2 Questions

[archey]

Hello, Everyone.

I am making a trainer for a single player game, and I have an address i need to NOP, for no reload, how can i NOP an address in C++?

Also, I want to make an item traine for Fallout 3, is there a way to have a .dll or .exe write commands into the console, such as player.additem <ITEM #> <AMOUNT> ? As I have found a complete list of item #'s.

Thanks,
Archey

[Retoxified]

Hello, Everyone.

I am making a trainer for a single player game, and I have an address i need to NOP, for no reload, how can i NOP an address in C++?

Also, I want to make an item traine for Fallout 3, is there a way to have a .dll or .exe write commands into the console, such as player.additem <ITEM #> <AMOUNT> ? As I have found a complete list of item #'s.

Thanks,
Archey

Code:

void PatchMem(LPVOID dwAddress, LPVOID bytes, DWORD dwSize)
{
	DWORD flOldProtect = 0;
	VirtualProtect((void*)dwAddress, dwSize, PAGE_EXECUTE_READWRITE, &flOldProtect);
	memcpy((void*) dwAddress, bytes, dwSize);
	VirtualProtect((void*)dwAddress, dwSize, flOldProtect, &flOldProtect);
}
BYTE noptwo = {0x90, 0x90};
LPVOID addy = 0x9403299;
memcpy(addy, noptwo, 2);

should work

[Void]

Code:

void PatchMem(LPVOID dwAddress, LPVOID bytes, DWORD dwSize)
{
	DWORD flOldProtect = 0;
	VirtualProtect((void*)dwAddress, dwSize, PAGE_EXECUTE_READWRITE, &flOldProtect);
	memcpy((void*) dwAddress, bytes, dwSize);
	VirtualProtect((void*)dwAddress, dwSize, flOldProtect, &flOldProtect);
}
BYTE noptwo = {0x90, 0x90};
LPVOID addy = 0x9403299;
memcpy(addy, noptwo, 2);

should work

Keep in mind this is if you're going to inject your own module. If you plan on making an actual trainer, use WriteProcessMemory/ReadProcessMemory.

WriteProcessMemory

[archey]

This is my current code

Code:

#include <iostream>
#include <windows.h>

using namespace std;

DWORD proc_id;
HANDLE hProcess;


int main()
{
HWND hWnd = FindWindow(0, "Modern Warfare 2");
GetWindowThreadProcessId(hWnd, &proc_id);
hProcess = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, FALSE, proc_id);

main();
BYTE Nop[ ] = {(0x90)};
WriteProcessMemory(hProcess, (LPVOID*)(DWORD) (0x0108DFB8), &Nop, sizeof(Nop), NULL);	
}

It crashes when i run it though, not sure how many 0x90's i need and also not sure which adress to use from cheat engine, i did find out what writes to this address, and i tried using the one highlighted in red, and the one where it says 'the value the pointer need to find this address is probably'

[Void]

Hmm, it's possible the address is wrong. Or, if you're NOP'ing an instruction that actually does something ( rather than bytes being read as values ), NOP'ing 1 byte will leave the instruction semi-broken ( it won't do the same thing ) and when it comes time to execute it won't make sense. If you used CE to test this out, try NOP'ing them from there and it's going to show how many bytes it NOP'd.

Also, why did you use that recursive call after getting the process handle? It never gets to the WriteProcessMemory function.

[archey]

This is my updates code, i looked in the disassembler and it showed 4 bytes, so i assume i need 4 0x90's? The address i am using seems to be right, as last night when i did write this address in CE, same address showed up in red. Also i found most of this code on the internet on other forums.

Code:

#include <iostream>
#include <windows.h>

using namespace std;

DWORD proc_id;
HANDLE hProcess;


int main()
{
HWND hWnd = FindWindow(0, "Modern Warfare 2");
GetWindowThreadProcessId(hWnd, &proc_id);
hProcess = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, FALSE, proc_id);

main();
BYTE Nop[ ] = {(0x90, 0x90, 0x90, 0x90)};
WriteProcessMemory(hProcess, (LPVOID*)(DWORD) (0x004C6E0D), &Nop, sizeof(Nop), NULL);	
WriteProcessMemory(hProcess, (LPVOID*)(DWORD) (0x004C6E0D), &Nop, sizeof(Nop), NULL);	
WriteProcessMemory(hProcess, (LPVOID*)(DWORD) (0x004C6E0D), &Nop, sizeof(Nop), NULL);
WriteProcessMemory(hProcess, (LPVOID*)(DWORD) (0x004C6E0D), &Nop, sizeof(Nop), NULL);
}

[Void]

Did that code work? Remove the 3 last WriteProcessMemory, the first one will write all 4 bytes. Remove the call to 'main' right before BYTE Nop[ ].

[archey]

Did that code work? Remove the 3 last WriteProcessMemory, the first one will write all 4 bytes. Remove the call to 'main' right before BYTE Nop[ ].

Okay did those two things compiled fine, didnt crash when i ran it, but when i go into game, then shoot game crashes

[Retoxified]

what is it ur trying to do? xD

[archey]

what is it ur trying to do? xD

NOP an address in MW2 single player, for no reload As i am new to trainer making im starting wiht something easy, just for some reason it crashes the game when i try shoot now (see my above post)

[Retoxified]

NOP an address in MW2 single player, for no reload As i am new to trainer making im starting wiht something easy, just for some reason it crashes the game when i try shoot now (see my above post)

You sure the addy is correct?

[archey]

You sure the addy is correct?

It should be, not sure how to tell.

[Void]

It should be, not sure how to tell.

NOP it with CE or olly, if it doesn't work there, you have to find another method of making no reload.

Why not find the instruction that decreases the number of bullets, and NOP it. I believe it would look something like:
[php]
mov [ebx],eax
[/php]

EAX being -1 or something.

CE has that 'Find out what accesses/writes to this address', find the address that holds the number of bullets you have, and use that feature on the address found.

[archey]

NOP it with CE or olly, if it doesn't work there, you have to find another method of making no reload.

Why not find the instruction that decreases the number of bullets, and NOP it. I believe it would look something like:
[php]
mov [ebx],eax
[/php]

EAX being -1 or something.

CE has that 'Find out what accesses/writes to this address', find the address that holds the number of bullets you have, and use that feature on the address found.

Yeah i have NOPed it before

[why06]

Okay did those two things compiled fine, didnt crash when i ran it, but when i go into game, then shoot game crashes

Might not work just noping:
1. the function could return value that needs to be checked so ur game is failing (doubt it)

2. Most likely you are only noping 4 bytes and you need to nop 5 bytes. That means noping the opcode that call the address your noping. Other wise your still left with a call instruction, but with no address to call. =/

EDIT: If you could post the disassembly ur looking at we could probably make the right judgment.