Memory Hacking Software

[GRB]

I just can attache the debuger when gg is not running, becouse when gg is running it wont let me attach the debbuger!

Anyone can help?

[L. Spiro]

I believe Game Guard sets the debug port on the process.

Press Alt-Enter (File/Properties) to view the process properties.
View the EPROCESS tab.
Examine the DebugPort (offset +BC).
If it is 00000000, leave it. The error is caused by something else.
If it is not 00000000, go to that address in the Hex Editor, select it (4 bytes long), and press Delete to set it to 0.
Then retry debugging.


L. Spiro

[GRB]

The debug port is 00000000 +BC!

Maybe becuse gg is hiding the maplestory.exe process?

I can use the dissasembler but cant set breakpoints since i cant attache the debugger!

[GRB]

LOL, i have just found i cant even use auto assemble or inject code, its giving me alot of errors! with auto assemble its says the program cant change permission.

[L. Spiro]

Be sure to use FullAccess() (read the help file) to specifically change the access on the code you are modifying.

FullAccess( game.exe+0x89756, 100 ) is usually enough.



If you are already doing this, the failure is caused by GameGuard.
GameGuard is quite annoying; the most poorly constructed and intrusive of anti-cheat devices.
I would have not allowed it onto my computer, if I were you (or anyone else).


I already have tons of plans for bypassing GameGuard but I need time to make everything.
And I don’t release all my bypasses at once so that they don’t get blocked all at once.
I have 5 methods for ReadProcessMemory() already, but I only release one at a time until it gets blocked.
Let them study the current method and work hard on blocking it, then post the next method and let them start all over.


L. Spiro

[Imagine]

I just can attache the debuger when gg is not running, becouse when gg is running it wont let me attach the debbuger!

Anyone can help?

Attach the Debugger when its at the Start Screen, With the Big "PLAY" Button below.. Goodluck

[GRB]

I just can attache the debuger when gg is not running, becouse when gg is running it wont let me attach the debbuger!

Anyone can help?

Attach the Debugger when its at the Start Screen, With the Big "PLAY" Button below.. Goodluck

If i do like that the pc will restart! Couse GG found the debugger!
And yes i have tested it like that!

[GRB]

Be sure to use FullAccess() (read the help file) to specifically change the access on the code you are modifying.

FullAccess( game.exe+0x89756, 100 ) is usually enough.



If you are already doing this, the failure is caused by GameGuard.
GameGuard is quite annoying; the most poorly constructed and intrusive of anti-cheat devices.
I would have not allowed it onto my computer, if I were you (or anyone else).


I already have tons of plans for bypassing GameGuard but I need time to make everything.
And I don’t release all my bypasses at once so that they don’t get blocked all at once.
I have 5 methods for ReadProcessMemory() already, but I only release one at a time until it gets blocked.
Let them study the current method and work hard on blocking it, then post the next method and let them start all over.


L. Spiro

Its keep saying failed to change protection on 00A5C79D
and the adress i want to change is the 0065C79D!

the adress its fails to change its to where the jump is gona be taken right?

[L. Spiro]

You are not constructing the FullAccess() function correctly.


It is:

Code: Select all

FullAccess( game.exe + 0x0025C79D )

Not

Code: Select all

FullAccess( game.exe + 0x0065C79D )

L. Spiro

[GRB]

why its 4 ranges behind? like i was building 0065 and its says 00A5 diference of 4, and u told to do like 0025 its again the diference of 4 ranges! any particular reason for that L. Spiro? And really thanks for your help! Im still learning. Be patiente Please.

[GRB]

I keep geting the PreProcessing Error!

Cant change protection on 0065C79D, and now its on the right adress!

this is the code to test, maybe something wrong!

Code: Select all

Alloc( MyCode, 2048 )    ; Allocate 2,048 bytes and store the allocated address into MyCode, which we use as the location where our new code goes.
Label( OverwrittenCode ) ; The code that was overwritten by the JMP to MyCode will go here.
Label( Exit )            ; JMP here to exit our custom code and go back to the original code.
Label( Return )          ; The location of the next instruction of the original code.

FullAccess( MapleStory.exe+0x0025C79D, 2048 )
0x0065C79D :
jmp MyCode
nop
nop
nop
Return :
je      0065C808
outsb
and     byte ptr gs:[eax+ebp*2+61], dh

MyCode :                 ; The allocated address.  Put your code after this.
je      0065C808
outsb
and     byte ptr gs:[eax+ebp*2+61], dh

OverwrittenCode :        ; The overwritten code (code that was overwritten by the JMP to MyCode).
je      0065C808
outsb
and     byte ptr gs:[eax+ebp*2+61], dh

Exit :                   ; Automatic JMP back to the original code, or you can JMP Return directly to avoid coming here.
jmp Return


[L. Spiro]

In terms of code, this:

Code: Select all

je      0065C808
outsb
and     byte ptr gs:[eax+ebp*2+61], dh

should not be there 3 times. It was most likely put after OverwrittenCode automatically by MHS, and that is the only place where it should be in your code unless you really know what you are doing.



As for allocations, unfortunately it appears thate GameGuard is blocking MHS’s attempt to modify memory protections. You will have to wait for a future version that usees the kernel to modify permissions (this may be soon but I don’t know yet).


As for your question.

Code: Select all

MapleStory.exe = 0x00400000.  // MapleStory.exe is loaded to this address.

MapleStory.exe+0x0065C79D = 0x00400000+0x0065C79D = 0x00A5C79D.

MapleStory.exe+0x0025C79D = 0x00400000+0x0025C79D = 0x0065C79D.

L. Spiro

[GRB]

Thanks for reply to my question about the 4 range address! Now i understand why its like that!

So it look like i need to wait for ur realese, until that i will learn a lil bit more about ASM, thank you so mutch again.