ProjectHax

ProjectHax General Programming

Closed Thread
 
Thread Tools Display Modes
  #1  
Old 05-02-2011
WeeMan WeeMan is offline
Administrator
 
Join Date: Apr 2011
Location: United States
Posts: 12,339
Default RADiANCE Team Backup

Quote:
Originally Posted by atom0s
Uhg.. after a week or so of pounding tons of time into this, I finally am glad to announce the initial release of patchLib. Instead of getting into a long post about this, heres the readme file since you will need to read that and the rest of the documentation to understand it:

Code:
-------------------------------------------------------------------------------------------------
 This document is best viewed inside Notepad using Courier New font!
 -------------------------------------------------------------------------------------------------
             (Ascii generated from MudMagic.com Figlet Server)
                         __           .__     .____     .__ ___.    
         ______ _____  _/  |_   ____  |  |__  |    |    |__|\_ |__  
         \____ \\__  \ \   __\_/ ___\ |  |  \ |    |    |  | | __ \ 
         |  |_> >/ __ \_|  |  \  \___ |   Y  \|    |___ |  | | \_\          |   __/(____  /|__|   \___  >|___|  /|_______ \|__| |___  /
         |__|        \/            \/      \/         \/         \/ 
            -------------------------------------------------------------------------
                                       patchLib
                              Coded By: Wiccaan (c) 2008
        ---------------------------------------------------------------------------------
  
  
 ================================================================================
 ======================================
 1.) WHAT IS PATCHLIB?
 ================================================================================
 ======================================
 patchLib is a static library, coded in C++ using Visual Studio 2008, that  allows you to create
 GDI based dynamic GUI's for various types of programs. The main focus is to  help the 'scene'
 create quality looking applications for (but not limited to): Keygens;  Patches; Cracks; Loaders
  
 patchLib is a series of reusable classes wrapped into a single, easy to use  engine. There is
 very little work required to get a program going using patchLib. However, you  are still required
 to do a small amount of work for some features.
  
  
  
 ================================================================================
 ======================================
 2.) WHO CREATED PATCHLIB?
 ================================================================================
 ======================================
 While I, Wiccaan, do take credit for creating the static library, I take very  little credit for
 whats actually inside. I did code the static library, but, the code is based  off ideas and code
 of others. I enjoy taking a little bit of everything that is already made and  combine them to
 make something better. And of course, keeping full credits in tact while  doing so. So, without
 furthur adue, the credits list is as follows:
  
 --[ INDIVIDUAL CREDITS  ]----------------------------------------------------------------------------------------------
  + UFO-Pu55y     - Original uPPP program style/idea; uPPP Skin for example  patcher; Code from various keygens of his.
  + BobbySing     - Original GUI style/idea, patchLib is based around his  DirectX GUI library method.
  + HVC         - Code support for converting some functions to be included  inside an MASM static library.
  + MSDN     - API/Structure references and such.
  + Wine (Emu)    - Code snippet for premultiplied alpha-blending. (Inside  CEngine.cpp)
  + bitRAKE    - In combination with UFO-Pu55y's code, creator of the MMX  function code inside the Alpha functions.
  
 --[ EXTERNAL LIBRARY CREDITS  ]----------------------------------------------------------------------------------------
  + Alphablend    - UFO-Pu55y, bitRAKE, HVC
  + pngLib    - MadWizard (www.madwizard.org)
  + TinyXML    - (http://www.grinninglizard.com/tinyxml/)
  + uFMod     - (http://ufmod.sourceforge.net/)
  
 Please understand, these credits are not listed in any special order, nor did  I purposely forget anyone. If you
 feel you deserve credit for something inside patchLib please contact me  through any methods below. I am not one
 that rips code, and I do try to give credits to everything I use. So please,  contact me if you are not in this
 above list and I will add you to future releases. :)
  
  
  
 ================================================================================
 ======================================
 3.) WHAT CAN IT DO?
 ================================================================================
 ======================================
 Currently, patchLib includes a few classes that allow you to dynamically  create the following objects:
  - Buttons
  - Scrollers (Static scrolling or Sine style.)
  - Text Objects (Labels)
  - URL Clickable Objects
  
 Along with that, you can create and use the following inside your program via  patchLib: (The following is not dynamic.)
  - Custom Cursor
  - Custom Icon
  - Resource Fonts
  - XM Music (Chiptunes)
  
  
  
 ================================================================================
 ======================================
 4.) HOW DOES IT WORK?
 ================================================================================
 ======================================
 patchLib loads a template file, created in XML, from the resource file of  your compiled EXE. Inside this template is
 a list of objects that the library is told to create and render onto the  window handle you give it. The buttons you
 have patchLib render can have upto 3 drawable states (Normal, MouseOver,  MouseDown) or a simple (Enable, Disable) and
 can be bound to a command loaded by the command handler.
  
 The template loads other objects, such as the images used for the window  frame and buttons, from the resource file as
 well. These are bound to IDs inside the template and should follow the same  ID inside the resource file or the engine
 will not be able to load them.
  
  
  
 ================================================================================
 ======================================
 5.) WHAT ARE THE LIMITATIONS? ISSUES? ANYTHING I SHOULD BE AWARE OF?
 ================================================================================
 ======================================
 At this time, patchLib is limited to what is currently included. However, the  project is open source so you have the
 ability to add objects as you please and share with the community. If the  project becomes something big, I will
 release update packages that include code fixes, more objects, and user  contributed things.
  
 Things you should be aware of:
  - Resources must be bound to a number ID.
  - The program will fully fail to load and error if no frame image is  present. (MessageBox added to prevent unhandled exception.)
  - Engine does not detect if the system is compatible with certain API. (You  should add this protection if you feel its needed.)
  - Engine is required to fade the frame in as it starts out at 0% visibility.  (Uses UpdateLayeredWindow 2000/XP+ API Only!)
  - In very rare ocassions, the frame image will appear "retarded" when  loading during fading. This is a glitch that I cannot figure out.
  - This Library IS NOT compatible with unicode!!!! It uses std::string which  is a multi-byte based string library.
  
  
  
 ================================================================================
 ======================================
 6.) HOW DO I USE THIS LIBRARY?
 ================================================================================
 ======================================
 Please see the other read me files for how to setup and use each object.
  
  
  
 ================================================================================
 ======================================
 7.) BLAH BLAH LEGAL CRAP BLAH BLAH (The part no one reads...)
 ================================================================================
 ======================================
   This program is free software; you can redistribute it and/or modify
   it under the terms of the GNU General Public License as published by
   the Free Software Foundation; either version 3 of the License, or
   (at your option) any later version.
  
   This program is distributed in the hope that it will be useful,
   but WITHOUT ANY WARRANTY; without even the implied warranty of
   MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
   GNU General Public License for more details.
  
   You should have received a copy of the GNU General Public License
   along with this program.  If not, see  <http://www.gnu.org/licenses/>.
  
  
  
 ================================================================================
 ======================================
 8.) BLAH BLAH LEGAL CRAP BLAH BLAH (The part no one reads...) Cont.
 ================================================================================
 ======================================
 I, Wiccaan, am in no way shape or form responsible for what you make with
 patchLib, or any part of code that is included inside this release. You
 must agree that anything you make is your own responsiblity. This lib
 is specifically to create GUIs and not to create illegal content.
  
 The extra options you add to the program are your own doing and I have
 no control of what you do with it. If you plan to use this you MUST agree
 that I will not be held responsible for ANYTHING that happens to you.
  
  
  
  
 ================================================================================
 ======================================
 8.) Contacting Me
 ================================================================================
 ======================================
 In the case you have issues, questions, bug reports, etc. You can contact
 me through several methods:
  
  - AIM        : - Located inside file -
  - MSN        : - Located inside file -
  - YIM        : - Located inside file -
  - Email    : - Located inside file -
  
 I can also be reached via PM on SnD's forums @ www.tuts4you.com or on  Extalia.com's forums.
  
 Please do not contact me if you want me to make something. I will ignore  and/or block you.
(Excuse the typo's I typed up all the documentation in Notepad >.>)

Included with this release is the following:

- patchLib - Full source to the static library 'patchLib'
- loaderExample - An example of using patchLib to draw a GUI for a DLL loader / injector.
- patchExample - An example of using patchLib to draw a GUI for a file patcher. (No actual patching code is inside the example, just the GUI is the example.) (Based on a uPPP skin.)

Also inside the rar is compiled binaries of the examples to show you what they look like, what they do, etc.

As I said in the read me, I will not be releasing binaries of the static lib, you must compile them yourself. I am doing this for compatibility reasons.

I used Visual Studio 2008 which you can get, from Microsoft, for free. (Express Edition - get a different version elsewhere if you want.)

Example program screenshots:

Loader Example
[IMG]http://img91.**************/img91/1769/loaderexampleaq5.png[/IMG]

Patcher Example
[IMG]http://img297.**************/img297/9765/patchexampleph0.png[/IMG]


patchLib is released under the GLP v3 Open Source license. Specifically to preserve credit where its due. You are free to edit the engine and such, even more so I encourage you do. Post up code snippets for new objects that you create and such if you do and I will possibly add them to future releases of the engine.

Big thanks to UFO-Pu55y, HVC, bitRAKE, and BobbySing for their contributions to this project as well as many thanks to everyone else on the credits list. Thanks to all that helped test and such as well.

Comments, opinions, suggestions, etc. just post 'em up.

~ Wiccaan

Attachment removed, downloads can now be found on the patchLib website:
http://wiccaan.gamedeception.net/patchLib/
...
Attached Files
File Type: zip patchLibv2.zip (476.5 KB, 88 views)
__________________
New forum coming soon!
https://forum.projecthax.com/t/welcome/37
  #2  
Old 05-02-2011
WeeMan WeeMan is offline
Administrator
 
Join Date: Apr 2011
Location: United States
Posts: 12,339
Default

Quote:
Originally Posted by atom0s
Obtain ProcessId From Process Name

  • Code:
    DWORD GetProcId( char *szProcName )  {
         PROCESSENTRY32    pe32;
         HANDLE            hSnapshot = NULL;
      
         pe32.dwSize = sizeof( PROCESSENTRY32 );
         hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
      
         if( Process32First( hSnapshot, &pe32 ) )
         {
             do{
                 if( strcmp( pe32.szExeFile, szProcName ) == 0 )
                     break;
             }while( Process32Next( hSnapshot, &pe32 ) );
         }
      
         if( hSnapshot != INVALID_HANDLE_VALUE )
             CloseHandle( hSnapshot );
      
         return (strcmp( pe32.szExeFile, szProcName ) == 0) ? pe32.th32ProcessID :  0;
     }

Obtain Module Base For Given Module Inside Given ProcId

  • Code:
    BYTE* GetModuleBase( DWORD dwProcId, char *szModuleName )  {
         MODULEENTRY32 me32;
         HANDLE hSnapshot = NULL;
      
         me32.dwSize = sizeof(MODULEENTRY32);
         hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwProcId );
      
         if( Module32First( hSnapshot, &me32 ) )
         {
             do{
                 if( strcmp( me32.szModule, szModuleName ) == 0 )
                     break;
             }while( Module32Next( hSnapshot, &me32 ) );
         }
      
         if( hSnapshot != INVALID_HANDLE_VALUE )
             CloseHandle( hSnapshot );
      
         return (strcmp( me32.szModule, szModuleName ) == 0) ? me32.modBaseAddr :  0;
     }

Example Using Minesweeper
Code:
#include <windows.h>
 #include <iostream>
 #include <conio.h>
 #include "tlhelp32.h"
  
 DWORD GetProcId( char *szProcName )
 {
     PROCESSENTRY32    pe32;
     HANDLE            hSnapshot = NULL;
  
     pe32.dwSize = sizeof( PROCESSENTRY32 );
     hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );
  
     if( Process32First( hSnapshot, &pe32 ) )
     {
         do{
             if( strcmp( pe32.szExeFile, szProcName ) == 0 )
                 break;
         }while( Process32Next( hSnapshot, &pe32 ) );
     }
  
     if( hSnapshot != INVALID_HANDLE_VALUE )
         CloseHandle( hSnapshot );
  
     return (strcmp( pe32.szExeFile, szProcName ) == 0) ? pe32.th32ProcessID :  0;
 }
  
 BYTE* GetModuleBase( DWORD dwProcId, char *szModuleName )
 {
     MODULEENTRY32 me32;
     HANDLE hSnapshot = NULL;
  
     me32.dwSize = sizeof(MODULEENTRY32);
     hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwProcId );
  
     if( Module32First( hSnapshot, &me32 ) )
     {
         do{
             if( strcmp( me32.szModule, szModuleName ) == 0 )
                 break;
         }while( Module32Next( hSnapshot, &me32 ) );
     }
  
     if( hSnapshot != INVALID_HANDLE_VALUE )
         CloseHandle( hSnapshot );
  
     return (strcmp( me32.szModule, szModuleName ) == 0) ? me32.modBaseAddr :  0;
 }
  
 int main()
 {
     printf( "%d\n", GetProcId("winmine.exe") );
     printf( "%x\n", GetModuleBase(GetProcId("winmine.exe"),"kernel32.dll")  );
     _getch();
 }
Compile as a console application using Multi-byte encoding.
...
__________________
New forum coming soon!
https://forum.projecthax.com/t/welcome/37
  #3  
Old 05-02-2011
WeeMan WeeMan is offline
Administrator
 
Join Date: Apr 2011
Location: United States
Posts: 12,339
Default

Quote:
Originally Posted by atom0s
This small example demonstrates how to communicate to an injected DLL between an application for sending commands, values, etc. This is a very light weight example just demonstrating how to achieve the basic communication process. So I highly suggest extending this if you use it. This is not meant to be used as is as it has little to no security checks for invalid information and so on. I wrote something similar to this for a major project that is a lot more in depth but I can't share the full source for that one. However, this should be enough to get people started.

[IMG]http://img391.**************/img391/998/exampleqb8er2.png[/IMG]
...
Attached Files
File Type: zip MMFSender.zip (68.4 KB, 27 views)
__________________
New forum coming soon!
https://forum.projecthax.com/t/welcome/37
  #4  
Old 05-02-2011
WeeMan WeeMan is offline
Administrator
 
Join Date: Apr 2011
Location: United States
Posts: 12,339
Default

Quote:
Originally Posted by atom0s
rLib is, what was going to be, extaLib v2. It is a static library, to be used inside a DLL, that is injected into another process. It wraps various API to make simpler to use functions to help those who don't fully understand things, or wish to do things with a bit more ease. This library contains a few functions found from other sites and other people, all of which are credited to them. Anything added that is not done by me will be properly credited and such as well.

Everything is accessed by namespaces to make things a bit cleaner. The library currently includes:

rLib -> Main namespace.
rLib::ProcessInfo -> Contains process information function.
rLib::Memory -> Contains memory manipulation functions.
rLib::Pattern -> Contains pattern scanning functions.
rLib::HideModule -> Contains functions that can help in the process of hiding your module from anti-cheat software.

The library is a work in progress, the memory functions where the main focus, the rest is just tossed in there to have. I mainly did this for SunBeam as he kept asking me if I was ever going to finish it. Since I got the free time to rewrite it yesterday, I did.

I'll add things later possibly as I have time and interest. If you have things you want added feel free to ask.
...
Attached Files
File Type: zip rLib.zip (132.0 KB, 15 views)
__________________
New forum coming soon!
https://forum.projecthax.com/t/welcome/37
  #5  
Old 05-02-2011
WeeMan WeeMan is offline
Administrator
 
Join Date: Apr 2011
Location: United States
Posts: 12,339
Default

Quote:
Originally Posted by atom0s
Just as the topic says, this will contain links to communities specific to C/C++, helpful sources, and other related sites.

IDE / Compilers


Communities / Resources

...
__________________
New forum coming soon!
https://forum.projecthax.com/t/welcome/37
  #6  
Old 05-02-2011
WeeMan WeeMan is offline
Administrator
 
Join Date: Apr 2011
Location: United States
Posts: 12,339
Default

Quote:
Originally Posted by Tenebricosus
It's good to hear somebody found it usefull.
I'll see if i can put it up here, with the pictures included.


Here is the original post. I'm working on a html version

Intro :
------------------

  • Man i wanted to learn this since the first time I heard from it (two or three years ago), but never foud a tutorial that covered everything I wanted to know. Then Wiccaan wrote a tutorial on DirectX Hooking, it is a great tut, but I didn’t quite get the Detours stuff.
    A few days ago I found this tutorial on planet-source-code.com. This covered the API hooking process by injecting dll that patched the IAT. But to keep this tutorial on the easy level, I decided to use the second method, overwriting the first bytes of the API function with a jump to the hooked function. This method isn’t perfect, but it does the trick and it’s surprisingly easy. The disadvantage of this technique is that you have to unhook the API function each time you need to use it yourself. But enough talking, let’s get started.

Contents :
------------------


  • - Tools needed - Used API’s
    - Start
    - The hook
    - Finish
    - References


Tools needed :
------------------




Used API :
------------------


  • What does MSDN have to say about the used API functions
    CreateWindowExA
    The CreateWindowEx function creates an overlapped, pop-up, or child window with an extended window style; otherwise, this function is identical to the CreateWindow function.
    Code:
    Syntax :
     HWND CreateWindowExA(DWORD dwExStyle, LPCTSTR lpClassName, LPCTSTR  lpWindowName, DWORD dwStyle, int x, int y, int nWidth, int nHeight, HWND  hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam);

    ChangeDisplaySettingsA
    The ChangeDisplaySettings function changes the settings of the default display device to the specified graphics mode.
    Code:
    Syntax :
     LONG ChangeDisplaySettings(LPDEVMODE lpDevMode, DWORD dwflags);
    DisableThreadLibraryCalls
    Disables the DLL_THREAD_ATTACH and DLL_THREAD_DETACH notifications for the specified dynamic-link library (DLL). This can reduce the size of the working set for some applications.
    Code:
    Syntax :
     BOOL WINAPI DisableThreadLibraryCalls(HMODULE hModule);
    GetCurrentProcess
    Retrieves a pseudo handle for the current process
    Code:
    Syntax :
     HANDLE WINAPI GetCurrentProcess(void);
    GetModuleHandleW
    Retrieves a module handle for the specified module. The module must have been loaded by the calling process.
    Code:
    Syntax :
     HMODULE WINAPI GetModuleHandle(LPCTSTR lpModuleName);
    GetProcAddress
    Retrieves the address of an exported function or variable from the specified dynamic-link library (DLL).
    Code:
    Syntax :
     FARPROC WINAPI GetProcAddress(HMODULE hModule, LPCSTR lpProcName);
    MessageBoxA
    Displays a modal dialog box that contains a system icon, a set of buttons, and a brief application-specific message, such as status or error information. The message box returns an integer value that indicates which button the user clicked.
    Code:
    Syntax :
     int MessageBox( HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT  uType);
    ReadProcessMemory
    Reads data from an area of memory in a specified process. The entire area to be read must be accessible or the operation fails.
    Code:
    Syntax :
     BOOL WINAPI ReadProcessMemory(HANDLE hProcess, LPCVOID lpBaseAddress, LPVOID  lpBuffer, SIZE_T  
    
    • nSize, SIZE_T *lpNumberOfBytesRead);
    WriteProcessMemory
    Writes data to an area of memory in a specified process. The entire area to be written to must be accessible or the operation fails.
    Code:
    Syntax :
     BOOL WINAPI WriteProcessMemory(HANDLE hProcess, LPVOID lpBaseAddress, LPCVOID  lpBuffer, SIZE_T  
    
    • nSize, SIZE_T *lpNumberOfBytesWritten);
    ShowCursor
    The ShowCursor function displays or hides the cursor.
    Code:
    Syntax :
       int ShowCursor(BOOL bShow);


Start :
------------------


  • 1- Now it’s time for the real work. Fire up OllyDbg and open Lesson1.exe
    Code:
    HowTo :
     Click on File->Open (or just hit F3 on your keyboard), Browse to the  directory that contains Lesson1.exe and click on Open
    2- Next click on the Blue “E” in the top of the screen, you will see a list of all loaded Executable Modules in the process.
    3- Right-Click on the one that has Lesson1.exe in the end of his name.
    4- Click on “View Names”
    5- What you see now is a list of all API functions imported by Lesson1.exe


    If you go through the list you’ll see CreateWindowExA and ChangeDisplaySettingsA. Those are the two API’s we’ve been looking for. If you look at the bottom of the list you will see another API function, ShowCursor. We are going to need that one too.

    [IMG]http://img294.**************/img294/7990/afb1ed5.th.jpg[/IMG]

    [IMG]http://img258.**************/img258/2131/afb2ce7.th.jpg[/IMG]

    So now we have three API functions we need to deal with. CreateWindowExA, ChangeDisplaySettingsA and ShowCursor. Search MSDN for these API functions. It’s important that you know what these functions do. This once I’ve posted the info in the section above. Read it if you haven’t done this jet. Let’s get on to the next chapter.


The Hook :
------------------


  • Start Visual C++, or whatever compiler you are using. But remember this tutorial will be describing it from the Visual C++ point of view.
    Set up:

    • 1- Start a new Project: Click on File->New->Project (or press Ctrl+Shift+N)
      2- As ProjectType select “Win32”
      3- As Template select “Win32 Project”

      4- Put a name into the box that says Name (I use “GLHook”). Make sure that “Create Directory for solution” is Checked and click on “Ok"

      [IMG]http://img258.**************/img258/9624/afb3lk6.th.jpg[/IMG]

      5- You will see some kind of wizzard, click “Next”, By Application Type select “Dll”. Make sure to check the “Empty Project” checkbox.

      [IMG]http://img258.**************/img258/1754/afb4ou1.th.jpg[/IMG]

      6- First things first. We need to set the right properties for this project. Go to Project->GLHook Properties… (or het Alt+F7).
      Go to “Configuration Manager”. Click on “Debug” and Select “Release”, now you can close the Configuration Manager.
      Click “Configuration Properties”, “General”.
      Change “Character Set” To “Use Multi-Byte Character Set”.
      Change “Whole program Optimization” to “No Whole Program
      Optimization”
      Click on “Apply”

      [IMG]http://img258.**************/img258/333/afb5tp3.th.jpg[/IMG]

      7- To the left you will see the “Solution Explorer”. Right-Click on the Directory that is called “Header Files”. Click on Add->New Item, Then select “Header File (.h)”. Type a name(“GLHook”) in the namebox and hit “Ok”.

      [IMG]http://img258.**************/img258/2342/afb6cs5.th.jpg[/IMG]

      8- Do the same think for the directory that’s called “Source Files”, but now select “C++ File (.cpp)” Give it a name (“GLHook”) and click “Add”.
      9- Do the same once more, but now name it (“main”).


    Programming :
    Let’s start with the easiest file of all. Open “GLHook.h”.
    Add the following line of code :
    Code:
     DWORD HookGeneralFunction(const char *Dll, const char *FuncName, void  *Function, unsigned char *backup);
    This piece of code is called a function prototype. It tells the compiler what kind of variables this function needs as input, and what kind of variable it returns.
    HookGeneralFunction is the Functionname. The variable it returns is a DWORD. This function takes 4 variables as input. Which will be explained later on.

    This file is done. Save and close it.


    Next open the “GLHook.cpp” file. We are going to program the HookGeneralFunction function.

    First we include the nessecary headers :
    Windows.h contains all the function declarations of the API
    Stdio.h contains the standard Input/Output functions

    Code:
    #include <windows.h>
     #include <stdio.h>
    Next we define the HookGeneralFunction function :
    Code:
    DWORD HookGeneralFunction(const char *Dll, const char *FuncName, void  *Function, unsigned char *backup)
     {
    This function takes 4 parameters as input.
    Parameters Are:

    • * Dll - Name of the Dll that contains the API function * FuncName - Name of the API function you want to hook
      * Function - Name of the function the API function gets
      redirected to
      * backup - Array of bytes the original code will be read to

    Next line of code,
    Code:
    DWORD addr = (DWORD)GetProcAddress(GetModuleHandle(Dll),  FuncName);
    What does this code do? First we get a handle to the Dll that contains the API function we want to hook using GetModuleHandle. This API function takes the Dll name as input.
    Next we get the address of the API function we want to hook, by using GetProcAddress. This API function takes a Module handle and a functionname as input.
    The result(the address of the API function we want to hook) is stored in a DWORD that is called “addr”.

    Ok, let’s continue :
    Code:
    BYTE jmp[6] = { 0xe9,0x00, 0x00, 0x00, 0x00,0xc3 };                
         ReadProcessMemory(GetCurrentProcess(), (void*)addr, backup, 6,  0);
    We create an array of Bytes(which is called jmp) and set the first byte to 0xe9(ASM code for jump) then we skip 4 byte(these 4 bytes will contain the address of the function the API function gets redirected to) and then we set the last byte to 0xc3(which is ASM for return).
    The second line of code uses the ReadProcessMemory API function to read the first 6 bytes of the API function we want to hook, and stores them into Array of Bytes we got as input.

    Code:
        DWORD calc = ((DWORD)Function - addr - 5);                    
         memcpy(&jmp[1], &calc, 4);
    The first line of code calculates the jump. The second line of code puts the calculated jump address into the array of Bytes called jmp(which we created earlier).

    Code:
    WriteProcessMemory(GetCurrentProcess(), (void*)addr, jmp, 6, 0);     
         return addr;                                
     }
    The first line of code uses the WriteProcessMemory API function to write the array that contains the jump code, into the API function we want to hook.
    The second line returnsthe address of the hooked API function to the caller function.

    This was all the coding for this file. Save and close it.


    Alright up to the last file, open “main.cpp”. Let’s start with the usual includes.
    Code:
    #include <windows.h>
     #include <stdio.h>
     #include “GLHook.h”
    The next thing to do: add the function Prototypes.
    Code:
    LONG WINAPI hook_ChangeDisplaySettings(LPDEVMODE lpDevMode, DWORD  dwflags);
      
     HWND WINAPI hook_CreateWindowEx(DWORD dwExStyle, LPCTSTR lpClassName, 
     LPCTSTR lpWindowName, DWORD dwStyle, int x, int y,int nWidth, int nHeight,  HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID lpParam);
    After that, we declare some Global variables:

    Code:
        DWORD CreateWindowExaddr=0;
         DWORD ChangeDisplaySettingsaddr=0;
      
         BYTE backupCW[6];
         BYTE backupCDS[6];
    We create 2 DWORDs to hold the addresses returned by the HookGeneralFunction function, when we hook the API functions.
    We also create 2 Arrays of Bytes to store the original code of the API functions we are going to hook (in case we need to use the API functions ourselfs, we need to restore the original API function, or else we end up in our own hook function).

    Next we define the Dll’s main function

    Code:
    BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD  ul_reason_for_call,  LPVOID lpReserved)
     {
    This function gets called everytime a message is sent to our dll. The messages we are waiting for are DLL_PROCESS_ATTACH (when the dll is just loaded) and DLL_PROCESS_DETACH (when the dll gets unloaded, usually when the process is terminated).

    If you have ever programmed in C++ before, you know what we are going to do next. We are creating a switch to handle “ul_reason_for_call”.

    Code:
        switch (ul_reason_for_call)
         {
             case DLL_PROCESS_ATTACH:
             {
    The code in “case DLL_PROCESS_ATTACH:” gets executed when the dll is first loaded.

    Code:
    DisableThreadLibraryCalls(hModule);                
             MessageBox(0, "Attached!", "Dll Attach", 0);
    The first line of code disables the DLL_THREAD_ATTACH and DLL_THREAD_DETACH notifications for our dll.
    The second line creates a messagebox that tells us that the dll is attached.

    Code:
            CreateWindowExaddr = HookGeneralFunction("user32.dll", 
     "CreateWindowExA", hook_CreateWindowEx, backupCW);
      
     ChangeDisplaySettingsaddr = HookGeneralFunction("user32.dll", 
     "ChangeDisplaySettingsA", hook_ChangeDisplaySettings, 
     backupCDS);
      
     return true;
             }break;
    The first line of code calls HookGeneralFunction to redirect the “CreateWindowExA” API function, from the user32.dll, to our “hook_CreateWindowEx” function. The overwritten code will be saved in “backupCW”, and the API function address will be stored in “CreateWindowExaddr”.
    The second line of code redirects the ChangeDisplaySettingsA function to our hookfunction.
    The third line of code returns true, to let the program know that everything went OK.
    The last line of code stops the switch. Since we already found the corresponding “ul_reason_for_call” there is no need to check the other cases.

    Code:
        case DLL_THREAD_ATTACH: break;
         case DLL_THREAD_ATTACH: break;
         case DLL_PROCESS_DETACH:
         {
         if(CreateWindowExaddr) WriteProcessMemory(GetCurrentProcess(), 
     (void*)CreateWindowExaddr, backupCW, 6, 0);
      
         if(ChangeDisplaySettingsaddr) WriteProcessMemory(GetCurrentProcess(),  
     (void*)ChangeDisplaySettingsaddr, backupCDS, 6, 0);        
      
         MessageBox(0, "Dll Detached", "Process End", 0);
      
         }break;
     }
         return TRUE;
     }
    “DLL_THREAD_ATTACH” and “DLL_THREAD_ATTACH” should not get executed, because we disable them when we attach the dll, but just so that nothing goes wrong.
    We will be using “DLL_PROCESS_DETACH”, because we want to unhook the process before our dll is detached. Because the two If statements actually do the same, I will only explain one of them.
    The first if statement first checks if “CreateWindowExaddr” ever has been used (if it hasn’t been used, then we don’t need to restore the hook. In fact, we would screw up the API function because we would write six 00 bytes into it). But if “CreateWindowExaddr” has been used, it means that the API function was hooked, so we unhook it by writing back the original bytes.
    When the dll is detached, we will see a messagebox that tells us that the dll is detached.
    This is the end of the “DllMain” function, so if everything went allright, we return true.

    Now it’s time to set up our hookfunctions.
    Code:
    HWND WINAPI hook_CreateWindowEx(DWORD dwExStyle, LPCTSTR lpClassName,  
     LPCTSTR lpWindowName, DWORD dwStyle, int x, int y, int nWidth, 
     int nHeight, HWND hWndParent, HMENU hMenu, HINSTANCE hInstance, LPVOID  lpParam)
     {
    This will be our function where every call made to the original “CreateWindowExA” API function will be redirected to.
    If you have done your homework, you will see that the interface of our hookfunction is actually the same as the interface of the original “CreateWindowExA” API function. You need to do this for every function you want to hook ever, if you don’t, you will screw up the stack and make the progrma crash!.

    Code:
        dwExStyle            = WS_EX_APPWINDOW | WS_EX_WINDOWEDGE;
         dwStyle            = WS_OVERLAPPEDWINDOW;
         lpWindowName        = "Hooked!";                
         nWidth            = 500;                
         nHeight            = 700;
         ShowCursor(TRUE);
    Because we want the program to run in windowed mode, we need to change some of the variables the program passes to “CreateWindowExA”.
    The first and second line of code changes the variables that hold the style of the window. We set these variables to the normal window variables.
    The third line of code changes the original windowname into “Hooked!”. Just for fun :P
    The fourth and Fifth line set the new width and heigth values, we need to change them because we don’t want a fullscreen window.
    The last line of code makes sure that the mousepointer will be visible.

    Code:
    WriteProcessMemory(GetCurrentProcess(), (void*)CreateWindowExaddr, 
     backupCW, 6, 0);
    Because we need to use the “CreateWindowExA” function ourselfs, we first need to unhook it (if we don’t we’ll end up back in our own hookfunction, if this happens we will be running around in circles which will end up in a crash)

    Code:
    HWND ret = CreateWindowEx(dwExStyle, lpClassName, lpWindowName, dwStyle  | 
     WS_CLIPSIBLINGS |    WS_CLIPCHILDREN, x, y, nWidth, nHeight, hWndParent,  hMenu, hInstance,lpParam);
    Now we call the original “CreateWindowExA” API function, with the changed varaibles. The return value (a handle to the newly created window) will be stored in the “ret” variable, so that we can pass it back to the caller function.

    Code:
        CreateWindowExaddr = HookGeneralFunction("user32.dll", 
     "CreateWindowExA", hook_CreateWindowEx, backupCW);
             return ret;    
     }
    The first line reinstalls the hook.
    The second line returns the return value we?ve got from the original “CreateWindowExA” function.

    Code:
    LONG WINAPI hook_ChangeDisplaySettings(LPDEVMODE lpDevMode, DWORD  dwflags)
     {
         return 0;
     }
    The “ChangeDisplaySettingsA” API function screws up your desktop when called, so the only thing we do is return DISP_CHANGE_SUCCESFUL value (which happens to be 0) so the caller function thinks everything went allright.

    Allright, this concludes the programming of our hook function. To build the dll, click on Build->Build Solution, or press the F7 key.
    Let’s see what happens when we inject the Dll into Lesson1.exe.


Finish :
------------------


    • 1- I will use GenTool for this tutorial, because it is userfriendly. Fire up GenTool. (If you are using Windows Vista, you will get two messages that will state that this progam can be a threat, just ignore them. This program is clean, it’s just that the way it injects dll’s is used by many malicious software).
      2- Click the “Load Dll” button and go to our newly created dll.

      3- Start Lesson1.exe

      4- In GenTool, click the “Refresh” button

      5- Click in the listbox, and type “les” the listbox will automatically go to “Lesson1.exe”

      6- Hit the “Inject Dll” button

      7- If everything went OK, you will see a messagebox which says “Attached!” (remember “DLL_PROCESS_ATTACH”?!). Click Ok.

      8- There will be another messagebox (it showed up when you started Lesson1.exe), click yes to run in fullscreen mode.

      9- A window will appear which is titled “Hooked!”. Congratulations, Mission Accomplished.

    If you know how to handle OllyDbg and you want to get a better insight into how this hook works, add the following code ont top of “GLHook.cpp”
    Code:
    void NumOut(char *format, ...)
     {
        char final[4096]; memset(final, 0, sizeof(final));
        va_list args;
        va_start(args, format);
        vsprintf(final, format, args);
        va_end(args);
        MessageBox(0, final, "NumOut:", 0);
     }
    And make the following changes in “HookGeneralFunction”
    Code:
    WriteProcessMemory(GetCurrentProcess(), (void*)addr, jmp, 6, 0);     
         NumOut("%x", addr); //<<<<Add this line<<<
      
         return addr;
    Now you will get the address of the API function when it gets hooked. Start OllyDbg and Attach to Lesson1.exe. Go to the givven address and you will see the jump to our hook function with a retrun below it.

    [IMG]http://img166.**************/img166/9270/afb7bx2.th.jpg[/IMG]

    That’s all Folks

    • Greetings

      • From

        • Tenebricosus
    (Phuu took ages to write this :shock: , think twice before you start writing a tutorial :P:P. I hope somebody enjoys reading this)


References :
------------------




The Result :


The source-code :

..
__________________
New forum coming soon!
https://forum.projecthax.com/t/welcome/37
  #7  
Old 05-02-2011
WeeMan WeeMan is offline
Administrator
 
Join Date: Apr 2011
Location: United States
Posts: 12,339
Default

Quote:
Originally Posted by atom0s
I had made this a while back as another named project which didn't get far cause I didn't keep things going and I didn't really get much feedback (yes lol vb6, what ever..).

I'm releasing this updated version of the code for those that still program in VB6, I moved into C++ a while back so I kinda stopped programming in VB6 for anything major.

About The code
As of this post, the code is a group of class modules and a single normal module. The normal module holds the API used throughout the class modules which is needed if you are using any of them. There are 4 class modules which I will explain below.


  • clsProcess_Access.cls This class allows you to obtain information of a given process that is used in numerous things for game hacking. Such as the window title, window handle (hwnd), and the process ID. It will also return the base address of a given module and the module size incase you need things for code shifting games.


  • clsMemory_Read.cls This class gives you access to read memory from the given process. It contains code to read: byte, int, long, single, double, string, and a structure. Also inside this file is a private function ReadMemory that is wrapped by the other functions which can be used for custom read types. (You will need to make it public if you want to do your own thing with it.)


  • clsMemory_Write.cls This class gives you access to write to memory to the given process. It contains code to write: byte, int, long, single, double, string, and a structure. Also in this class is a main function WriteMemory that you can make public and write your own code to use this to write other things.


  • clsMemory_Misc.cls This class gives you access to various other functions that are used while working with another processes memory. Currently this file includes two functions. One allows you to set the access to a given memory region, another allows you to scan for a byte array in the memory. (AOB scanning) which is useful in code shifting games.

Included in the zip file is a full demonstration of the classes using Minesweeper to demonstrate how to use each function incase you need help with them.

Again I am releasing this cause I don't really touch VB6 anymore and I figured this would help more people that still use it. I'm not looking for people to say "lol vb6 sucks and shit" if you don't use VB6 don't bother posting.

If I have time to add more things based on requests and such, updates can be found here:
http://home.comcast.net/~wiccaan/VB6_Trainer_Coding/index.html

A pic of the demo app:

[IMG]http://img125.**************/img125/9466/demodd2.png[/IMG]
...
Attached Files
File Type: zip VB6_Trainer_Toolkit.zip (12.4 KB, 8 views)
__________________
New forum coming soon!
https://forum.projecthax.com/t/welcome/37
  #8  
Old 05-02-2011
WeeMan WeeMan is offline
Administrator
 
Join Date: Apr 2011
Location: United States
Posts: 12,339
Default

Quote:
Originally Posted by atom0s
I decided to write this up really quick to show people how to use this API. It is EXTREMELY powerful. And is much better to use then FindProcess. Some games and/or programs can have their class name and window name change constantly while they are open. Or even at startup. Kind of like code shifting/DMA for the window name lol.

I commented every line in this source so you know what each step does. I will create a small trainer using this method for Minesweeper or something soon to show you how to use this. As well as a few other better methods of hacking with VB.

I don't advise using the modules posted on this site, no offence to the creators of them, but those methods are out of date for games today, and can fail you on lots of games.

Code:
 Option Explicit
  
 '//  =========================================================================================
 '// == CreateToolhelp32Snapshot Example
 '// == By   : Wiccaan
 '// == Date : August 04, 2006
 '// ===
 '// == This example will show you how to use the CreateToolhelp32Snapshot  API
 '// == to get the Process ID of a given process. This method is much more
 '// == secure and promising on retriving the correct process ID.
 '// ===
 '// == Please give credit to where it belongs if you use this. :)
 '// ===
 '// == Team Greetz     : Extalia, Devious, Deviated, KRT
 '// == Personal Greetz : ILA, Raven, Labyrnth, [sheep], MiCRaL, ddh, brzi  (Anyone else I missed >.>)
 '//  =========================================================================================
  
 '// == Access Constants  =====================================================================
 Private Const MAX_PATH As Integer = 260
 Private Const TH32CS_SNAPPROCESS = &H2
 Private Const TH32CS_SNAPMODULE = &H8
 '//  =========================================================================================
  
 '// == Process Entry Structure  ==============================================================
 Private Type PROCESSENTRY32
     dwSize              As Long
     cntUsage            As Long
     th32ProcessID       As Long
     th32DefaultHeapID   As Long
     th32ModuleID        As Long
     cntThreads          As Long
     th32ParentProcessID As Long
     pcPriClassBase      As Long
     dwFlags             As Long
     szexeFile           As String * MAX_PATH
 End Type
 '//  =========================================================================================
  
 '// == Module Entry Structure  ===============================================================
 Private Type MODULEENTRY32
     dwSize              As Long
     th32ModuleID        As Long
     th32ProcessID       As Long
     GlblcntUsage        As Long
     ProccntUsage        As Long
     modBaseAddr         As Long
     modBaseSize         As Long
     hModule             As Long
     szModule            As String * 256
     szExePath           As String * 260
 End Type
 '//  =========================================================================================
  
 '// == Process Capture API  ==================================================================
 Private Declare Function CreateToolhelp32Snapshot Lib "kernel32" (ByVal  lFlags As Long, ByVal lProcessID As Long) As Long
 Private Declare Function Process32First Lib "kernel32" (ByVal hSnapShot As  Long, uProcess As PROCESSENTRY32) As Long
 Private Declare Function Process32Next Lib "kernel32" (ByVal hSnapShot As  Long, uProcess As PROCESSENTRY32) As Long
 Private Declare Function Module32First Lib "kernel32" (ByVal hSnapShot As  Long, lpMe32 As MODULEENTRY32) As Long
 Private Declare Function Module32Next Lib "kernel32" (ByVal hSnapShot As  Long, lpMe32 As MODULEENTRY32) As Long
 Private Declare Sub CloseHandle Lib "kernel32" (ByVal hPass As Long)
 '//  =========================================================================================
  
 '// == Public Process ID Variable  ===========================================================
 Public ProgID       As Long
 Public BaseAddress  As Long
 '//  =========================================================================================
  
 '// == Get Process ID Function  ==============================================================
 Public Function GetProcessID(ByVal ProcessName As String)
     Dim uProcess        As PROCESSENTRY32 '// Process Struct
     Dim szExeName       As String         '// Temp ExeName Storage  Variable
     Dim hSnapShot       As Long           '// Dynamic Picture Of  Processes
     Dim rProcFound      As Long           '// Dynamic Proc Check For Do  While
     Dim i               As Long           '// Variable To Hold Chr(0)  Location
     Dim ProcFound       As Boolean        '// True/False Variable If Process  Is Found
  
     '// Setup Struct Size
     uProcess.dwSize = Len(uProcess)
     '// Create SnapShot of Processes
     hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, 0&)
     '// Get First Process
     rProcFound = Process32First(hSnapShot, uProcess)
  
     '// Start Process Loop While A Process Is Found
     Do While rProcFound
         '// Get Null Char In String
         i = InStr(1, uProcess.szexeFile, Chr(0))
         '// Get EXE Name OF Current Found Process
         szExeName = LCase$(Left$(uProcess.szexeFile, i - 1))
         '// Compare Found Process With Users Selected Process
         If Right$(szExeName, Len(ProcessName)) = LCase$(ProcessName) Then
             '// If Found, Put Found ProcessID In ProgID Variable And Exit  Do
             ProgID = uProcess.th32ProcessID
             ProcFound = True
             Exit Do
         End If
         '// If Process Was Not Found, Get Next Process And Loop
         rProcFound = Process32Next(hSnapShot, uProcess)
     '// Loop The Processes
     Loop
     '// Close The Open Handle
     CloseHandle hSnapShot
     '// Error Check - Incase The Proccess Closed During Use
     If ProcFound = False Then ProgID = -1
 End Function
 '//  =========================================================================================
  
 '// == Get BaseAddress Function  =============================================================
 Public Function GetBaseAddress(ByVal ModuleName As String)
     Dim uModule         As MODULEENTRY32 '// Module Struct
     Dim szModuleName    As String        '// Temp ModuleName Storage  Variable
     Dim hSnapShot       As Long          '// Dynamic Picture Of Modules
     Dim rModuleFound    As Long          '// Dynamic Module Check For Do  While
     Dim i               As Long          '// Variable To Hold Chr(0)  Location
     Dim ModFound        As Boolean       '// True/False Variable If Module Is  Found
  
     '// Setup Struct Size
     uModule.dwSize = Len(uModule)
     '// Create SnapShot of Modules
     hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, ProgID)
     '// Get First Modules
     rModuleFound = Module32First(hSnapShot, uModule)
  
     '// Start Module Loop While A Module Is Found
     Do While rModuleFound
         '// Get Null Char In String
         i = InStr(1, uModule.szModule, Chr(0))
         '// Get Module Name Of Current Found Module
         szModuleName = LCase$(Left$(uModule.szModule, i - 1))
         '// Compare Found Module With Selected Module
         If Right$(szModuleName, Len(ModuleName)) = LCase$(ModuleName)  Then
             '// If Found, Put BaseAddress In BaseAddress Variable And Exit  Do
             BaseAddress = uModule.modBaseAddr
             ModFound = True
             Exit Do
         End If
         '// If Module Was Not Found, Get Next Module And Loop
         rModuleFound = Module32Next(hSnapShot, uModule)
     '// Loop The Modules
     Loop
     '// Close The Open Handle
     CloseHandle hSnapShot
     '// Error Check - Incase Process Closed During Use
     If ModFound = False Then BaseAddress = 0
 End Function
 '//  =========================================================================================
To use this, all you need to do is:
Code:
GetProcessID "PROCESSNAME.EXE"
An example, if you were trying to get the process ID of Calculator, you would setup the call like this:
Code:
GetProcessID "calc.exe"
To use the base address part, do the same as the process part:
Code:
GetBaseAddress "MODULENAME.DLL"
An example, if you were trying to get the baseaddress of USER32.dll in Calculator, you would setup the call like this:
Code:
GetBaseAddress "USER32.dll"
The way the code is currently setup is to use the ProgID found by using GetProcessID for the baseaddress. Meaning you need to use the GetProcessID function before looking for a module base address.

I changed the code some as well. I was using ProcessNext instead of Process32Next, which was the more outdated version. Also, the ProgID returns -1 now instead of 0 if the process is now found. I forgot that [ SYSTEM ] is a process and always has the progID of 0. So now it returns -1 which is not a process.

Enjoy

============

Trainer Example
(See the VB Trainer Tool Kit topic for an example.)
http://www.radiance-team.com/forums/....php?f=23&t=19
...
__________________
New forum coming soon!
https://forum.projecthax.com/t/welcome/37
  #9  
Old 05-02-2011
WeeMan WeeMan is offline
Administrator
 
Join Date: Apr 2011
Location: United States
Posts: 12,339
Default

Quote:
Originally Posted by atom0s
I decided to toss this up to show you how to use uFMOD in VB6 which allows you to compile XM files into your exe and play them.

------------------------------------------------------------------------------------
Firstly, I will say you need to be careful and follow this tutorial closely cause you will be editing the linker used to compile your VB project which if you do mess up you will not be able to compile things with VB anymore unless you reinstall.
------------------------------------------------------------------------------------

To start, download the uFMOD package from here:
http://sourceforge.net/project/downl...2.zip&84439757

This package contains examples and such for a lot of languages, including VB6 as well as the new linker.exe that is needed to be used to compile and play the sound files correctly. So lets begin.

Extract the above package to your desktop in a new folder and goto:
ufmod-1.25-win32\VisualBasic6\Readme\VB98In here you should see the LINK.exe which is required to be used for this to work. (Don't worry, you can still make normal apps with this link.exe so no harm done in using it.)

Next, goto the location you installed VB to, I used Visual Studio 6 so mine is at:
C:\Program Files\Microsoft Visual Studio\VB98

Inside that folder, locate the LINK.exe and rename it to LNK.exe (remove the i) and then copy + paste the LINK.exe inside the uFMOD folder into your VB6 directory.

Now lets make a text application.

Next, open VB and create a new standard EXE project. First we need to enable and start the VB 6 Resource Editor. To do that goto the Add-Ins menu and goto Add-In Manager. Scroll down til you find "VB 6 Resource Editor". Click on it once then check the check boxes to the right that say, "Load on Startup" and "Loaded/Unloaded" so they are both checked. Then click ok.

You should see a new icon in your toolbar to the top that is a bunch of green blocks like resource files look like. That is the resource editor short cut icon.

Now you need to add a resource file to your project. BUT, do not use VB6's resource creator / editor for this. It will not work correctly. (VB doesn't let you modify where the resource is added in the resource file. Its a very basic resource editor. I suggest you download ResHack from here instead.)
http://angusj.com/resourcehacker/

Firstly, you will need to use VB6 to create a blank resource file because ResHack will only modify existing ones. That being said, in VB goto Project->Add New Resource File
Point the location box to your projects file and in the File Name box type a name without any extension. VB will say the file does not exist and asks if you want to create it. Click yes.

Now, open ResHack and goto File -> Open and open the new resource file you just made in VB6. (You will need to change the file type to .res in the file selection box for the resource file to show.)

Once thats open you should have a blank resource file infront of you. Next goto Action -> Add New Resource and a box should appear. Click the "Open file with new resource" button at the top and point it to your XM file. Now be sure to follow this carefully.
In Resource Type, put: 10
In Resource Name, put: (Any number you want.) 101, for this example.
In Resource Language, put: (Nothing, leave it blank.)

A new resource should pop up on the left under RCData. Now just goto File -> Save and close ResHack.

------------
VB wont update the resource file unless you remove it and add it back to the project, or reload the project. (Again their resource editor sucks.)
------------

Next you will need to go back into the uFMOD directory and goto:
ufmod-1.25-win32\VisualBasic6\WinMM

Inside this folder, you should see a uF_vb.bas and ufmod.lib. Copy both of those files and put them in the same folder that your resource file is located at. (These files are required to be present when compiling and you MUST include the module file in your project for this to work.)

That being said, add the uF_vb.bas file to your project now. (Simply drag the file from the folder into the object browser window in VB.

Next we need to tell VB to play our file, to do so you will use code like this:

To play the music use the following code. Replace 101 with the number the resource editor assigned to your XM file, or which ever you edited it to.
Code:
 uFMOD_PlaySong 101, 0, XM_RESOURCE
To stop the music, simply use the following code:
Code:
 uFMOD_PlaySong 0, 0, 0
Now before you attempt to use the file understand this. uFMOD WILL NOT work in the IDE. You HAVE to compile the file for it to work. This is because VB does not come stock with the ability to play XM files and will not understand what to do with it. Along with that, the functions you are using above have no code since they are basically just "proxy" functions for the uFMod.lib file.

So, you must compile the file first. File -> Make... and make the exe file.

Then, if you followed things correctly open your exe file and it should play your music file. (You will have to do what ever you said to in your code to get it to play such as if you put the code in a button, press the button.)

~ Enjoy.
...
__________________
New forum coming soon!
https://forum.projecthax.com/t/welcome/37
  #10  
Old 05-02-2011
WeeMan WeeMan is offline
Administrator
 
Join Date: Apr 2011
Location: United States
Posts: 12,339
Default

Quote:
Originally Posted by atom0s
Made this to test something, and figured I'd repost here for a more direct find for anyone looking for an example of this. This is a DLL written in MASM that nops out the flag instruction in Minesweeper when injected, and will replace it back with the original code when it is uninjected.

dll_name_here.asm:
Code:
;o0o Settings  o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o
  
     .486
     .model flat, stdcall
     option casemap :none
  
 ;o0o Includes  o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o
  
     include \masm32\include\windows.inc
     include \masm32\include\user32.inc
     include \masm32\include\kernel32.inc
     include \masm32\macros\macros.asm
  
 ;o0o Libs  o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o
  
     includelib \masm32\lib\user32.lib
     includelib \masm32\lib\kernel32.lib
  
 ;o0o Prototypes  o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o
  
     ; Nada currently..
  
 ;o0o Data  o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o
  
     .data
  
         OrgArray    db    01h,05h,94h,51h,00h,01h
         NopArray    db     90h,90h,90h,90h,90h,90h
         FlagAddress     dd    100346eh
  
     .data?
  
         dwLastProtect    dd    ?
  
 ;o0o Code  o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o0o
  
     .code
  
     DllEntry proc hInstDLL:HINSTANCE,reason:DWORD,reserved1:DWORD
  
         cmp reason, DLL_PROCESS_ATTACH
         jne @F
  
         lea eax, dwLastProtect
         push eax
         push PAGE_EXECUTE_READWRITE
         push 6
         push FlagAddress
         call VirtualProtect
  
         push 6
         lea eax, NopArray
         push eax
         push FlagAddress
         call RtlMoveMemory
  
     @@:
         cmp reason, DLL_PROCESS_DETACH
         jne @F
  
         push 6
         lea eax, OrgArray
         push eax
         push FlagAddress
         call RtlMoveMemory
  
         lea eax, dwLastProtect
         push eax
         push dwLastProtect
         push 6
         push FlagAddress
         call VirtualProtect
  
     @@:
         mov eax,TRUE
         ret
  
     DllEntry endp
  
     end DllEntry
dll_name_here.def:
Code:
LIBRARY dll_name_here
build.bat:
Code:
@echo off
  
 if exist *.obj del *.obj
 if exist *.dll del *.dll
  
 \masm32\bin\ml /c /coff dll_name_here.asm
 \masm32\bin\link /SUBSYSTEM:WINDOWS /DLL /DEF:dll_name_here.def  dll_name_here.obj
  
 dir test.*
  
 pause
Be sure to go though each piece of code and adjust the things that say 'dll_name_here' to what ever you name the DLL. They should match the .asm file name for consistency.
...
__________________
New forum coming soon!
https://forum.projecthax.com/t/welcome/37
Closed Thread

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
SREmu Backup WeeMan Programming 0 05-02-2011 04:26 AM


All times are GMT. The time now is 06:15 PM.
Powered by vBulletin® Version 3.8.11
Copyright ©2000 - 2018, vBulletin Solutions Inc.

Google+ Facebook Twitter