TKC-Community

Hacking and Art => General Modding & Programming / Other Games => Topic started by: MrMedic on December 29, 2015, 02:58:25 pm

Title: MrCamo tutorial read.
Post by: MrMedic on December 29, 2015, 02:58:25 pm
(http://oi63.tinypic.com/1415ix3.jpg)

do you mean something like this with the dll window opened?

and still wondering why the hell you do this ab+=0 etc .., you know that does absolutely nothing ? .. also you do not have to call wpm there are much faster ways .. and easier ways.

anyway get back to me when you see this , and i have fixed up your code as well for you ( defining a dword inside a void is not a good idea as it cannot be used outside of it).

there are more very bad things you have done but i will let you figure some of them out for yourself or you wont learn anything.. example "mb_warband.exe" ??????? why is that a very bad way of doing it do you think?

apart from that well done , your code is quite neat and tidy , good work.

btw i will teach you how to hack left for dead 2 after we are done with this tutorial so get it installed.
Title: Re: MrCamo read.
Post by: MrCamo on December 29, 2015, 03:06:30 pm
(http://oi63.tinypic.com/1415ix3.jpg)

1) do you mean something like this with the dll window opened?

2)  and still wondering why the hell you do this ab+=0 etc .., you know that does absolutely nothing don't you?

1) more like this

(http://s7.postimg.org/e3qzlww2z/123.jpg)

2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

I am on ts if anybody wanna talk.
My posts require moderation
Title: Re: MrCamo tutorial read.
Post by: MrMedic on December 29, 2015, 03:21:25 pm

1) more like this

(http://s7.postimg.org/e3qzlww2z/123.jpg)

2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

why would you want to do that ? , the injector will take care of it.

the dll will be inside the process it has been injected into all ready.

2 : and what happens if it does not find the signature .. you need some kind of sanity check on it.

if !ab skip etc or you will more than likely write to an unknown address and it will 99% of the time lead to an exception.
Title: Re: MrCamo tutorial read.
Post by: MrCamo on December 29, 2015, 03:23:01 pm

1) more like this

(http://s7.postimg.org/e3qzlww2z/123.jpg)

2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

why would you want to do that ? , the injector will take care of it.

the dll will be inside the game all ready.

cuz find pattern("mb_warband.exe")
Title: Re: MrCamo tutorial read.
Post by: MrMedic on December 29, 2015, 03:34:09 pm

1) more like this

(http://s7.postimg.org/e3qzlww2z/123.jpg)

2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

why would you want to do that ? , the injector will take care of it.

the dll will be inside the game all ready.

cuz find pattern("mb_warband.exe")

that is exactly why i said it was a bad idea using "mb_warband.exe" use getmodulehandle instead and cast it to a dword address that way it wont matter what it is injected into it will scan the process it is inside.

information : If this parameter is NULL, GetModuleHandle returns a handle to the file used to create the calling process (.exe file).
Title: Re: MrCamo tutorial read.
Post by: MrCamo on December 29, 2015, 03:37:45 pm

1) more like this

(http://s7.postimg.org/e3qzlww2z/123.jpg)

2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

why would you want to do that ? , the injector will take care of it.

the dll will be inside the game all ready.

cuz find pattern("mb_warband.exe")

that is exactly why i said it was a bad idea using "mb_warband.exe" use getmodulehandle instead and cast it to a dword address that way it wont matter what it is injected into it will scan the process it is inside.

information : If this parameter is NULL, GetModuleHandle returns a handle to the file used to create the calling process (.exe file).

ok imma try to do this.
Title: Re: MrCamo tutorial read.
Post by: MrMedic on December 29, 2015, 03:40:02 pm

1) more like this

(http://s7.postimg.org/e3qzlww2z/123.jpg)

2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

why would you want to do that ? , the injector will take care of it.

the dll will be inside the game all ready.

cuz find pattern("mb_warband.exe")

that is exactly why i said it was a bad idea using "mb_warband.exe" use getmodulehandle instead and cast it to a dword address that way it wont matter what it is injected into it will scan the process it is inside.

information : If this parameter is NULL, GetModuleHandle returns a handle to the file used to create the calling process (.exe file).

ok I am trying to do this.

ok , a simpler method would be to do something like this as warband and all other taleworld games load into 0x400000 base memory space

GlobalBaseAddress = FindPattern(0x400000

there is a problem with this though as if you attempt to inject into another game of a more cultured programming team then this method will more than likely fail as it will load dynamically into whatever free memory it finds, which in the majority of cases will not be around 0x400000 base.
Title: Re: MrCamo tutorial read.
Post by: MrCamo on December 29, 2015, 03:49:23 pm
I've corrected these two items ,won't inject.
                   formerly mb_warband.exe
FindPattern("0x400000",                    formerly szModule
HMODULE hModule = GetModuleHandle(NULL);
Title: Re: MrCamo tutorial read.
Post by: MrMedic on December 29, 2015, 03:53:37 pm
FindPattern("0x400000",<<<<  wrong...

FindPattern(0x400000, <<<< correct..



0x400000 is the base address of warband , your trying to find the string not the address no "...".


Title: Re: MrCamo tutorial read.
Post by: MrCamo on December 29, 2015, 03:56:16 pm
FindPattern("0x400000",<<<<  wrong...

FindPattern(0x400000, <<<< correct..

0x400000 is the base address of warband , your trying to find the string not the address no "...".


yeah I know it already.the thing is I have to convert datatypes

 cannot convert parameter 1 from 'int' to 'char *'

I am looking for solution.
Title: Re: MrCamo tutorial read.
Post by: MrMedic on December 29, 2015, 04:01:02 pm
FindPattern("0x400000",<<<<  wrong...

FindPattern(0x400000, <<<< correct..

0x400000 is the base address of warband , your trying to find the string not the address no "...".


yeah I know it already.the thing is I have to convert datatypes

 cannot convert parameter 1 from 'int' to 'char *'

I am looking for solution.

ok this will work

DWORD FindPattern(char *module, char *pattern, char *mask)
{
    MODULEINFO mInfo = GetModuleInfo(module);

    DWORD base = 0x400000;
    DWORD size =  (DWORD)mInfo.SizeOfImage;

    DWORD patternLength = (DWORD)strlen(mask);

    for(DWORD i = 0; i < size - patternLength; i++)
    {
        bool found = true;
        for(DWORD j = 0; j < patternLength; j++)
        {
            found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
        }

        if(found)
        {
            return base + i;
        }
    }

    return NULL;
}


FindPattern("".....

it can easily be modified more , i will let you do that yourself , its very simple to do but ^ that will work for warband.
Title: Re: MrCamo tutorial read.
Post by: MrCamo on December 29, 2015, 04:07:21 pm
FindPattern("0x400000",<<<<  wrong...

FindPattern(0x400000, <<<< correct..

0x400000 is the base address of warband , your trying to find the string not the address no "...".


yeah I know it already.the thing is I have to convert datatypes

 cannot convert parameter 1 from 'int' to 'char *'

I am looking for solution.

ok this will work

DWORD FindPattern(char *module, char *pattern, char *mask)
{
    MODULEINFO mInfo = GetModuleInfo(module);

    DWORD base = 0x400000;
    DWORD size =  (DWORD)mInfo.SizeOfImage;

    DWORD patternLength = (DWORD)strlen(mask);

    for(DWORD i = 0; i < size - patternLength; i++)
    {
        bool found = true;
        for(DWORD j = 0; j < patternLength; j++)
        {
            found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
        }

        if(found)
        {
            return base + i;
        }
    }

    return NULL;
}


FindPattern("".....

it can easily be modified more , i will let you do that yourself , its very simple to do but ^ that will work for warband.

(DWORD)mInfo.lpBaseOfDll;

I think this automatically determines base address,why put it manually?

I still don't know how to pass base to the function  instead of process name.
Title: Re: MrCamo tutorial read.
Post by: MrMedic on December 29, 2015, 04:11:08 pm
FindPattern("0x400000",<<<<  wrong...

FindPattern(0x400000, <<<< correct..

0x400000 is the base address of warband , your trying to find the string not the address no "...".


yeah I know it already.the thing is I have to convert datatypes

 cannot convert parameter 1 from 'int' to 'char *'

I am looking for solution.

ok this will work

DWORD FindPattern(char *module, char *pattern, char *mask)
{
    MODULEINFO mInfo = GetModuleInfo(module);

    DWORD base = 0x400000;
    DWORD size =  (DWORD)mInfo.SizeOfImage;

    DWORD patternLength = (DWORD)strlen(mask);

    for(DWORD i = 0; i < size - patternLength; i++)
    {
        bool found = true;
        for(DWORD j = 0; j < patternLength; j++)
        {
            found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
        }

        if(found)
        {
            return base + i;
        }
    }

    return NULL;
}


FindPattern("".....

it can easily be modified more , i will let you do that yourself , its very simple to do but ^ that will work for warband.

(DWORD)mInfo.lpBaseOfDll;

I think this automatically determines base address,why put it manually?

...puzzling...

because you have to pass the name of the module which means it will only work on one game at a time ie whatever name is passed to it. changing it to 0x400000 will allow it to run on all taleworld games , are you even reading what i am telling you or are you skipping through it for the code ? ^^ scroll up and read what i said about 0x400000 base address
Title: Re: MrCamo tutorial read.
Post by: MrCamo on December 29, 2015, 04:17:38 pm
FindPattern(0x400000,  If I am done with it,then all is good.

 results in:

Quote
Conversion from integral type to pointer type requires reinterpret_cast, C-style cast or function-style cast
1>.\Main.cpp(20) : error C2664: 'FindPattern' : cannot convert parameter 1 from 'int' to 'char *'
1>        Conversion from integral type to pointer type requires reinterpret_cast, C-style cast or function-style cast
1>.\Main.cpp(24) : error C2664: 'FindPattern' : cannot convert parameter 1 from 'int' to 'char *'
1>        Conversion from integral type to pointer type requires reinterpret_cast, C-style cast or function-style cast
Title: Re: MrCamo tutorial read.
Post by: MrMedic on December 29, 2015, 04:55:01 pm
btw change size in the findpattern function to 0x400000 or it will think the module has 0 size if you call findpattern with "".
Title: Re: MrCamo tutorial read.
Post by: MrCamo on December 29, 2015, 06:17:05 pm
Thanks Medic.
Title: Re: MrCamo tutorial read.
Post by: Mercenary_Frank on December 29, 2015, 10:34:43 pm
Alright onto more complex things like how to call that blasted worldtoScreen function in mount and blade :D
Title: Re: MrCamo tutorial read.
Post by: MrMedic on December 31, 2015, 04:53:52 pm
 you dont even need to call it ive told you that , its simple , hook dip , look at where its called from and it takes you straight to the render for the players and you can even change their size mid function grab their health , screen points etc etc etc , quite funny looks like land of the giants if you want it to , quite good actually that , good for using a bow etc..

(http://oi63.tinypic.com/10z397d.jpg)
Title: Re: MrCamo tutorial read.
Post by: Mercenary_Frank on January 01, 2016, 05:02:06 am
Yeah, I know I don't need to call that function but I want to do it anyway to see how it is actually done.
Title: Re: MrCamo tutorial read.
Post by: MrMedic on January 02, 2016, 06:21:02 am
i reversed w2s quite some time ago.

turn on edit mode / debug mode and it should still call it then debug at where it calls it from.