GetCurrentThread() );
DetourAttach( &(PVOID&)Real_timeGetTime, My_timeGetTime);
DetourAttach( &(PVOID&)Real_QPC, My_QPC );
DetourAttach( &(PVOID&)Real_GetTickCount, My_GetTickCount);
DetourTransactionCommit();
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)SpeedLoop, NULL, NULL, NULL);
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread( GetCurrentThread() );
DetourDetach( &(PVOID&)Real_timeGetTime, My_timeGetTime);
DetourDetach( &(PVOID&)Real_QPC, My_QPC );
DetourDetach(&(PVOID&)Real_GetTickCount, My_GetTickCount);
DetourTransactionCommit();
break;
}
return TRUE;
}
[/php]

[Void]

This is probably 100% wrong but you're not getting other replies so. . .

Did you test the detour function on something you know will work? Like, make your own test program with a function and try to detour it. If that doesn't work, then you might as well start by getting the detour function to work.

[why06]

This is probably 100% wrong but you're not getting other replies so. . .

Did you test the detour function on something you know will work? Like, make your own test program with a function and try to detour it. If that doesn't work, then you might as well start by getting the detour function to work.

No no. That's very helpful!
It doesn't have to just be a code thing. I should approach the whole situation one step at a time. Narrow it down to one failing point. I will try to get a messagebox working first.

[Hell_Demon]

Code:

#include <windows.h>
#include <detours.h> // GET DETOURS 1.5
int (__cdecl *TestFuncOrig)(bool wtfhax);
int TestFuncHook(bool wtfhax)
{
    MessageBoxA(0, "WTF", "WTF", 0);
    return TestFuncOrig(wtfhax);
}
BOOL APIENTRY DllMain(HANDLE hDll, DWORD dwReason, LPVOID lpReserved)
{
    if(dwReason==DLL_PROCESS_ATTACH)
    {
        TestFuncOrig = (int (__cdecl *)(bool))DetourFunction((PBYTE)GetProcAddress(GetModuleHandle("lolwut.dll"), "RAGEMOARPLoX"), (PBYTE)TestFuncHook);
    }
    return TRUE;
}

[AeroMan]

This speed hack seems logical to me and has no compile time errors, So Im guessing it loads correctly. However the speedhack simply does not work. As you can tell its kind of messy. There are parts merely commented out, while I set my focus to another part of the program. For this reason I will describe the program in 3 logical parts. This will make it easy to understand:

1. The Detours. There are three detours set in this program to alter the Windows API functions:
timeGetTime()
QueryPerformanceCounter()
GetTickCount()

2. The Speed Controls. This part adjusts the speed. Do not pay to much attention to the create window thing. Im working on implementing that inside of the hack. Unless ofcourse you want to offer help which I'll gladly except. Focus more on the factors controlling the speed of the detoured functions.

3. The DllMain.
The fault might be here. Maybe it is not loading correctly. To be honest I don't know. All I know is the game does not shut down when I inject it anymore, but perhaps it could be many things.


However it has to be something wrong with one or more these 3 logical sections. For some reason I have a feeling that its the DllMain, because thats where I had a problem last time. I forgot to return true and the program didn't load of initialize properly. not sure =/

[PHP]
#include <windows.h>
#include <tchar.h>
#include <stdio.h>
#include "detours.h"
/****************NOTES**********************
Title: SpeedHack v.0.1
This is a C++ style conversion of Dark_Byte's Speedhack. Completely recoded, from the
ground up, using a slight aleration of DB's original method, with the Detours Library 2.1
provided by Microsoft, rather then hooking. This is still in aplha testing.
Might be some problems with a smooth dialing of speed due to factor conversions
Also lacks UI, but plan on adding in next compilation.
Thanks to: Hell_Demon & Matrix_NEO006
Credits: why06 (why06mail@gmail.com) for MPGH.net
********************************************/

DWORD (__stdcall *Real_timeGetTime)(void) = ( DWORD(WINAPI *)(void))GetProcAddress(GetModuleHandleA("Kernel32 .dll"),"timeGetTime");
BOOL (__stdcall *Real_QPC)(LARGE_INTEGER *lp) = (BOOL(WINAPI *)(LARGE_INTEGER *))GetProcAddress(GetModuleHandleA("Kernel32.dll") , "QueryPerformanceCounter");
DWORD (WINAPI *Real_GetTickCount)(void) = (DWORD (WINAPI *)(void))GetProcAddress(GetModuleHandleA("Kernel32 .dll"), "GetTickCount");
HWND hBox;
char buf[200] = {0};


float factorset = 2.0;//initial value: 1.0
bool speedhack = 1;//initial state: off

void SpeedLoop()
{

HWND hWnd;
hWnd = (HWND)GetForegroundWindow();
hBox = CreateWindowA("button", "Change Points", WS_VISIBLE | WS_CHILD, 50, 105, 100, 20, hWnd, (HMENU)1, NULL, NULL);
while(1)
{
GetDlgItemTextA(hBox, 4, buf, 256); //get the text or integer that user has entered and store it in buf
factorset = atoi(buf); //macro atoi, to convert the string to an integer,

/*
if(GetAsyncKeyState(0x5A))//Z key
{
factorset -= .25;
}
if(GetAsyncKeyState(0x43))//C key
{
factorset += .25;
}
if(GetAsyncKeyState(0x54))//T key
{
if(speedhack)speedhack = 0;//off
else speedhack = 1;//on
}
*/
Sleep(30);
}
}

DWORD My_timeGetTime()
{
float factor = 1.0;
DWORD currentreal = 0;

if(speedhack)factor = factorset;
else factor = 1.0;

static DWORD oldtGT = 0;
if(oldtGT==0)
{
oldtGT = Real_timeGetTime();
return oldtGT;
}
currentreal = Real_timeGetTime();

DWORD newret;
newret = currentreal + (DWORD)((currentreal-oldtGT)*(factor-1));

oldtGT=currentreal;
return newret;
}

BOOL My_QPC(LARGE_INTEGER *lp)
{
static __int64 oldfake = 0;
static __int64 oldreal = 0;
float factor = 1.0;

if(speedhack)factor = factorset;//remember this variable
else factor = 1.0;

__int64 newvalue;

if( oldfake == 0 || oldreal == 0 )
{
oldfake = lp->QuadPart;
oldreal = lp->QuadPart;
}
newvalue = lp->QuadPart;

newvalue = oldfake + (__int64)((newvalue - oldreal) * (factor-1));

oldreal = lp->QuadPart;
oldfake = newvalue;

lp->QuadPart = newvalue;
return Real_QPC(lp);
}

DWORD My_GetTickCount()
{
float factor = 1.0;
DWORD new_count = 0;
DWORD currentreal = 0;

if(speedhack)factor = factorset;//on
else factor = 1;//off

static DWORD old_count = 0;
if(old_count == 0)
{
old_count = Real_GetTickCount();
return old_count;
}
currentreal = Real_GetTickCount();
new_count = currentreal + (DWORD)(new_count-old_count) * (factor-1);

old_count = currentreal;
return new_count;
}


BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved)
{
switch( dwReason )
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls( hModule );
DetourTransactionBegin();
DetourUpdateThread( GetCurrentThread() );
DetourAttach( &(PVOID&)Real_timeGetTime, My_timeGetTime);
DetourAttach( &(PVOID&)Real_QPC, My_QPC );
DetourAttach( &(PVOID&)Real_GetTickCount, My_GetTickCount);
DetourTransactionCommit();
CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)SpeedLoop, NULL, NULL, NULL);
break;
case DLL_PROCESS_DETACH:
DetourTransactionBegin();
DetourUpdateThread( GetCurrentThread() );
DetourDetach( &(PVOID&)Real_timeGetTime, My_timeGetTime);
DetourDetach( &(PVOID&)Real_QPC, My_QPC );
DetourDetach(&(PVOID&)Real_GetTickCount, My_GetTickCount);
DetourTransactionCommit();
break;
}
return TRUE;
}

[/PHP]

Its a lot of code, so it may be easier to look at in a compiler. I've been going over it all day myself, so I figure its about time to ask for some help. Windows is definitely not my specialty... ;l (or anything for that matter, but no need to get picky )

its hard..
Ask IHelper, his the pro coder of mpgh.net!
I cant help, i just can't detouring, im learning but whatever;
Goodluck!

[why06]

its hard..
Ask IHelper, his the pro coder of mpgh.net!
I cant help, i just can't detouring, im learning but whatever;
Goodluck!

You kidding me? Anyone of these guys here know more then that nub. o_O
And plz don't bump old posts.