Copy Function Beta [For PTC]

**topblast** · 06-10-2011

Well I just put this together is about 3 mins so it might got a few logical errors in it.

I DID NOT TEST THIS CODE.

But the way i wanted it to work is to Copy the whole function into a place in memory. Then return the addy to the space in memory, Stop like the bottom half of Some detours. So I Copy the whole function and you can use that function anytime you want to.

I have one that i am 100% that will work but i dont want to post it, it is built for profection :O

So in other words

CopyFunction(ENGINE_LTC_FOR_PTC);
Copy PTC Function into memory
Return the Address of that function and store into your Typedef function lets say
PTC = CopyFunction(ENGINE_LTC_FOR_PTC);
PTC("ShowFPS 1");
and it SHOULD work

Credits to topblast
ONLY TOPBLAST

Code:

void* CopyFunction(DWORD addy)
{
	if (addy == NULL) return NULL;
	int len = 0;
	PBYTE func;
	DWORD dwProtect;
	LPVOID ret;
	func = PBYTE(addy);
	while(func[len] != 0xC3 || func[len] != 0xC2
		  || func[len] != 0xCA || func[len] != 0xCB)
	{
		len++;
	}
	ret =  VirtualAlloc(0, len, (MEM_COMMIT | MEM_RESERVE), PAGE_EXECUTE_READWRITE);
	if (ret != NULL && 
		VirtualProtect(LPVOID(addy), len, PAGE_EXECUTE_READWRITE, &dwProtect) == TRUE) return NULL;
	{
		memcpy(ret,LPVOID(addy),len);
		VirtualProtect(LPVOID(addy), len, dwProtect, &dwProtect);
		return ret;
	}
	ret = NULL;
	func = NULL;
	return NULL;
}

**Alessandro10** · 06-10-2011

Nice Job..

**topblast** · 06-10-2011

I just saw that i have some unneeded code in they but it wont hurt i guess.

**speedforyou** · 06-10-2011

nice

thanks

**fragbox** · 06-10-2011

good job...... i guess dont know what its for? but

**SNal2F** · 06-10-2011

cool its the same thing i was talking about in the other ptc post redirecting to a rewritten function :P

**topblast** · 06-10-2011

Originally Posted by SNal2F

cool its the same thing i was talking about in the other ptc post redirecting to a rewritten function :P

sure you was.

**SNal2F** · 06-10-2011

Originally Posted by topblast

sure you was.

...........how isnt it when i redirect a pointer to my own function and rewrite it? Think about it logically

not the first time i have talked about it either , trust me this method is older then me & your birth age they did this shit in the 80's

**[MPGH]AVGN** · 06-11-2011

Originally Posted by SNal2F

...........how isnt it when i redirect a pointer to my own function and rewrite it? Think about it logically

not the first time i have talked about it either , trust me this method is older then me & your birth age they did this shit in the 80's

**topblast** · 06-11-2011

Originally Posted by SNal2F

...........how isnt it when i redirect a pointer to my own function and rewrite it? Think about it logically

not the first time i have talked about it either , trust me this method is older then me & your birth age they did this shit in the 80's

lol, but this function is not complete. you see some asm functions have RETN at both sides of a Jump, I dont have the PTC in ASM so i wont be sure if this will work but it is worth a try..

Can someone give me the PTC function in ASM and i dont need to copy the Function, I will just convert it to usable code

**.::SCHiM::.** · 06-11-2011

Originally Posted by topblast

lol, but this function is not complete. you see some asm functions have RETN at both sides of a Jump, I dont have the PTC in ASM so i wont be sure if this will work but it is worth a try..

Can someone give me the PTC function in ASM and i dont need to copy the Function, I will just convert it to usable code

Not sure since this is from the top of my head:

Code:

mov eax, ltc (ltc+208/whatever you call to call too shove comands)
push pCommand (has to be char*/PCHAR)
call eax
add esp, 4h

**SNal2F** · 06-11-2011

all ptc does is call a sub function

Code:

       __asm PUSH szCommand
                __asm PUSH 0x8003F0
                __asm CALL SubConsole
                __asm ADD ESP,8

**topblast** · 06-11-2011

Originally Posted by .::SCHiM::.

Not sure since this is from the top of my head:

Code:

mov eax, ltc (ltc+208/whatever you call to call too shove comands)
push pCommand (has to be char*/PCHAR)
call eax
add esp, 4h

Originally Posted by SNal2F

all ptc does is call a sub function

Code:

       __asm PUSH szCommand
                __asm PUSH 0x8003F0
                __asm CALL SubConsole
                __asm ADD ESP,8

You both have it wrong, i already know how to create a PTC SUB which calls the PTC function.

But what i want is the ASM code inside the PTC function.

PTC wrapper

**SNal2F** · 06-11-2011

Originally Posted by topblast

You both have it wrong, i already know how to create a PTC SUB which calls the PTC function.

But what i want is the ASM code inside the PTC function.

PTC wrapper

you have it wrong...

that is the code inside the ptc @ 0x208 prior to checks

table -> call ptc ->call sub console

learn to reverse b4 calling someone out.

**.::SCHiM::.** · 06-11-2011

Originally Posted by topblast

You both have it wrong, i already know how to create a PTC SUB which calls the PTC function.

But what i want is the ASM code inside the PTC function.

PTC wrapper

Then that'd be the console function not the push to console function.
Get your terms straight.

Anyway, I don't know what you try to achieve by copying the function to a different location (it's not like it will work...). But here it is (the first bit of it, if you want more you'll have to dump it yourself):

Code:

77DF1D78   A1 3C001037      MOV EAX,DWORD PTR DS:[3710003C]
77DF1D7D   8B88 2C001037    MOV ECX,DWORD PTR DS:[EAX+3710002C]
77DF1D83   8B1424           MOV EDX,DWORD PTR SS:[ESP]
77DF1D86   05 00001037      ADD EAX,37100000
77DF1D8B   81C1 00001037    ADD ECX,37100000
77DF1D91   3BD1             CMP EDX,ECX
77DF1D93   72 0E            JB SHORT ntdll.77DF1DA3
77DF1D95   8B40 50          MOV EAX,DWORD PTR DS:[EAX+50]
77DF1D98   03C1             ADD EAX,ECX
77DF1D9A   3BD0             CMP EDX,EAX
77DF1D9C   73 05            JNB SHORT ntdll.77DF1DA3
77DF1D9E   E9 A5630100      JMP ntdll.77E08148
77DF1DA3   C3               RETN
77DF1DA4   CC               INT3
77DF1DA5   CC               INT3
77DF1DA6   CC               INT3
77DF1DA7   CC               INT3
77DF1DA8   A1 08028000      MOV EAX,DWORD PTR DS:[800208]
77DF1DAD   83B8 500A0000 00 CMP DWORD PTR DS:[EAX+A50],0
77DF1DB4   74 0B            JE SHORT ntdll.77DF1DC1
77DF1DB6   8B88 500A0000    MOV ECX,DWORD PTR DS:[EAX+A50]
77DF1DBC   E9 B7B40A00      JMP ntdll.77E9D278
77DF1DC1   33C0             XOR EAX,EAX
77DF1DC3   C3               RETN

Note, copying this doesn't make any sense, for starters you'll have to re-write all offsets

Just so you know

Thread: Copy Function Beta [For PTC]

Thread Tools

Display

Copy Function Beta [For PTC]

The Following 5 Users Say Thank You to topblast For This Useful Post:

The Following 2 Users Say Thank You to Alessandro10 For This Useful Post:

The Following User Says Thank You to topblast For This Useful Post:

The Following User Says Thank You to speedforyou For This Useful Post:

The Following User Says Thank You to fragbox For This Useful Post:

The Following 2 Users Say Thank You to SNal2F For This Useful Post:

The Following User Says Thank You to topblast For This Useful Post:

The Following 3 Users Say Thank You to SNal2F For This Useful Post:

The Following User Says Thank You to AVGN For This Useful Post:

The Following User Says Thank You to topblast For This Useful Post:

The Following User Says Thank You to .::SCHiM::. For This Useful Post:

The Following User Says Thank You to SNal2F For This Useful Post:

The Following User Says Thank You to topblast For This Useful Post:

The Following User Says Thank You to SNal2F For This Useful Post: