[Help] Fix not working

[lilneo]

Okay well, you closed my last thread that said solved. You gave me the fix for my address's changing on me, because it was relative to engine.dll. Well I am using the GetModuleHandle("engine.dll")+<address> to get the addies now, but if I change them the game just crashes... Here's some of my code:

Code:

DWORD* Cheats = (DWORD*)(GetModuleHandle("engine.dll")+0x544810);
bool Hack;

//other stuff

void HackFunction()
{
	while(1)
	{
		if(GetAsyncKeyState(VK_INSERT)&1)
		{
			Hack=!Hack;
			if(Hack)
			{
				MessageBoxA(NULL, "Hack turned on.", "Manipulator", NULL);
				*Cheats = 1;
			}
			if(!Hack)
			{
				MessageBoxA(NULL, "Hack turned off.", "Manipulator", NULL);
				*Cheats = 0;
			}
		}

// more stuff
BOOL APIENTRY DllMain( HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved){

if( ul_reason_for_call == DLL_PROCESS_ATTACH)
	{
		CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&HackFunction, NULL, 0, NULL );
		if(GetLastError()==0)
		{
			MessageBoxA(NULL, "DLL injected and thread created successfully.", "Manipulator", NULL);
		}
	}
return TRUE;
}

That's only a portion of the code, I'm not getting any compile errors so don't worry about syntax errors or things like that.

When I push insert it says "Hack turned on" then a second after I push okay, the game just closes.

~lilneo

[radnomguywfq3]

Check the return on GetModuleHandle. You need to give your target some time to load dynamically linked libraries. If it fails to get the base of the module, you need to go again until it is finally loaded.

GetModuleHandle will return null if it has encountered an error.

[Void]

If you got the offset using ollydbg, I think olly shows the base of the DLL with the added RVA. Not the actual base.

Someone correct me, I'm not good with the PE crap..

[radnomguywfq3]

If you got the offset using ollydbg, I think olly shows the base of the DLL with the added RVA. Not the actual base.

Someone correct me, I'm not good with the PE crap..

You're correct. If the the address your adding to the base address of engine.dll isn't an RVA, you need to go back and reload the executable and it's modules. Then locate the target address, and subtract the base address of it's parent module and you will get the RVA.

[why06]

When a game crashes un expectedly its usually due to one of two reasons:

1. Memory Access:
- u tried to write over mem that was read only
- accessing memory out of bonds

2. Hack prevention program

I think this is ur problem here:
*Cheats = 1;

I think when u try to change the value of the addy the memory at that location may be read only. So u might need to us VirtualProtect API to change the access privileges to this memory location.

[Hell_Demon]

He got it with cheat engine, I assume his problem is that engine.dll isn't loaded when he injects.

[lilneo]

How does sv_cheats exist if engine.dll isn't loaded...

And Why06, I am injected... I have access to it all, and I can change it if I use the address straight up. Except it changes.

Okay so, I have ensured that GetModuleHandle("engine.dll") is not NULL for when I set the pointers. Now, even when I read from them. I use MessageBox to display *Cheats and it just crashes the game.

~lilneo

[why06]

How does sv_cheats exist if engine.dll isn't loaded...

It doesn't. Which might be a problem. But since u said it wasn't null ill assume that's not it.

And Why06, I am injected... I have access to it all, and I can change it if I use the address straight up. Except it changes.

~lilneo

Since the program crashes as soon as u try to change the value I assumed u didn't have proper privileges to change that memory, ur accesing memory out of bonds(module isn't loaded), or some hack prevention mechanism is closing the game.

Ps: I'm typing this on my Droid phone sry if I can't be more detailed. Speaking og details... what game is this?

[Void]

Log the address you obtained in a text file or something. Before activating the hack, attach your debugger to the game and get the address manually, compare the one you got and the one you logged.

-Make sure the module is found before you add the offset to the base.

-Make sure the page you're writing to has the proper access rights for writing. If you try writing to it and the pages rights only allow execution or reading, it could cause problems.

[lilneo]

Alright, Well I did some research and I think I have to use GetModuleInformation to get the entry point address of the dll. From that I can add the address. But it's still not working, I am so sick of this here is my entire code:

Code:

#include <windows.h>
#include <Psapi.h>
#include <string.h>
#include <stdio.h>

DWORD Cheats = NULL;
DWORD Consistency = NULL;
DWORD Timescale = NULL;
DWORD Wallhack = NULL;
bool Hack = false;

void HackFunction()
{
	while(1)
	{
		POINT pos;
		GetCursorPos(&pos);
		double mouse_x = pos.x;
		double mouse_y = pos.y;

		if(GetAsyncKeyState(VK_INSERT)&1)
		{
			Hack=!Hack;
			if(Hack)
			{
				MessageBoxA(NULL,"Hack turned on.", "Manipulator", NULL);
				Cheats = 1;
				Consistency = 0;
				Timescale = 4;
				Wallhack = 2;
			}
			if(!Hack)
			{
				MessageBoxA(NULL, "Hack turned off.", "Manipulator", NULL);
				Cheats = 0;
				Consistency = 1;
				Timescale = 1;
				Wallhack = 1;
			}
		}
		if(GetAsyncKeyState(VK_LBUTTON) && Hack)
		{
			SetCursorPos((int)mouse_x,(int)mouse_y+3);
			Sleep(23);
		}
		if(GetAsyncKeyState(VK_HOME))
		{
			break;
		}
		Sleep(10);
	}
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved){

if( ul_reason_for_call == DLL_PROCESS_ATTACH)
	{
		while(GetModuleHandle("engine.dll")==NULL)
		{
			Sleep(1);
		}
		if(GetModuleHandle("engine.dll")!=NULL)
		{
			HMODULE ModHandle=NULL;
			MODULEINFO info = {0};

			while(ModHandle==NULL)
			{
				ModHandle = GetModuleHandle("engine.dll");
			}
			
			GetModuleInformation(GetCurrentProcess(),ModHandle,&info,sizeof(info));

			DWORD Cheats = (DWORD)((DWORD)(info.EntryPoint)+0x544810);
			DWORD Consistency = (DWORD)((DWORD)(info.EntryPoint)+0x544A50);
			DWORD Timescale = (DWORD)((DWORD)(info.EntryPoint)+0x393D94);
			DWORD Wallhack = (DWORD)((DWORD)(info.EntryPoint)+0x4C89A8);

			CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&HackFunction, NULL, 0, NULL );
			
			if(GetLastError()==0)
			{
				MessageBoxA(NULL, "DLL injected and thread created successfully.", "Manipulator", MB_OK);
			}
			else
			if(GetLastError!=0)
			{
				char lasterr[128];
				sprintf(lasterr, "%x", GetLastError());
				MessageBox(0, lasterr, "ERROR", 0);
			}
		}
	}
return TRUE;
}

(edit3) Alright, I've finally fixed it enough so that the game no longer crashes, unfortunately it's not changing Cheats or anything...

~lilneo

[radnomguywfq3]

The RVA is relative to the base address of a module(where the module was loaded), not it's entry-point.

[scimmyboy]

The RVA is relative to the base address of a module(where the module was loaded), not it's entry-point.

so ur sayin that he cant start his hacks upon the dlls entry point cuz it may not have loaded engine.dll?

[Hell_Demon]

lilneo how about you learn how to code first?

Code:

				Cheats = 1;
				Consistency = 0;
				Timescale = 4;
				Wallhack = 2;

I facepalmed at that >.> of course it's not changing sv_cheats...

[schim]

lilneo how about you learn how to code first?

Code:

				Cheats = 1;
				Consistency = 0;
				Timescale = 4;
				Wallhack = 2;

I facepalmed at that >.> of course it's not changing sv_cheats...

Note H_D, there are actually hacks that do change sv_cheats localy, wich allows you to use non-serverside commands, for some reason VAC allows the server and the client to have different values for sv_cheats

[Hell_Demon]

Note H_D, there are actually hacks that do change sv_cheats localy, wich allows you to use non-serverside commands, for some reason VAC allows the server and the client to have different values for sv_cheats

Yeah I know but he isn't using pointers

He sets the value of a local variable to the addy of sv_cheats, then replaces that value with 1 and 0 in his keycheck >.>