Is anyone willing to share any addresses to detour or functions to bypass to enable speedhacking? I'm sorry if no one is willing to do so, please do not flame me.
Is anyone willing to share any addresses to detour or functions to bypass to enable speedhacking? I'm sorry if no one is willing to do so, please do not flame me.
GetTickCount() QueryPerformanceCounter()
I hacked 127.0.0.1
So, I just have to rewrite their routine to return my own custom value? I guess I'll check Olly and see where it is and check how hard it will be to do this. Okay, I just searched WoW's process in Olly, and I could not find any commands referencing GetTickCount() or QueryPerformanceCounter(). Is it used in a ...sneaky?... manner?
Last edited by lanman92; 10-25-2008 at 01:34 AM.
GetTickCount Function (Windows)
QueryPerformanceCounter Function ()
They are imported by wow -.- take a look at the IAT and you'll see them, I don't know how you could've missed them with olly...
And if you still don't know how these functions are related to speedhacking, try this omg it's a link!/
I hacked 127.0.0.1
hai guise! I kan haz windoze api hooz?
u wan2 haf api hukz? haha2bad dey r hrardr den ucan handel!!haha
weeeeeeeeeeeehhhh me got teh api huuk, me no giv tu u cuz me is teh uber l33t!
I hacked 127.0.0.1
Ok, I just made my first attempt to do an API hook on GetTickCount() after reading some articles around the web. I'm just trying to see if I can even get the hook going right now, I know this won't really do much. Here's my source, WoW keeps closing just after injection though. Please explain why?
Code:#include "stdafx.h" #pragma comment(lib, "detours.lib") #pragma comment(lib, "kernel32.lib") typedef DWORD(__stdcall *GTCPtr) (void); GTCPtr pTargetGTC = NULL; GTCPtr pTrampolineGTC = NULL; HMODULE hKernel32 = NULL; void main(); DWORD WINAPI mGetTickCount(); BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { switch (ul_reason_for_call) { case DLL_PROCESS_ATTACH: DisableThreadLibraryCalls(hModule); CreateThread(0, 0, (LPTHREAD_START_ROUTINE)main, hModule, 0, 0); case DLL_PROCESS_DETACH: FreeLibrary(hModule); break; } return TRUE; } void main(void) { hKernel32 = GetModuleHandle((LPCWSTR) "kernel32.dll"); pTargetGTC = (GTCPtr) GetProcAddress(hKernel32, "GetTickCount"); pTrampolineGTC = (GTCPtr) DetourFunction((PBYTE) pTargetGTC, (PBYTE) mGetTickCount); return; } DWORD WINAPI mGetTickCount() { DWORD dwRet = GetTickCount(); dwRet = dwRet*2; return dwRet; }
Last edited by lanman92; 10-30-2008 at 08:55 PM.
Its probably not the cause of your problem but your thread creation is retarded. Follow the prototype and pass the address of the function, the prototype is there for a damn reason. (eg Non-conformant code like what you have posted above will crash and burn on some or all x64 computers) I cbf checking what you're doing wrong atm, but I can tell you pretty surely that your hooked function is acting incorrectly.
Last edited by Cypher; 10-31-2008 at 01:26 AM.
By theory this will cause a very fast time elapse and afterwards it will be as fast as usual
DWORD WINAPI mGetTickCount()
{
DWORD dwRet = GetTickCount();
dwRet = dwRet*2;
return dwRet;
}
You're doing it wrong, if you wan't to call the unmodified version of GettickCount after a detour you can't call GetTickCount() since this will jump to your mGetTickCount function, you'll need the trampoline function, first you'll have to typecast it to a GetTickCount function and then you can call it, it'll execute the bytes overwritten by your detour jmp and then jmp to the code right after your detour jmp (detours handles everthing for you so you don't need to worry about half instructions beeing executed and causing a crash).
Also you're mGetTickCount is wrong as Namokan already stated.
I hacked 127.0.0.1
Ok, thanks for the replies, I didn't realise that I didn't make a trampoline for it. I was just kind of copying and pasting some code off of a site, seeing if I could see what it actually does. I'll try rewriting the whole thing pretty much when I get home. What is the correct way to detour it so that it does it right? I looked at the WoWX one, but it's looking like a jumble of code to me. Anyone feel like explaining?
rtfm rtfm rtfm rtfm!!!!!!
realy just rtfm of microsoft detours >.<
I hacked 127.0.0.1
I never saw the '****ing manual', I DL'd it from some website, i think it was Shynd's site or something... I'll look it up though...