[C++] WriteProcessMemory WorkSpace
[C++] WriteProcessMemory WorkSpace
I've developed this workspace to be compiled as a releasable hook or trainer. I figure as game integrity is increasing more and more as time passes, it's not as useful as it use to be and i'll post and sticky it for more intricate learning for you developing cpp'ers. I use a variety of concepts as i'll rough draft below. It also looks more irritating in OllyDBG. The current example features an Operation 7 Speed Hack I wrote. You recover SP twice as fast.
main.CPP
incFile.h
inc.ini file
OllyDBG look
- VirtualProtectEx
- WriteProcessMemory
- ReadProcessMemory
- ReadFile Obsfucation
- Unique NameSpace
- Unique Functioning
- Self Integrity Checking
main.CPP
Code:
#include <iostream>
#include <fstream>
#include <windows.h>
#include "incFile.h"
void write(LPVOID addy, DWORD mydata);
void enableDebugPrivileges();
void urMemoryInjection();
void uLogin();
void urKey();
void myRPM();
void myTitle();
void myGtfo();
void urWin();
using namespace std;
using namespace myRegion;
string uLog[2];
int main() {
myTitle();
cout<<pUser;
cin>>uLog[0];
cout<<pPass;
cin>>uLog[1];
uLogin();
if (uAuth) {
ifstream b_file(*****Path);
b_file>> uRdKey;
}
uAuth--;
urKey();
if (!uAuth) {
myGtfo();
}
if(!hHack)
{
myGtfo();
}
if(!hProg)
{
myGtfo();
}
uAuth--;
myRPM();
if(!uAuth)
{
myGtfo();
}
enableDebugPrivileges();
urMemoryInjection();
urWin();
}
void urWin() {
cout<<"Your program has executed successfullyn";
system("pause");
exit(0);
}
void myGtfo() {
exit(0);
}
void uLogin() {
if ( uLog[1] == uPinNum ) {
cout<<"n";
uAuth++;
}
}
void urKey() {
if ( uRdKey == uCdKey ) {
cout<<"n";
uAuth++;
}
}
void myTitle() {
system("title Operation Toy");
}
void myRPM() {
int address = 0x0040146B;
int value;
DWORD pid;
HWND hwnd = FindWindow(NULL,"Operation Toy");
GetWindowThreadProcessId(hwnd,&pid);
HANDLE phandle = OpenProcess(PROCESS_ALL_ACCESS,0,pid);
ReadProcessMemory(phandle,(LPVOID)address,&value,2,0);
if ( value == 8 ) {
uAuth++;
}
}
void write(LPVOID addy, DWORD mydata) {
DWORD PID, TID;
TID = ::GetWindowThreadProcessId (hHack, &PID);
HANDLE hopen=OpenProcess( PROCESS_ALL_ACCESS|PROCESS_TERMINATE|PROCESS_VM_OPERATION|PROCESS_VM_READ|
PROCESS_VM_WRITE,FALSE,PID);
WriteProcessMemory(hopen,addy,&mydata,1,0);
CloseHandle(hopen);
}
void enableDebugPrivileges() {
HANDLE hcurrent=GetCurrentProcess();
HANDLE hToken;
BOOL bret=OpenProcessToken(hcurrent,40,&hToken);
LUID luid;
bret=LookupPrivilegeValue(NULL,"SeDebugPrivilege",&luid);
TOKEN_PRIVILEGES NewState,PreviousState;
DWORD ReturnLength;
NewState.PrivilegeCount =1;
NewState.Privileges[0].Luid =luid;
NewState.Privileges[0].Attributes=2;
AdjustTokenPrivileges(hToken,FALSE,&NewState,28,&PreviousState,&ReturnLength);
}
void urMemoryInjection() {
write((LPVOID)0x0047394C, 0xFF);
write((LPVOID)0x0047394D, 0x40);
}
incFile.h
Code:
namespace myRegion
{
HWND hHack=FindWindow(NULL,"OPERATION7");
HWND hProg=FindWindow(NULL,"Operation Toy");
int uAuth = 0;
int uCdKey = 1000 + 234;
int uRdKey;
char* uPinNum = "2010";
char* pUser = "n Name Is: ";
char* pPass = "n Pass Is: ";
char* *****Path = "inc.ini";
}
Code:
1234
Code:
00401390 $ 55 PUSH EBP 00401391 . 89E5 MOV EBP,ESP 00401393 . 57 PUSH EDI 00401394 . 56 PUSH ESI 00401395 . 53 PUSH EBX 00401396 . 81EC 6C010000 SUB ESP,16C 0040139C . 83E4 F0 AND ESP,FFFFFFF0 0040139F . B8 00000000 MOV EAX,0 004013A4 . 83C0 0F ADD EAX,0F 004013A7 . 83C0 0F ADD EAX,0F 004013AA . C1E8 04 SHR EAX,4 004013AD . C1E0 04 SHL EAX,4 004013B0 . 8985 A4FEFFFF MOV DWORD PTR SS:[EBP-15C],EAX 004013B6 . 8B85 A4FEFFFF MOV EAX,DWORD PTR SS:[EBP-15C] 004013BC . E8 5FCE0000 CALL Project1.0040E220 004013C1 . C785 CCFEFFFF D01E4000 MOV DWORD PTR SS:[EBP-134],Project1.00401ED0 004013CB . C785 D0FEFFFF 84E14300 MOV DWORD PTR SS:[EBP-130],Project1.0043E184 004013D5 . 8D85 D4FEFFFF LEA EAX,DWORD PTR SS:[EBP-12C] 004013DB . 8D55 E8 LEA EDX,DWORD PTR SS:[EBP-18] 004013DE . 8910 MOV DWORD PTR DS:[EAX],EDX 004013E0 . BA B2144000 MOV EDX,Project1.004014B2 004013E5 . 8950 04 MOV DWORD PTR DS:[EAX+4],EDX 004013E8 . 8960 08 MOV DWORD PTR DS:[EAX+8],ESP 004013EB . 8D85 B4FEFFFF LEA EAX,DWORD PTR SS:[EBP-14C] 004013F1 . 890424 MOV DWORD PTR SS:[ESP],EAX 004013F4 . E8 D7C30000 CALL Project1.0040D7D0 004013F9 . E8 02BF0000 CALL Project1.0040D300 004013FE . C785 B8FEFFFF FFFFFFFF MOV DWORD PTR SS:[EBP-148],-1 00401408 . E8 79020000 CALL Project1.00401686 0040140D . A1 08004400 MOV EAX,DWORD PTR DS:[440008] 00401412 . 894424 04 MOV DWORD PTR SS:[ESP+4],EAX 00401416 . C70424 E0434400 MOV DWORD PTR SS:[ESP],Project1.004443E0 0040141D . E8 56B30300 CALL Project1.0043C778 00401422 . C74424 04 20404400 MOV DWORD PTR SS:[ESP+4],Project1.00444020 0040142A . C70424 80444400 MOV DWORD PTR SS:[ESP],Project1.00444480 00401431 . E8 C2C60300 CALL Project1.0043DAF8 00401436 . A1 0C004400 MOV EAX,DWORD PTR DS:[44000C] 0040143B . 894424 04 MOV DWORD PTR SS:[ESP+4],EAX 0040143F . C70424 E0434400 MOV DWORD PTR SS:[ESP],Project1.004443E0 00401446 . E8 2DB30300 CALL Project1.0043C778 0040144B . C74424 04 24404400 MOV DWORD PTR SS:[ESP+4],Project1.00444024 00401453 . C70424 80444400 MOV DWORD PTR SS:[ESP],Project1.00444480 0040145A . E8 99C60300 CALL Project1.0043DAF8 0040145F . E8 B6010000 CALL Project1.0040161A 00401464 . 833D 18404400 00 CMP DWORD PTR DS:[444018],0 0040146B . 0F84 B0000000 JE Project1.00401521 00401471 . C74424 08 08000000 MOV DWORD PTR SS:[ESP+8],8 00401479 . A1 10004400 MOV EAX,DWORD PTR DS:[440010] 0040147E . 894424 04 MOV DWORD PTR SS:[ESP+4],EAX 00401482 . 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118] 00401488 . 890424 MOV DWORD PTR SS:[ESP],EAX 0040148B . E8 A0270300 CALL Project1.00433C30 00401490 . C74424 04 1C404400 MOV DWORD PTR SS:[ESP+4],Project1.0044401C 00401498 . 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118] 0040149E . 890424 MOV DWORD PTR SS:[ESP],EAX 004014A1 . C785 B8FEFFFF 01000000 MOV DWORD PTR SS:[EBP-148],1 004014AB . E8 60730200 CALL Project1.00428810 004014B0 . EB 57 JMP SHORT Project1.00401509 004014B2 . 8D6D 18 LEA EBP,DWORD PTR SS:[EBP+18] 004014B5 . 8B85 BCFEFFFF MOV EAX,DWORD PTR SS:[EBP-144] 004014BB . 8985 A8FEFFFF MOV DWORD PTR SS:[EBP-158],EAX 004014C1 . 8B95 A8FEFFFF MOV EDX,DWORD PTR SS:[EBP-158] 004014C7 . 8995 ACFEFFFF MOV DWORD PTR SS:[EBP-154],EDX 004014CD . 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118] 004014D3 . 890424 MOV DWORD PTR SS:[ESP],EAX 004014D6 . C785 B8FEFFFF 00000000 MOV DWORD PTR SS:[EBP-148],0 004014E0 . E8 0B2E0300 CALL Project1.004342F0 004014E5 . 8B85 ACFEFFFF MOV EAX,DWORD PTR SS:[EBP-154] 004014EB . 8985 A8FEFFFF MOV DWORD PTR SS:[EBP-158],EAX 004014F1 . 8B95 A8FEFFFF MOV EDX,DWORD PTR SS:[EBP-158] 004014F7 . 891424 MOV DWORD PTR SS:[ESP],EDX 004014FA . C785 B8FEFFFF FFFFFFFF MOV DWORD PTR SS:[EBP-148],-1 00401504 . E8 87C90000 CALL Project1.0040DE90 00401509 > 8D85 E8FEFFFF LEA EAX,DWORD PTR SS:[EBP-118] 0040150F . 890424 MOV DWORD PTR SS:[ESP],EAX 00401512 . C785 B8FEFFFF FFFFFFFF MOV DWORD PTR SS:[EBP-148],-1 0040151C . E8 CF2D0300 CALL Project1.004342F0 00401521 > FF0D 18404400 DEC DWORD PTR DS:[444018] 00401527 . C785 B8FEFFFF FFFFFFFF MOV DWORD PTR SS:[EBP-148],-1 00401531 . E8 20010000 CALL Project1.00401656 00401536 . 833D 18404400 00 CMP DWORD PTR DS:[444018],0 0040153D . 75 05 JNZ SHORT Project1.00401544 0040153F . E8 C4000000 CALL Project1.00401608 00401544 > 833D 10404400 00 CMP DWORD PTR DS:[444010],0 0040154B . 75 0F JNZ SHORT Project1.0040155C 0040154D . C785 B8FEFFFF FFFFFFFF MOV DWORD PTR SS:[EBP-148],-1 00401557 . E8 AC000000 CALL Project1.00401608 0040155C > 833D 14404400 00 CMP DWORD PTR DS:[444014],0 00401563 . 75 0F JNZ SHORT Project1.00401574 00401565 . C785 B8FEFFFF FFFFFFFF MOV DWORD PTR SS:[EBP-148],-1 0040156F . E8 94000000 CALL Project1.00401608 00401574 > FF0D 18404400 DEC DWORD PTR DS:[444018] 0040157A . C785 B8FEFFFF FFFFFFFF MOV DWORD PTR SS:[EBP-148],-1 00401584 . E8 11010000 CALL Project1.0040169A 00401589 . 833D 18404400 00 CMP DWORD PTR DS:[444018],0 00401590 . 75 05 JNZ SHORT Project1.00401597 00401592 . E8 71000000 CALL Project1.00401608 00401597 > C785 B8FEFFFF FFFFFFFF MOV DWORD PTR SS:[EBP-148],-1 004015A1 . E8 0A020000 CALL Project1.004017B0 004015A6 . E8 A3020000 CALL Project1.0040184E 004015AB . E8 26000000 CALL Project1.004015D6 004015B0 . C785 B0FEFFFF 00000000 MOV DWORD PTR SS:[EBP-150],0 004015BA . 8D85 B4FEFFFF LEA EAX,DWORD PTR SS:[EBP-14C] 004015C0 . 890424 MOV DWORD PTR SS:[ESP],EAX 004015C3 . E8 E8C20000 CALL Project1.0040D8B0 004015C8 . 8B85 B0FEFFFF MOV EAX,DWORD PTR SS:[EBP-150] 004015CE . 8D65 F4 LEA ESP,DWORD PTR SS:[EBP-C] 004015D1 . 5B POP EBX 004015D2 . 5E POP ESI 004015D3 . 5F POP EDI 004015D4 . 5D POP EBP 004015D5 . C3 RETN
This is one of the mos useful topics in these forum, sticky 
good job
good jobSimilar Threads
- 11Last post
- 2Last post
- 14Last post
- 4Last post
- 5Last post