You put virtualProtect and memset together in a function. GJ.
Guys, he is just posting a differen't nopping method. No need to ask why or anything else. It's not needed.
-0x00 (10-23-2010)
-0x00 (10-23-2010)
0x90 is a reference to nothing?
• CABR Minion:
Feb, 12th 2011 - Aug, 12th 2011
• Full CA Section Minion:
July, 06th 2011 - Aug, 12th 2011
LOL @ "antinoob" so fucking obvious
I edited it...
Goals:
Green = Done
Blue = Getting Somewhere
Red = Not Done
- Mouse Grid
- PTC Method
- Trigger Bot
I'm trying to think of more stuff!
So "WriteProcessMemory" & "ReadProcessMemory" API's Does'nt work on cshell? or does it get detected?
First time here and just wanted to get heads up before I start looking into Combat Arms Hacks... Also I notice that most people hard patch there address after dumping, Is there a reason for this? does CA detect memory hacks? VirtualProtect is used for Changing the protection of a region, but i just wanted to know why you guys are using "MemSet"? I dont code in C++, but can read it fine, Just interested why you don't use WriteProcessMemory
they work just fine in cshell. Combat Arms has recently added a check when you join in game, too see if any memory is being modified and if console commands have been used.
I remember asking the same question about WPM when i started hacking CA. I think the answer was something along the lines of, "You've already hooked into CA, and can do direct memory edits, So you dont need to get the process again " or something like that. I cant remember
k that makes sense, I just found what this PTC is (PushToConsole).. so if they have just added these checks then how is it possible to modify memory addresses? also found an example template in C++ it was easy to understand, but does this Dll get added to the cshell IAT(Import Address Table) or does it get injected by using allocatememory? I have written 2 programs which can do both, 1 for adding any dll and its exported functions to a exe(or dll) and another that will inject a dll into a running process... But now you have said that CA searches for modified bytes so neither of these methods are of any use? does CA have some sort of integrity checking? are the hacks applyed to cshell or CombatArms.exe? you said it WPM and RPM should work fine in cshell but how is that possiable of they are checking?
You inject the DLL into the process.
Its possible because it only checks for memory modifications while joining a game, So if you turn all hacks off while your in the lobby, join a game, then turn them back on again, it will work.
I have been reading around on forums and a soultion would be to check if you are ingame before you push commands/ memory edits.
You would do this by seeing if LTClient + 0x8C returns 1
Thanks your being a great help, I have a few other questions, whats the "LTClient"? Also is there any reason we can'nt add our custom dll to the Import table? that way it loads our custom dll without injection, just as it would load any other imports... or does it have integrity check of cshell.dll? if thats the case adding the custom dll to import table wont work because of the hash will be different and size will slightly grow.