Quite funny ,i was wonderring because when my game crashes while i test new functions i saw that internet explorer opens fast and closed..so i thought and checked the codes for a shellexecute and i found it ^^
This is one :
Code:
text:00658297 push edx
.text:00658298 push offset cURL ; "%s/CrashLog.asp?id=%s&code=%x&address=%"...
.text:0065829D lea eax, [ebp+Parameters]
.text:006582A3 push eax ; char *
.text:006582A4 call _sprintf ; enter found addy & dt code
.text:006582A9 add esp, 24h
.text:006582AC push 0 ; nShowCmd
.text:006582AE push 0 ; lpDirectory
.text:006582B0 lea ecx, [ebp+Parameters]
.text:006582B6 push ecx ; lpParameters
.text:006582B7 push offset File ; "c:\\program files\\internet explorer\\iexp"...
.text:006582BC push offset Operation ; "open"
.text:006582C1 push 0 ; hwnd
.text:006582C3 call ds:ShellExecuteA
.text:006582C9 push 1000h ; size_t
.text:006582CE push 0 ; int
.text:006582D0 push offset unk_9CC428 ; void *
.text:006582D5 call _memset
.text:006582DA add esp, 0Ch
.text:006582DD mov dword_9CC420, 0
Of course there are some more.
So now we got some ways to stop it.
First way ,we simply nop the call
Like this:
Code:
MemoryEdit((void *)(0x006582C3),(void*)"\x90\x90\x90\x90\x90\x90",6);
There is still this: 0x9CC420 ,im not sure what it is for ,but i dont care,its not important for me i think(hope)
This nop we need to do with all other calls too..I dont want to do this..So we take an esayer way
The way is hooking.
How i do it:
Code:
#define IN_CODE 54613148
HINSTANCE WINAPI myShellExecuteA( HWND hwnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, INT nShowCmd)
{
if(nShowCmd == IN_CODE)
return pShellExecuteA(hwnd,lpOperation,lpFile,lpParameters,lpDirectory,SW_SHOWNORMAL);
return pShellExecuteA(hwnd,lpOperation,0,lpParameters,lpDirectory,nShowCmd);
}
The #define IN_CODE i take for logging if i am in my code or not.Blackshot just uses SE for reporting hacks dt
To call the ShellExecute now if you need to use it just take as nShowCmd IN_CODE ,then it will work.
Before i forget, this is what you need too:
Declare:
Code:
typedef HINSTANCE (WINAPI *oShellExecuteA)( HWND hwnd, LPCSTR lpOperation, LPCSTR lpFile, LPCSTR lpParameters, LPCSTR lpDirectory, INT nShowCmd);
oShellExecuteA pShellExecuteA;
&the hook:
Code:
pShellExecuteA = (oShellExecuteA)DetourFunction((PBYTE)ShellExecuteA,(PBYTE)myShellExecuteA);
Im using MSDetours 1.5
sometimes that game really fails Enjoy it guys so you dont get banned so fast while testing you'r hacks.