CSS writing to process problem
CSS writing to process problem
Hey MPGH, this is my first(?) post on the forums and I think that I will posting more useful stuff once I've got the hang of C++ and memory editing..
So, heres my problem.. I'm using the following code to read/write into the hl2 process memory in an attempt to create some sort of sv_cheats bypass. It works perfectly when reading memory (getting the current value of sv_cheats), but it plays up when writing to the memory. It says it does it and gets no error or anything, but when I checked CSS for change to the sv_cheats value, nothing, its the same as before.
Headers are all in the "stdafx.h"..
Could anyone help me please? And I have heard of something to do with the source SDK and using it to hook into CSS (or something, im noob :P). Thanks!
So, heres my problem.. I'm using the following code to read/write into the hl2 process memory in an attempt to create some sort of sv_cheats bypass. It works perfectly when reading memory (getting the current value of sv_cheats), but it plays up when writing to the memory. It says it does it and gets no error or anything, but when I checked CSS for change to the sv_cheats value, nothing, its the same as before.
Code:
#include "stdafx.h"
using namespace std;
int fWriteTo();
void EnableDebugPriv();
int main()
{
EnableDebugPriv();
HWND handle = FindWindow(0 ,TEXT("Counter-Strike Source"));
if(handle == 0)
{
MessageBox(0,TEXT("Failed to find window"),TEXT("Return"),MB_OK);
}
else
{
DWORD ID;
GetWindowThreadProcessId(handle,&ID);
HANDLE hProcess = OpenProcess( PROCESS_VM_READ | PROCESS_VM_WRITE | PROCESS_VM_OPERATION , FALSE, ID);
if(!hProcess)
{
Beep(1000,1000);
}else {
int buffer;
if (ReadProcessMemory(hProcess,(void *)0x0DBBA8E8,&buffer,4,NULL))
{
cout << "Value of Address (sv_cheats): ";
cout << buffer << "\n";
// MessageBox(0,TEXT("Press OK To Close The Program."),TEXT("Return"),MB_OK);
cin.get();
}
else {
MessageBox(0,TEXT("Could not Read"),TEXT("Return"),MB_OK);
}
}CloseHandle(hProcess);
}
fWriteTo();
}
int fWriteTo()
{
EnableDebugPriv();
LONG address = 0x0DBBA8E8;
BYTE newvalue[] = {0x00, 0x00, 0x00, 0x00};
HWND hwnd;
HANDLE phandle;
DWORD pid;
hwnd = FindWindow(NULL, TEXT("Counter-Strike Source"));
if (hwnd != 0) {
GetWindowThreadProcessId(hwnd, &pid);
phandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
} else {
cout << "Could not find the window.";
cin.get();
return 0;
}
if (phandle != 0) {
WriteProcessMemory(phandle, (LPVOID)address, (LPVOID) &newvalue, 2, 0);
cout << "Memory wrote successfully.\n";
cin.get();
} else {
cout << "Couldn't get a handle";
cin.get();
}
main();
}
void EnableDebugPriv() {
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue);
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, false, &tkp, sizeof tkp, NULL, NULL);
CloseHandle(hToken);
}
Could anyone help me please? And I have heard of something to do with the source SDK and using it to hook into CSS (or something, im noob :P). Thanks!
Are you testing it on a local server(start match ingame)? sv_cheats is replicated so will probably be set back to 0 if you don't change the flags.
Yes.. What do you mean "change the flags"?
The console vars have one or more of the following flags:
sv_cheats has FCVAR_REPLICATED set, you'll need to clear it(will be easier if you use an injected dll with access to the cvar interface)
Code:
// The default, no flags at all #define FCVAR_NONE 0 // Command to ConVars and ConCommands // ConVar Systems #define FCVAR_UNREGISTERED (1<<0) // If this is set, don't add to linked list, etc. #define FCVAR_LAUNCHER (1<<1) // defined by launcher #define FCVAR_GAMEDLL (1<<2) // defined by the game DLL #define FCVAR_CLIENTDLL (1<<3) // defined by the client DLL #define FCVAR_MATERIAL_SYSTEM (1<<4) // Defined by the material system. #define FCVAR_DATACACHE (1<<19) // Defined by the datacache system. #define FCVAR_STUDIORENDER (1<<15) // Defined by the studiorender system. #define FCVAR_FILESYSTEM (1<<21) // Defined by the file system. #define FCVAR_PLUGIN (1<<18) // Defined by a 3rd party plugin. #define FCVAR_TOOLSYSTEM (1<<20) // Defined by an IToolSystem library #define FCVAR_SOUNDSYSTEM (1<<23) // Defined by the soundsystem library #define FCVAR_INPUTSYSTEM (1<<25) // Defined by the inputsystem dll #define FCVAR_NETWORKSYSTEM (1<<26) // Defined by the network system #define FCVAR_VPHYSICS (1<<27) // defined by vphysics // NOTE!! if you add a cvar system, add it here too!!!! // the engine lacks a cvar flag, but needs it for xbox // an engine cvar is thus a cvar not marked with any other system #define FCVAR_NON_ENGINE ((FCVAR_LAUNCHER|FCVAR_GAMEDLL|FCVAR_CLIENTDLL|FCVAR_MATERIAL_SYSTEM|FCVAR_DATACACHE|FCVAR_STUDIORENDER|FCVAR_FILESYSTEM|FCVAR_PLUGIN|FCVAR_TOOLSYSTEM|FCVAR_SOUNDSYSTEM|FCVAR_INPUTSYSTEM|FCVAR_NETWORKSYSTEM|FCVAR_VPHYSICS)) // ConVar only #define FCVAR_PROTECTED (1<<5) // It's a server cvar, but we don't send the data since it's a password, etc. Sends 1 if it's not bland/zero, 0 otherwise as value #define FCVAR_SPONLY (1<<6) // This cvar cannot be changed by clients connected to a multiplayer server. #define FCVAR_ARCHIVE (1<<7) // set to cause it to be saved to vars.rc #define FCVAR_NOTIFY (1<<8) // notifies players when changed #define FCVAR_USERINFO (1<<9) // changes the client's info string #define FCVAR_CHEAT (1<<14) // Only useable in singleplayer / debug / multiplayer & sv_cheats #define FCVAR_PRINTABLEONLY (1<<10) // This cvar's string cannot contain unprintable characters ( e.g., used for player name etc ). #define FCVAR_UNLOGGED (1<<11) // If this is a FCVAR_SERVER, don't log changes to the log file / console if we are creating a log #define FCVAR_NEVER_AS_STRING (1<<12) // never try to print that cvar // It's a ConVar that's shared between the client and the server. // At signon, the values of all such ConVars are sent from the server to the client (skipped for local // client, of course ) // If a change is requested it must come from the console (i.e., no remote client changes) // If a value is changed while a server is active, it's replicated to all connected clients #define FCVAR_REPLICATED (1<<13) // server setting enforced on clients, TODO rename to FCAR_SERVER at some time #define FCVAR_DEMO (1<<16) // record this cvar when starting a demo file #define FCVAR_DONTRECORD (1<<17) // don't record these command in demofiles #define FCVAR_NOT_CONNECTED (1<<22) // cvar cannot be changed by a client that is connected to a server #define FCVAR_ARCHIVE_XBOX (1<<24) // cvar written to config.cfg on the Xbox
wow, thanks for that great list 
Could you give me an example of how to clear a flag by an injected .dll?
thanks..
Could you give me an example of how to clear a flag by an injected .dll?
thanks..
Code:
ICvar *cvar;
CreateInterfaceFn CIEngine;
HMODULE enginehandle=NULL;
ConVar *sv_cheats;
while(!enginehandle)
{
enginehandle = GetModuleHandle("engine.dll");
Sleep(100);
}
Sleep(5000);
CIEngine = (CreateInterfaceFn)GetProcAddress(enginehandle, "CreateInterface");
cvar = (ICvar *)CIEngine("VEngineCvar003", 0);
while(1)
{
if(GetAsyncKeyState(VK_NUMPAD0)&1)
{
sv_cheats = cvar->FindVar( "sv_cheats" );
sv_cheats->m_nFlags &= ~FCVAR_REPLICATED;
sv_cheats->SetValue( 1 );
}
Sleep(100);
}