C++ Address Logger

[inmate]

Hey guys, i found a nice tutorial.

This isnt my Tutorial, all Credits goes to: Geecko

=========================================

Hi all......!!!!

Now i tell u how to make a nice addy logger.....so u dont have to re-search the addy, each update....!!!!

This save u a lot of time


Let's Start......

-------------------------------------------------------------------------------------------------

PROGRAMS & REQUIREMENTS:

Visual C++ ( i use 6.0 )
Brain:sly:
Some basics C++ knowledge
Some minutes...

--------------------------------------------------------------------------------------------------


Now open a new project "Win32 Dynamic-Link Library", call it with the name u want


Now add some globals:

#include <windows.h>
#include <fstream>
#include <stdio.h>
using namespace std; //need for the logging func
ofstream ofile; //need for the logging func
#define WIN32_LEAN_AND_MEAN
char *GetDirectoryFile(char *filename); //getdirfile for the logging func
void __cdecl add_log (const char * fmt, ...); //the logging func
void thethread(); //the main function
char dlldir[320];

In our DllMain(HMODULE hMod, DWORD dwReason, PVOID pvReserved):

CreateThread(0, 0, (LPTHREAD_START_ROUTINE)thethread, 0, 0, 0);
GetModuleFileName(hMod, dlldir, 512);
for(int i = strlen(dlldir); i > 0; i--) { if(dlldir[i] == '\\') { dlldir[i+1] = 0; break;}}

ofile.open(GetDirectoryFile("WooWMyLog.txt"), ios::app);


MessageBox(NULL, " Logger", "Let's log some addy", MB_OK); //not really needed

We have to add these 2 function to let the logger work correctly:

char *GetDirectoryFile(char *filename)//get the directory of the dll
{
static char path[320];
strcpy(path, dlldir);
strcat(path, filename);
return path;
}


void __cdecl add_log (const char *fmt, ...)//the add log func
{
if(ofile != NULL)
{
if(!fmt) { return; }

va_list va_alist;
char logbuf[256] = {0};

va_start (va_alist, fmt);
_vsnprintf (logbuf+strlen(logbuf), sizeof(logbuf) - strlen(logbuf), fmt, va_alist);
va_end (va_alist);

ofile << logbuf << endl;
}
}

Now we have to add another 2 functions, 2 important function that search the address:

bool Match(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}


DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i < dwLen; i++)
if( Match( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);

return 0;
}

After this we have to put the last function, "thethread":

void thethread()
{

//Code Here

}

Now the base it's finished, but a very interesting question is:

"How i can add an address???"


Let's say that once u have understand the method is simply add an address......

u need:

1) A sequence of bytes of the addy (generally the first 10/15 bytes), this is called "Array of Bytes"

2)A Mask (tells the search functions what bytes change and what bytes are static)

An Example is:

DWORD m_dwaddy = FindPattern(0x400000, 0x01400000,(unsigned char*)"\xB9\x00\x00\x00\x00\xF3\xA5\x00","x????xxx ");

add_log("\nFunction %\nAddress : 0x%.6X\n",m_dwaddy);

0x400000 : the start address of ur research
0x01400000 : the end address of ur research
\xB9\x00\x00\x00\x00\xF3\xA5\x00 : the Array of Bytes
x????xxx : the Mask

x : static byte
? : not static byte

So the first byte is static ( with x ), \x00\x00\x00\x00 bytes aren't statics (with ? ), the last 3 bytes are static ( with x ).

the static bytes dont change ( dont change after an update )
the not static bytes change after an update

Where/How can i search for bytes???


U can search for bytes in OllyDbg, in IDA Pro or with ur favourite program.

How can i understand what bytes are static and what arent?

easy, copy an array of a selected addy.
then wait until there is an update, and research the new addy with the same asm code as the old (attention: u DONT have to search for the OLD addy after an update,or it will be wrong)
then compare the 2 array.....!!!!!


END of TUT


If u dont want to do it, there is a plugin for OllyDbg that do it automatically....


I think i helped u.

Credits: Me and people that made some functions

===============================

Note: If you use it give Credits to the Author !!

-InSaNe- post some Patterns which you can use with it:

Credits to -InSaNe- !!

char* RegisterFont = "\x8b\x44\x24\x04\x6a\x01\x50\x6a\x18";
char* RegisterFont_Mask = "xxxxxxxxx";
char* RegisterShader = "\x8b\x44\x24\x04\x80\x38\x00\x75\x00";
char* RegisterShader_Mask = "xxxxxxxx?";
char* EngineText = "\x8b\x44\x24\x04\x80\x38\x00\x0f\x84\x00\x00\x00\ x00";
char* EngineText_Mask = "xxxxxxxxx????";
char* StrWidth = "\x51\x53\x57\x33\xdb";
char* StrWidth_Mask = "xxxxx";
char* CG_Trace = "\x8b\x44\x24\x18\x8b\x4c\x24\x14\x8b\x54\x24\x08" ;
char* CG_Trace_Mask = "xxxxxxxxxxxx";
char* CG_GetPlayerTag = "\x8b\x8e\xd0\x00\x00\x00\x50\x51\xe8\x00\x00\x00\ x00\x83\xc4\x08\x85\xc0\x75\x00\xc3";
char* CG_GetPlayerTag_Mask = "xxxxxxxxx????xxxxxx?x";
char* R_RegisterTag = "\x8B\x44\x24\x04\x6A\x01\x50\xE8\x00\x00\x00\x00\ x83\xC4\x08\xC3";
char* R_RegisterTag_Mask = "xxxxxxxx????xxxx";
char* NoRecoil = "\xE8\x00\x00\x00\x00\x83\xC4\x14\x8B\x44\x24\x40\ x8B\x4C\x24\x10";
char* NoRecoilMask = "x????xxxxxxxxxxx";
char* GetScreenMatrix = "\xA1\x00\x00\x00\x00\x83\xF8\x03\x77\x0D";
char* GetScreenMatrixMask = "x????xxxxx";
char* W2S = "\x83\xEC\x0C\x8B\x44\x24\x18\xD9\x00";
char* W2SMask = "xxxxxxxxx";
char* GetCalc = "\xA1\x00\x00\x00\x00\x83\xF8\x03\x77\x0D";
char* GetCalcMask = "x????xxxxx";
char* Draw2D = "\x56\x8B\x74\x24\x08\x56\xE8\x00\x00\x00\x00\x83\ xC4\x04\x83\x3D";
char* Draw2DMask = "xxxxxxx????xxxxx";
char* WritePacket = "\xB8\x00\x00\x00\x00\xE8\x00\x00\x00\x00\x8B\x84\ x24\x00\x00\x00\x00\x56\x8B\x35";
char* WritePacketMask = "x????x????xxx????xxx";
char* uiShowList = "\xA1\x00\x00\x00\x00\x81\xEC\x00\x00\x00\x00\x80\ x78\x0C\x00\x74\x29";
char* uiShowListMask = "x????xx????xxxxxx";
char* SendCommandToConsole = "\x6A\x1F\xE8\x00\x00\x00\x00\x8B\x44\x24\x0C" ;
char* SendCommandToConsoleMask = "xxx????xxxx";
char* DrawRotatedPic = "\x83\xEC\x50\xD9\x44\x24\x68";
char* DrawRotatedPicMask = "xxxxxxx";
char* R_WeaponSpread = "\x83\xEC\x18\x56\x8B\x74\x24\x20\x85\xF6";
char* R_WeaponSpread_Mask = "xxxxxxxxxx";
char* R_GetCurrentWeapon = "\x8B\x44\x24\x04\xF6\x80\x00\x00\x00\x00\x00\x74\ x07";
char* R_GetCurrentWeapon_Mask = "xxxxxx?????xx";
char* GetSpreadMultiplier = "\xD9\x1D\x00\x00\x00\x00\x8B\x5C\x24\x2C";
char* GetSpreadMultiplier_Mask = "xx????xxxx";
char* GetRandomSpread = "\x83\xEC\x18\x56\xE8";
char* GetRandomSpread_Mask = "xxxxx";

cheers =)

[Kenshin13]

Hope no one's so stupid to release this as a program....
Anyways thx! I was way to lazy to make my own xD

[Eidolon]

Am yea, nice tut but a quick note;
nearly everyone is working with .NET ( finally made someone a cpp tut) so good job!
thing is, its a leeched tut and everyone who knows basic methods should be able to create a logger so I dont really know why releasing it

Nice job anyway and I hope at least you learnt something about it

[inmate]

Am yea, nice tut but a quick note;
nearly everyone is working with .NET ( finally made someone a cpp tut) so good job!
thing is, its a leeched tut and everyone who knows basic methods should be able to create a logger so I dont really know why releasing it

Nice job anyway and I hope at least you learnt something about it

Oh sry, i dont know that it was leeched, i found it on uc.

Yes i released it, cuz i hope that there are people out there which want to learn something and dont C&P codes like the .net modules from Jorndel (nothing against Jorndel, he is a good coder ) which contains Read/Write Memory etc.

And yeah thats right, the most people use .net, but im in love with C++ .

I hope that there are coders out there, which learn from the tut.

Yeah of course i learned of it, you know that im not a C&P coder ;D.

cheers

[Eidolon]

Oh sry, i dont know that it was leeched, i found it on uc.

Yes i released it, cuz i hope that there are people out there which want to learn something and dont C&P codes like the .net modules from Jorndel (nothing against Jorndel, he is a good coder ) which contains Read/Write Memory etc.

And yeah thats right, the most people use .net, but im in love with C++ .

I hope that there are coders out there, which learn from the tut.

Yeah of course i learned of it, you know that im not a C&P coder ;D.

cheers

i found a nice tutorial.

Means leeched

Nice that you are in love with C++ (so was I and still am [although asm still is more attractive to me)
Hope to see you in the BO2 section as well

777 posts

[rawr im a tiger]

Oh, a pattern scanner. I thought for a sec you were talking about a trainer logger (hooking WPM, RPM etc)

[barata55]

Still like my C# logger moar, its simple and functional, still good code for beginners.

Thanks Barata...