Author Topic: MrCamo tutorial read.  (Read 1543 times)

0 Members and 1 Guest are viewing this topic.

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
MrCamo tutorial read.
« on: December 29, 2015, 02:58:25 pm »


do you mean something like this with the dll window opened?

and still wondering why the hell you do this ab+=0 etc .., you know that does absolutely nothing ? .. also you do not have to call wpm there are much faster ways .. and easier ways.

anyway get back to me when you see this , and i have fixed up your code as well for you ( defining a dword inside a void is not a good idea as it cannot be used outside of it).

there are more very bad things you have done but i will let you figure some of them out for yourself or you wont learn anything.. example "mb_warband.exe" ??????? why is that a very bad way of doing it do you think?

apart from that well done , your code is quite neat and tidy , good work.

btw i will teach you how to hack left for dead 2 after we are done with this tutorial so get it installed.
« Last Edit: December 29, 2015, 03:14:24 pm by MrMedic »
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

MrCamo

  • Village Idiot of TKC
  • Quarantine
  • Heckler Apprentice
  • ****
  • Posts: 1456
  • Banned from TKC forever
    • View Profile
Re: MrCamo read.
« Reply #1 on: December 29, 2015, 03:06:30 pm »


1) do you mean something like this with the dll window opened?

2)  and still wondering why the hell you do this ab+=0 etc .., you know that does absolutely nothing don't you?

1) more like this



2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

I am on ts if anybody wanna talk.
My posts require moderation
« Last Edit: December 29, 2015, 03:31:28 pm by MrCamo »

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: MrCamo tutorial read.
« Reply #2 on: December 29, 2015, 03:21:25 pm »

1) more like this



2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

why would you want to do that ? , the injector will take care of it.

the dll will be inside the process it has been injected into all ready.

2 : and what happens if it does not find the signature .. you need some kind of sanity check on it.

if !ab skip etc or you will more than likely write to an unknown address and it will 99% of the time lead to an exception.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

MrCamo

  • Village Idiot of TKC
  • Quarantine
  • Heckler Apprentice
  • ****
  • Posts: 1456
  • Banned from TKC forever
    • View Profile
Re: MrCamo tutorial read.
« Reply #3 on: December 29, 2015, 03:23:01 pm »

1) more like this



2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

why would you want to do that ? , the injector will take care of it.

the dll will be inside the game all ready.

cuz find pattern("mb_warband.exe")

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: MrCamo tutorial read.
« Reply #4 on: December 29, 2015, 03:34:09 pm »

1) more like this



2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

why would you want to do that ? , the injector will take care of it.

the dll will be inside the game all ready.

cuz find pattern("mb_warband.exe")

that is exactly why i said it was a bad idea using "mb_warband.exe" use getmodulehandle instead and cast it to a dword address that way it wont matter what it is injected into it will scan the process it is inside.

information : If this parameter is NULL, GetModuleHandle returns a handle to the file used to create the calling process (.exe file).
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

MrCamo

  • Village Idiot of TKC
  • Quarantine
  • Heckler Apprentice
  • ****
  • Posts: 1456
  • Banned from TKC forever
    • View Profile
Re: MrCamo tutorial read.
« Reply #5 on: December 29, 2015, 03:37:45 pm »

1) more like this



2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

why would you want to do that ? , the injector will take care of it.

the dll will be inside the game all ready.

cuz find pattern("mb_warband.exe")

that is exactly why i said it was a bad idea using "mb_warband.exe" use getmodulehandle instead and cast it to a dword address that way it wont matter what it is injected into it will scan the process it is inside.

information : If this parameter is NULL, GetModuleHandle returns a handle to the file used to create the calling process (.exe file).

ok imma try to do this.

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: MrCamo tutorial read.
« Reply #6 on: December 29, 2015, 03:40:02 pm »

1) more like this



2) it finds a pattern then adds how many bytes you wish to go forward and operates on that offset. (in this case it does do nothing)

why would you want to do that ? , the injector will take care of it.

the dll will be inside the game all ready.

cuz find pattern("mb_warband.exe")

that is exactly why i said it was a bad idea using "mb_warband.exe" use getmodulehandle instead and cast it to a dword address that way it wont matter what it is injected into it will scan the process it is inside.

information : If this parameter is NULL, GetModuleHandle returns a handle to the file used to create the calling process (.exe file).

ok I am trying to do this.

ok , a simpler method would be to do something like this as warband and all other taleworld games load into 0x400000 base memory space

GlobalBaseAddress = FindPattern(0x400000

there is a problem with this though as if you attempt to inject into another game of a more cultured programming team then this method will more than likely fail as it will load dynamically into whatever free memory it finds, which in the majority of cases will not be around 0x400000 base.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

MrCamo

  • Village Idiot of TKC
  • Quarantine
  • Heckler Apprentice
  • ****
  • Posts: 1456
  • Banned from TKC forever
    • View Profile
Re: MrCamo tutorial read.
« Reply #7 on: December 29, 2015, 03:49:23 pm »
I've corrected these two items ,won't inject.
                   formerly mb_warband.exe
FindPattern("0x400000",                    formerly szModule
HMODULE hModule = GetModuleHandle(NULL);

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: MrCamo tutorial read.
« Reply #8 on: December 29, 2015, 03:53:37 pm »
FindPattern("0x400000",<<<<  wrong...

FindPattern(0x400000, <<<< correct..



0x400000 is the base address of warband , your trying to find the string not the address no "...".


« Last Edit: December 29, 2015, 04:02:07 pm by MrMedic »
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

MrCamo

  • Village Idiot of TKC
  • Quarantine
  • Heckler Apprentice
  • ****
  • Posts: 1456
  • Banned from TKC forever
    • View Profile
Re: MrCamo tutorial read.
« Reply #9 on: December 29, 2015, 03:56:16 pm »
FindPattern("0x400000",<<<<  wrong...

FindPattern(0x400000, <<<< correct..

0x400000 is the base address of warband , your trying to find the string not the address no "...".


yeah I know it already.the thing is I have to convert datatypes

 cannot convert parameter 1 from 'int' to 'char *'

I am looking for solution.

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: MrCamo tutorial read.
« Reply #10 on: December 29, 2015, 04:01:02 pm »
FindPattern("0x400000",<<<<  wrong...

FindPattern(0x400000, <<<< correct..

0x400000 is the base address of warband , your trying to find the string not the address no "...".


yeah I know it already.the thing is I have to convert datatypes

 cannot convert parameter 1 from 'int' to 'char *'

I am looking for solution.

ok this will work

DWORD FindPattern(char *module, char *pattern, char *mask)
{
    MODULEINFO mInfo = GetModuleInfo(module);

    DWORD base = 0x400000;
    DWORD size =  (DWORD)mInfo.SizeOfImage;

    DWORD patternLength = (DWORD)strlen(mask);

    for(DWORD i = 0; i < size - patternLength; i++)
    {
        bool found = true;
        for(DWORD j = 0; j < patternLength; j++)
        {
            found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
        }

        if(found)
        {
            return base + i;
        }
    }

    return NULL;
}


FindPattern("".....

it can easily be modified more , i will let you do that yourself , its very simple to do but ^ that will work for warband.
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

MrCamo

  • Village Idiot of TKC
  • Quarantine
  • Heckler Apprentice
  • ****
  • Posts: 1456
  • Banned from TKC forever
    • View Profile
Re: MrCamo tutorial read.
« Reply #11 on: December 29, 2015, 04:07:21 pm »
FindPattern("0x400000",<<<<  wrong...

FindPattern(0x400000, <<<< correct..

0x400000 is the base address of warband , your trying to find the string not the address no "...".


yeah I know it already.the thing is I have to convert datatypes

 cannot convert parameter 1 from 'int' to 'char *'

I am looking for solution.

ok this will work

DWORD FindPattern(char *module, char *pattern, char *mask)
{
    MODULEINFO mInfo = GetModuleInfo(module);

    DWORD base = 0x400000;
    DWORD size =  (DWORD)mInfo.SizeOfImage;

    DWORD patternLength = (DWORD)strlen(mask);

    for(DWORD i = 0; i < size - patternLength; i++)
    {
        bool found = true;
        for(DWORD j = 0; j < patternLength; j++)
        {
            found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
        }

        if(found)
        {
            return base + i;
        }
    }

    return NULL;
}


FindPattern("".....

it can easily be modified more , i will let you do that yourself , its very simple to do but ^ that will work for warband.

(DWORD)mInfo.lpBaseOfDll;

I think this automatically determines base address,why put it manually?

I still don't know how to pass base to the function  instead of process name.

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: MrCamo tutorial read.
« Reply #12 on: December 29, 2015, 04:11:08 pm »
FindPattern("0x400000",<<<<  wrong...

FindPattern(0x400000, <<<< correct..

0x400000 is the base address of warband , your trying to find the string not the address no "...".


yeah I know it already.the thing is I have to convert datatypes

 cannot convert parameter 1 from 'int' to 'char *'

I am looking for solution.

ok this will work

DWORD FindPattern(char *module, char *pattern, char *mask)
{
    MODULEINFO mInfo = GetModuleInfo(module);

    DWORD base = 0x400000;
    DWORD size =  (DWORD)mInfo.SizeOfImage;

    DWORD patternLength = (DWORD)strlen(mask);

    for(DWORD i = 0; i < size - patternLength; i++)
    {
        bool found = true;
        for(DWORD j = 0; j < patternLength; j++)
        {
            found &= mask[j] == '?' || pattern[j] == *(char*)(base + i + j);
        }

        if(found)
        {
            return base + i;
        }
    }

    return NULL;
}


FindPattern("".....

it can easily be modified more , i will let you do that yourself , its very simple to do but ^ that will work for warband.

(DWORD)mInfo.lpBaseOfDll;

I think this automatically determines base address,why put it manually?

...puzzling...

because you have to pass the name of the module which means it will only work on one game at a time ie whatever name is passed to it. changing it to 0x400000 will allow it to run on all taleworld games , are you even reading what i am telling you or are you skipping through it for the code ? ^^ scroll up and read what i said about 0x400000 base address
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

MrCamo

  • Village Idiot of TKC
  • Quarantine
  • Heckler Apprentice
  • ****
  • Posts: 1456
  • Banned from TKC forever
    • View Profile
Re: MrCamo tutorial read.
« Reply #13 on: December 29, 2015, 04:17:38 pm »
FindPattern(0x400000,  If I am done with it,then all is good.

 results in:

Quote
Conversion from integral type to pointer type requires reinterpret_cast, C-style cast or function-style cast
1>.\Main.cpp(20) : error C2664: 'FindPattern' : cannot convert parameter 1 from 'int' to 'char *'
1>        Conversion from integral type to pointer type requires reinterpret_cast, C-style cast or function-style cast
1>.\Main.cpp(24) : error C2664: 'FindPattern' : cannot convert parameter 1 from 'int' to 'char *'
1>        Conversion from integral type to pointer type requires reinterpret_cast, C-style cast or function-style cast

MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: MrCamo tutorial read.
« Reply #14 on: December 29, 2015, 04:55:01 pm »
btw change size in the findpattern function to 0x400000 or it will think the module has 0 size if you call findpattern with "".
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157