I've got a small problem:
When I inject code by MHS the cheat it works.. but when I try to convert the code in a dll when I try to inject the game crashes everytime... what's my error? Thanks for help.
this is the "auto-assemble" code of mhs:
Alloc( MyCode, 2048 ) ; Allocate 2,048 bytes and store the allocated address into MyCode, which we use as the location where our new code goes.
Label( OverwrittenCode ) ; The code that was overwritten by the JMP to MyCode will go here.
Label( Exit ) ; JMP here to exit our custom code and go back to the original code.
Label( Return ) ; The location of the next instruction of the original code.
FullAccess( BF2.exe+0x0032D563, 2048 )
BF2.exe+0x0032D563 :
jmp MyCode
nop
nop
nop
nop
Return :
MyCode : ; The allocated address. Put your code after this.
OverwrittenCode : ; The overwritten code (code that was overwritten by the JMP to MyCode).
call dword ptr [eax+38]
mov dword ptr [edi+A0], 35
Exit : ; Automatic JMP back to the original code, or you can JMP Return directly to avoid coming here.
jmp Return
this is the CODE PREVIEW:
0072D563: JMP 042A0000
0072D568: NOP
0072D569: NOP
0072D56A: NOP
0072D56B: NOP
042A0000: CALL NEAR DWORD PTR [EAX+38]
042A0003: MOV DWORD PTR [EDI+A0], 35
042A000D: JMP 0072D56C
this is the trainer kit preview:
Poke 0072D563 E9 98 2A B7 03 90 90 90 90
Poke 042A0000 FF 50 38 C7 87 A0 00 00 00 35 00 00 00 E9 5A D5 48 FC
these are the bytes to write:
BYTE bInject0[] = { 0xE9, 0x98, 0x2A, 0xB7, 0x03, 0x90, 0x90, 0x90, 0x90, }; // 0x0072D563.
BYTE bInject1[] = { 0xFF, 0x50, 0x38, 0xC7, 0x87, 0xA0, 0x00, 0x00, 0x00, 0x35, 0x00, 0x00, 0x00, 0xE9, 0x5A, 0xD5, 0x48, 0xFC, }; // 0x042A0000.
this is my dll. in c++ code:
// ultimamerda.cpp : Defines the initialization routines for the DLL.
//
#include "stdafx.h"
#include "ultimamerda.h"
#include "windows.h"
#include "tlhelp32.h"
#include "resource.h"
#ifdef _DEBUG
#define new DEBUG_NEW
#endif
// CultimamerdaApp
BEGIN_MESSAGE_MAP(CultimamerdaApp, CWinApp)
END_MESSAGE_MAP()
// CultimamerdaApp construction
HANDLE hand = 0;
bool OffsetInit = 0;
DWORD bf2Base = 0;
DWORD ThreadID;
LPVOID fica;
int pidBF2;
const BYTE Nop6Bytes[6] = {0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
const BYTE Nop4Bytes[4] = {0x90, 0x90, 0x90, 0x90};
const BYTE Nop2Bytes[2] = {0x90, 0x90};
const BYTE redDOT1[9] = {0xE9, 0x98, 0x2A, 0xB7, 0x03, 0x90, 0x90, 0x90, 0x90};
const BYTE redDOT2[18] = {0xFF, 0x50, 0x38, 0xC7, 0x87, 0xA0, 0x00, 0x00, 0x00, 0x35, 0x00, 0x00, 0x00, 0xE9, 0x5A, 0xD5, 0x48, 0xFC};
//Poke 0072D563 E9 98 2A B7 03 90 90 90 90
//Poke 042A0000 FF 50 38 C7 87 A0 00 00 00 35 00 00 00 E9 5A D5 48 FC
CultimamerdaApp::CultimamerdaApp()
{
// TODO: add construction code here,
// Place all significant initialization in InitInstance
}
// The one and only CultimamerdaApp object
CultimamerdaApp theApp;
// CultimamerdaApp initialization
DWORD WINAPI changeValue(LPVOID lParam) {
hand = GetCurrentProcess();
VirtualAllocEx(hand, (LPVOID)0x042A0000, 2048, MEM_COMMIT, PAGE_READWRITE);
::MessageBox(0, "memoria allocata", "memoria allocata", MB_ICONEXCLAMATION | MB_OK);
WriteProcessMemory(hand, (LPVOID)0x042A0000, &redDOT2, sizeof(redDOT2), 0);
WriteProcessMemory(hand, (LPVOID)0x0072D563, &redDOT1, sizeof(redDOT1), 0);
ExitThread(0);
}
BOOL CultimamerdaApp::InitInstance()
{
::CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&changeValue, 0, 0, &ThreadID);
return TRUE;
}