void * memcpy ( void * destination, const void * source, size_t num );
Hmm, were you confusing destination and source?
no lol. in that case memcpy will copy the data stored on the address to _data. Then checking if _data is filled with 0x00 would be easy as fuck for the Anti Cheat.
By the way memcpy() copies a data stored to a pointer to another pointer, and the first parameter is the destination, and the second one is the source. The third is the size of the data to be copied. Actually the person who seems to doesn't know what memcpy does isn't me
Last edited by ♪~ ᕕ(ᐛ)ᕗ; 08-03-2011 at 01:38 AM.
void * memcpy ( void * destination, const void * source, size_t num );
Hmm, were you confusing destination and source?
In any case, x90 isn't used as an address, it's the opcode for NOP. The code he posted writes three floats into that address. In any case, it's a bad habit to equate 0 with NULL, there has been quite a few documented cases of NULL not equal to 0 and screwing the programmer over and giving him a few extra hours of debugging.
Besides, bad habit to initialize a variable to NOP and then read into it. That's just plain unnecessary, why initialize something when you're going to put data into it the next line?
Last edited by shadowx360; 08-03-2011 at 09:56 AM.
Huey Freeman's code:
First of all, he's writing from the address into 0x90, then he's comparing 0x90 to NULL.Code:PBYTE _data = 0x90; memcpy((LPVOID)_data, (LPVOID)<addy>, sizeof(_data)); if(_data == NULL) { return CheatDetectedBooom; }
If he was trying to check if something is NOPed:
orCode:BYTE _data = 0; memcpy(&_data, (LPVOID)<addy>, sizeof(_data)); if(_data == 0x90) { return CheatDetectedBooom; }
And how does this detect my code? It doesn't.Code:BYTE _data = 0x90; if(!memcmp(&_data, (LPVOID)<addy>, sizeof(_data))) { return CheatDetectedBooom; }
Last edited by alteriw-norecoil; 08-03-2011 at 10:40 AM.
Actually. If the aCI is running as a thread as part of the process...it doesn't have to use memcpy, it can use access the memory location directly and compare it.
You're right (shadowx360); this can also be done:
But memcpy and memcmp makes it easier to compare more bytes.
Code:if(*(char *)<addy> == 0x90) { return CheatDetectedBooom; }
Last edited by alteriw-norecoil; 08-03-2011 at 10:46 AM.
Because my code simply nulls the recoil vector.
What is pid?
------------------------------------------------------
------------------------------------------------------
Well, why don't you go Google the parameters of OpenProcess() and see? Damn leechers expecting us to spoon feed life to them....
@DahInternetz PID is pelvic inflammatory disease. If you want a serious answer, do what shadowx360 suggests.
someone has downloaded the file? do not know source code '-'