No Recoil

**♪~ ᕕ(ᐛ)ᕗ** · 08-03-2011

Originally Posted by alteriw-norecoil

but since _data != NULL, the function does not return CheatDetectedBooom!

And why would you write <addy> to 0x90? What's so important about that address?

Revised your code for you (consider it a favor)

Code:

memcpy((LPVOID)0x90, (LPVOID)<addy>, sizeof(PBYTE));

I bet you're just some alteriw admin troll who doesn't even know how memcpy works.

This is probably what you meant:

Code:

PBYTE _data = 0x90;
memcpy((LPVOID)<addy>, &_data, sizeof(_data));
/*
// 0x90 != 0, so why not comment out this section?
if(_data == NULL)
{
      return CheatDetectedBooom;
}
*/

no lol. in that case memcpy will copy the data stored on the address to _data. Then checking if _data is filled with 0x00 would be easy as fuck for the Anti Cheat.

By the way memcpy() copies a data stored to a pointer to another pointer, and the first parameter is the destination, and the second one is the source. The third is the size of the data to be copied. Actually the person who seems to doesn't know what memcpy does isn't me

**alteriw-norecoil** · 08-03-2011

void * memcpy ( void * destination, const void * source, size_t num );

Hmm, were you confusing destination and source?

**shadowx360** · 08-03-2011

In any case, x90 isn't used as an address, it's the opcode for NOP. The code he posted writes three floats into that address. In any case, it's a bad habit to equate 0 with NULL, there has been quite a few documented cases of NULL not equal to 0 and screwing the programmer over and giving him a few extra hours of debugging.

Besides, bad habit to initialize a variable to NOP and then read into it. That's just plain unnecessary, why initialize something when you're going to put data into it the next line?

**alteriw-norecoil** · 08-03-2011

Huey Freeman's code:

Code:

PBYTE _data = 0x90;
memcpy((LPVOID)_data, (LPVOID)<addy>, sizeof(_data));
if(_data == NULL)
{
      return CheatDetectedBooom;
}

First of all, he's writing from the address into 0x90, then he's comparing 0x90 to NULL.

If he was trying to check if something is NOPed:

Code:

BYTE _data = 0;
memcpy(&_data, (LPVOID)<addy>, sizeof(_data));
if(_data == 0x90)
{
      return CheatDetectedBooom;
}

or

Code:

BYTE _data = 0x90;
if(!memcmp(&_data, (LPVOID)<addy>, sizeof(_data)))
{
      return CheatDetectedBooom;
}

And how does this detect my code? It doesn't.

**shadowx360** · 08-03-2011

Actually. If the aCI is running as a thread as part of the process...it doesn't have to use memcpy, it can use access the memory location directly and compare it.

**♪~ ᕕ(ᐛ)ᕗ** · 08-03-2011

Originally Posted by alteriw-norecoil

void * memcpy ( void * destination, const void * source, size_t num );

Hmm, were you confusing destination and source?

I wanted to show u a way that a coder would use to detect ur cheat *epicfp*

**alteriw-norecoil** · 08-03-2011

You're right (shadowx360); this can also be done:
But memcpy and memcmp makes it easier to compare more bytes.

Code:

if(*(char *)<addy> == 0x90)
{
      return CheatDetectedBooom;
}

**♪~ ᕕ(ᐛ)ᕗ** · 08-03-2011

Originally Posted by alteriw-norecoil

You're right, this can also be done:

Code:

if(*(byte *)<addy> == 0x90)
{
      return CheatDetectedBooom;
}

that's write but youre filling it with 0's. in ur code it was

Code:

float blabla[3] = {0};

Or something. And, after memcpy() is done _data's value wont be 0x90. I could obv skip the part when I assign _data a value but it might result as an exception.