-
Member
Originally Posted by
namreeb
It would be awesome if someone would read how I said you can remove that check and you don't need the right values.
Why be a jerk about it? Just explain with a marginal amount more effort and detail and all questions will be answered.
-
Originally Posted by
nomabond
Why be a jerk about it? Just explain with a marginal amount more effort and detail and all questions will be answered.
I wasn't being a jerk, nor was I asking a question. I was pointing out that I had answered a question (with a level of detail that should make it understandable to the target audience of this forum), and my answer was ignored.
You have been registered on this site for a year, and your first post is a total fck up. Congratulations.
That's being a jerk.
-
Post Thanks / Like - 2 Thanks
nomabond,
Jadd (2 members gave Thanks to namreeb for this useful post)
-
Member
Originally Posted by
namreeb
I wasn't being a jerk, nor was I asking a question. I was pointing out that I had answered a question (with a level of detail that should make it understandable to the target audience of this forum), and my answer was ignored.
You have been registered on this site for a year, and your first post is a total fck up. Congratulations.
That's being a jerk.
I think you missed something here. No one said you were asking a question. I was saying if you put in a tiny amount of effort to further explain yourself then people would stop asking. But then what would happen to your ego?
-
Post Thanks / Like - 1 Thanks
StinkyTwitch (1 members gave Thanks to nomabond for this useful post)
-
Active Member
Originally Posted by
nomabond
I think you missed something here. No one said you were asking a question. I was saying if you put in a tiny amount of effort to further explain yourself then people would stop asking. But then what would happen to your ego?
Well, I guess he is trying to refer you to the rules of this section:
This section is more advanced than others on OwnedCore Read the section specific rules, infractions will be given out if u break them! That is including the expectations! - If you don't meet them then don't post
People over here don't like it to spoonfeed and paraphrase theirs answers in a way, which you'll only understand, if you're into the topic and know the basics. Those people in this thread, which are struggeling with his answer, lack of the required knowledge for this section and should come back at a later point.
Answers in this forum seldom go into every single detail, but provide the crucial bit which should lead you to the final solution.
-
Are we really arguing about not being able to understand something as simple as "remove it because it isn't needed?"
-
Originally Posted by
nomabond
I think you missed something here. No one said you were asking a question. I was saying if you put in a tiny amount of effort to further explain yourself then people would stop asking. But then what would happen to your ego?
My mistake. I took this part as implying you thought that I was asking a question which was unanswered:
Originally Posted by
nomabond
Just explain with a marginal amount more effort and detail and all questions will be answered.
My original point was that I had provided what was (in my opinion) a reasonable explanation for a possible solution to this guy's problem. Nobody had asked any questions about it, they just kept asking the same question. Eventually someone did ask a question, but I frankly am not interested in debugging the author's code to find the source of the problem. If that comes off as egotistical, I apologize. It is only meant to come off as lazy and/or uninterested.
-
Elite User
Originally Posted by
namreeb
My mistake. I took this part as implying you thought that I was asking a question which was unanswered:
My original point was that I had provided what was (in my opinion) a reasonable explanation for a possible solution to this guy's problem. Nobody had asked any questions about it, they just kept asking the same question. Eventually someone did ask a question, but I frankly am not interested in debugging the author's code to find the source of the problem. If that comes off as egotistical, I apologize. It is only meant to come off as lazy and/or uninterested.
It's not really a good solution, and probably unrelated to the author's code.
I will bet you that the check is there because the trampoline is either hardcoded to emulate instructions for those 5 bytes (in which case when the check fails, it will probably fail to emulate the prologue instructions correctly), or the trampoline is created from the original 5 bytes; but even if it is, then just removing the check will still fail if the 5 first bytes do not fall on an instruction boundary, or if the first five bytes contain relative jumps.
I wouldn't really say that it's unlikely that the check serves a purpose.
Last edited by MaiN; 10-19-2015 at 09:10 AM.
[16:15:41] Cypher: caus the CPU is a dick
[16:16:07] kynox: CPU is mad
[16:16:15] Cypher: CPU is all like
[16:16:16] Cypher: whatever, i do what i want
-
The reason why I didnt replied to those questions was that the release of this source wasnt meant to be a ready to go bot but rather a way to show people how I started with memory editing and help users with their first few steps.
If you are not interested into learning something from the source solving the issue with the check also wont help getting a working binary since the bot itself is pretty outdated and has other flaws which also need to be taken care of first.
I placed a jmp which lead towards my codecave.
To tell if the bot is already attached to a selected process I read the first five bytes of EndScene and compare them to the bytes I stored statically which are the original bytes under Windows 7. If they are not equal (aka some program modified the EndScene) the bot wont attach.
The original bytes being overwritten by my jmp are then executed at the beginning of my codecave. Like MaiN already assumed those bytes are static and equals the first 5 bytes on Windows 7 resulting in a crash if you are using a different version (Windows 8 and above instructions are different).
Actually GreyMagic has a pretty cool approach on hooking functions which is way more dynamic then my way.
Check my blog: https://zzuks.blogspot.com
-
Elite User
I would suggest looking at HadesMem and how it does dynamic hooking. It uses Udis86 and also supports emulating relative instructions in the trampoline.
Using a disassembler is definitely the best way to solve this problem, and a much better solution than what GreyMagic does (but hey, it works for the 99.99%).
EDIT: Also you can see how to do 64-bit hooking in HadesMem, although I'm not quite sure it achieves a perfect trampoline emulation implementation. 64-bit is a lot harder because of the innate RIP-relative addressing support in all memory operands.
Last edited by MaiN; 10-19-2015 at 01:31 PM.
[16:15:41] Cypher: caus the CPU is a dick
[16:16:07] kynox: CPU is mad
[16:16:15] Cypher: CPU is all like
[16:16:16] Cypher: whatever, i do what i want
-
Active Member
anyone still trying to figure this out? i need a windows 8 and windows 7 tester to see if my EndScene ect works, as of now i know it works 100% on 8.1, even added mesh navigation for it.
Last edited by mikeymike; 12-13-2015 at 07:05 PM.
-
Member
hey anyone got the array for windows 10 ?
found out this "0x6A, 0x20, 0xB8, 0x99, 0x2F" but game keeps crashing
-
Member
anybody could tell me how to make a grind profile?plz tell me the profile syntax,tks a lot
-
Member
-
Member
Originally Posted by
Basti229
Link down please reup
Looking to get this as well
-
Not sure who the person is who uploaded it, but I saw it on a GitHub the other day randomly when searching for a friends project.
https://github.com/acidburn974/CorthezzWoWBot
-
Post Thanks / Like - 3 Thanks