Changing flags from a DLL?

This is a discussion on Changing flags from a DLL? within the C++ Programming forums, part of the General Programming Boards category; I would like to know how have a DLL that will change flags/registers when execution hits a certain location. I ...

  1. #1
    Registered User
    Join Date
    Sep 2007
    Posts
    67

    Changing flags from a DLL?

    I would like to know how have a DLL that will change flags/registers when execution hits a certain location. I can change values; that's easy enough. What about flags and registers only when execution hits a certain location?

    RobotGymnast

  2. #2
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Sure, you can change the flags register. Same way you would change the flags register otherwise - either perform instructions that directly change the flags register, such as [clc; stc; cld; std], or perform for example compare operations, which change the flags register as a result of the comparison.

    Or, if you want to set a specific value in the flags register, use a push/popf combination, pushing the value you want to have, and popping back into the flags register. You can also use SAHF to set flags from the AH register.

    Note however that if you plan to change anything but the lower 8 bits, you can't - the rest of the bits are protected, so only code that has Ring0 (kernel) privilege can modify those bits (since they are involved with protection and kernel execution in themselves, it would be pretty pointless if you could change them in user-mode).

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  3. #3
    Registered User
    Join Date
    Sep 2007
    Posts
    67
    I understand that for the most part, but how do you only change them when execution hits a certain address, like in a multi-threaded application, how do you detect when execution has hit a certain address in another thread?

  4. #4
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    You can't, other than using a debug interface to set a breakpoint on that address, and then when the breakpoint hits, you do whatever you need to do.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  5. #5
    Registered User
    Join Date
    Sep 2007
    Posts
    67
    err wow that's strange.. I've seen, especially in game hacking DLLs, people implement hacks that require flag changes.. the weird part was they were doing some sort of weird XOR thing that I couldn't understand

  6. #6
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Well, first of all, we do not discuss game cheats here, second, XOR is an instruction that will change the flags.

    But you can not, XOR or or otherwise, affect another threads flags without stopping that thread and changing the flags, or modifying the actual code.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  7. #7
    Registered User
    Join Date
    Sep 2007
    Posts
    67
    (I was just using it as an example because that's where I've seen it.. I'm not really using it for anything, I'm more just trying to do random stuff that's a bit more low-level, because it's new to me)

    hmm alright, I wonder how it was done then. Thanks anyway

  8. #8
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    Most game cheats do "code injection". The DLL is usually added to allow extending the games existing code (you can only "shorten" existing code unless you have some extra space somewhere to stick the EXTRA code).

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  9. #9
    Registered User
    Join Date
    Sep 2007
    Posts
    67
    it wasn't code injection, it was just value editing.. here's the source code.. it's somewhat messy (you should've seen it before I cleaned it up)

    Code:
    #include <windows.h>
    
    #define KLIPPETYK    0x486c9a
    #define INF_MASSIVE1 0x482189 
    #define INF_MASSIVE2 0x482191 
    #define PINGOU       0x4dd170 
    #define HP_LOCK      0x4862c9
    #define AP_LOCK      0x486399 
    #define FAST_SWITCH  0x481fcd 
    #define INF_JUMP     0x483468
    #define HBLOCK1     0x482120
    #define HBLOCK2     0x482121
    #define IBLOCK     0x481f36
    #define KLIP    0x486c9b
    #define LM11    0x481e5d
    #define LM12    0x481e5e
    #define LM21    0x481e66
    #define LM22    0x481e67
    #define LM31    0x481e71
    #define LM32    0x481e72
    #define WALLH    0x4e1b96
    #define SSPEED    0x481670
    #define FGLIDE    0x486d99
    #define LEVI    0x486d3e
    #define WALLC1    0x4E075F
    #define WALLC2    0x4E0760
    #define WALLC3    0x4E0761
    #define HUNCH    0x4823fd
    #define KDOWN    0x4822dd
    #define FDEATH1    0x48231d
    #define FDEATH2    0x48231e
    #define FDEATH3    0x482327
    #define FDEATH4    0x482328
    #define ROLLS    0x4816aa
    #define FLY    0x486d17
    #define SWALLS    0x5022ad
    #define BOING1    0x481942
    #define BOING2    0x481943
    #define BOING3    0x481944
    #define BOING4    0x481945
    #define NBODY1    0x4f09a9
    #define NBODY2    0x4f09aa
    #define NBODY3    0x4f09ab
    #define NBODY4    0x4f09ac
    #define NBODY5    0x4f09ad
    #define NBODY6    0x4f09ae
    #define NST    0x4da766
    #define INVIS    0x4768c5
    #define PURP    0x4d9806
    #define BLU    0x4d981b
    #define GRN    0x4d9830
    #define SWF    0x4dd1c5
    #define SLOMOTION    0x4dd179
    #define CSEAX    0x486b37
    #define NINJ    0x48346e
    #define RED    0x4d97f1
    #define BHOP1    0x482949
    #define BHOP2    0x48294a
    #define BHOP3    0x48294b
    #define BHOP4    0x48294c
    #define BHOP5    0x48294d
    #define BHOP6    0x48294e
    #define CAMOHP1    0x5edd50
    #define CAMOHP2    0x5edd51
    #define CAMOHP3    0x5edd52
    #define CAMOHP4    0x5edd53
    
    void start_it();
    
         
    BOOL WINAPI DllMain(HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
    {
    	DWORD ThreadId;
    
    	if (fdwReason == DLL_PROCESS_ATTACH)
    		CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&start_it, 0, 0, &ThreadId);
    
    	return TRUE;
    }
    
    void start_it()
    {
         MessageBox (0, "Message?\n                           ", "Y HELO THAR!", MB_ICONINFORMATION);
         int k, m, p, h, a, f, j, b, y, g, s, w, l, n, t, vkd, vke, vkp, nmp, nm0, nm1, nm2, nm3, nm4, nm5, nm6, nm7, nm8, nm9, nma, nmd, nmm, vki, vkh, vku, e, c;
         k=0;m=0;p=0;h=0;a=0;f=0;j=0;y=0;g=0;s=0;w=0;l=0;n=0;t=0;vkd=0;vke=0;vkp=0;nmp=0;nm0=0;nm1=0;nm2=0;nm3=0;nm4=0;nm5=0;nm6=0;nm7=0;nm8=0;nm9=0;nma=0;nmd=0;nmm=0;vki=0;vkh=0;vku=0;e=0;c=0;b=1;
    	for(;;SleepEx(150, 0))
    	{
           if(GetAsyncKeyState(VK_MENU) &0x8000){
    		if(GetAsyncKeyState('K') &0x8000) { if (k) {k=0;if(b)MessageBeep(MB_ICONHAND);}else { k=1;if(b)MessageBeep(MB_ICONEXCLAMATION);} *(BYTE*)KLIP      ^= 32;}
    		if(GetAsyncKeyState('M')&0x8000) { if (m) {m=0;if(b)MessageBeep(MB_ICONHAND);}else{ m=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}
    			*(WORD*)INF_MASSIVE1 ^= 38885;
    			*(WORD*)INF_MASSIVE2 ^= 46308;
    		}
    
    		if(GetAsyncKeyState('P')&0x8000){if (p){ p=0;if(b)MessageBeep(MB_OK);}else{ p=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)PINGOU      ^= 11;}
    		if(GetAsyncKeyState('H')&0x8000){if (h){ h=0;if(b)MessageBeep(MB_OK);}else{ h=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)HP_LOCK     ^= 8;}
    		if(GetAsyncKeyState('A')&0x8000){if (a){ a=0;if(b)MessageBeep(MB_OK);}else{ a=1;if(b)MessageBeep(MB_ICONEXCLAMATION);} *(BYTE*)AP_LOCK     ^= 8;}
    		if(GetAsyncKeyState('F')&0x8000){if (f){ f=0;if(b)MessageBeep(MB_OK);}else{ f=1;if(b)MessageBeep(MB_ICONEXCLAMATION);} *(BYTE*)FAST_SWITCH ^= 14;}
    		if(GetAsyncKeyState('J')&0x8000){if (j){ j=0;if(b)MessageBeep(MB_OK);}else{ j=1;if(b)MessageBeep(MB_ICONEXCLAMATION);} *(BYTE*)INF_JUMP    ^= 1;}
    		if(GetAsyncKeyState('B')&0x8000){if (y){ y=0;if(b)MessageBeep(MB_OK);}else{ y=1;if(b)MessageBeep(MB_ICONEXCLAMATION);} *(BYTE*)HBLOCK1    ^= 228;*(BYTE*)HBLOCK2    ^= 152;*(BYTE*)IBLOCK    ^= 56;}
    		if(GetAsyncKeyState('Y')&0x8000){if (b){ b=0;MessageBeep(MB_OK);}else{ b=1; MessageBeep(MB_ICONEXCLAMATION);}}
    		if(GetAsyncKeyState('G')&0x8000){if (g){ g=0;if(b)MessageBeep(MB_OK);}else{ g=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)FGLIDE      ^= 3;}
    		if(GetAsyncKeyState('S')&0x8000){if (s){ s=0;if(b)MessageBeep(MB_OK);}else{ s=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)SSPEED      ^= 13;}
    		if(GetAsyncKeyState('W')&0x8000){if (w){ w=0;if(b)MessageBeep(MB_OK);}else{ w=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)WALLH      ^= 4;}
    		if(GetAsyncKeyState('L')&0x8000){if (l){ l=0;if(b)MessageBeep(MB_OK);}else{ l=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)LM11      ^= 228;*(BYTE*)LM12      ^= 238;*(BYTE*)LM21      ^= 229;*(BYTE*)LM22      ^= 229;*(BYTE*)LM31      ^= 229;*(BYTE*)LM32      ^= 250;}
    		if(GetAsyncKeyState('N')&0x8000){if (n){ n=0;if(b)MessageBeep(MB_OK);}else{ n=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}}
            if(GetAsyncKeyState('O')&0x8000){ExitThread(0);}
            if(GetAsyncKeyState(VK_DELETE)&0x8000){if (vkd){ vkd=0;if(b)MessageBeep(MB_OK);}else{ vkd=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)HUNCH      ^= 15;}
            if(GetAsyncKeyState(VK_END)&0x8000){if (vke){ vke=0;if(b)MessageBeep(MB_OK);}else{ vke=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)KDOWN      ^= 3;}
            if(GetAsyncKeyState(VK_NEXT)&0x8000){if (vkp){ vkp=0;if(b)MessageBeep(MB_OK);}else{ vkp=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)FDEATH1      ^= 233;*(BYTE*)FDEATH2      ^= 208;*(BYTE*)FDEATH3      ^= 232;*(BYTE*)FDEATH4      ^= 166;}
            if(GetAsyncKeyState(VK_DECIMAL)&0x8000){if (nmp){ nmp=0;if(b)MessageBeep(MB_OK);}else{ nmp=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)LEVI      ^= 24;}
            if(GetAsyncKeyState(VK_NUMPAD0)&0x8000){if (nm0){ nm0=0;if(b)MessageBeep(MB_OK);}else{ nm0=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)ROLLS      ^= 2;}
            if(GetAsyncKeyState(VK_NUMPAD1)&0x8000){if (nm1){ nm1=0;if(b)MessageBeep(MB_OK);}else{ nm1=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)FLY      ^= 3;}
            if(GetAsyncKeyState(VK_NUMPAD2)&0x8000){if (nm2){ nm2=0;if(b)MessageBeep(MB_OK);}else{ nm2=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)SWALLS      ^= 4;}
            if(GetAsyncKeyState(VK_NUMPAD3)&0x8000){if (nm3){ nm3=0;if(b)MessageBeep(MB_OK);}else{ nm3=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)BOING1      ^= 73;*(BYTE*)BOING2      ^= 196;*(BYTE*)BOING3      ^= 180;*(BYTE*)BOING4      ^= 136;}
            if(GetAsyncKeyState(VK_NUMPAD4)&0x8000){if (nm4){ nm4=0;if(b)MessageBeep(MB_OK);}else{ nm4=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)NBODY1      ^= 159;*(BYTE*)NBODY2      ^= 21;*(BYTE*)NBODY3      ^= 24;*(BYTE*)NBODY4      ^= 109;*(BYTE*)NBODY5      ^= 111;*(BYTE*)NBODY6      ^= 111;}
            if(GetAsyncKeyState(VK_NUMPAD5)&0x8000){if (nm5){ nm5=0;if(b)MessageBeep(MB_OK);}else{ nm5=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)NST      ^= 3;}
            if(GetAsyncKeyState(VK_NUMPAD6)&0x8000){if (nm6){ nm6=0;if(b)MessageBeep(MB_OK);}else{ nm6=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)INVIS      ^= 3;}
            if(GetAsyncKeyState(VK_NUMPAD7)&0x8000){if (nm7){ nm7=0;if(b)MessageBeep(MB_OK);}else{ nm7=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)PURP      ^= 2;}
            if(GetAsyncKeyState(VK_NUMPAD8)&0x8000){if (nm8){ nm8=0;if(b)MessageBeep(MB_OK);}else{ nm8=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)BLU      ^= 2;}
            if(GetAsyncKeyState(VK_NUMPAD9)&0x8000){if (nm9){ nm9=0;if(b)MessageBeep(MB_OK);}else{ nm9=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)GRN      ^= 2;}
            if(GetAsyncKeyState(VK_MULTIPLY)&0x8000){if (nmm){ nmm=0;if(b)MessageBeep(MB_OK);}else{ nmm=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)SWF      ^= 1;}
            if(GetAsyncKeyState(VK_DIVIDE)&0x8000){if (nmd){ nmd=0;if(b)MessageBeep(MB_OK);}else{ nmd=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)SLOMOTION      ^= 40;}
            if(GetAsyncKeyState(VK_ADD)&0x8000){if (nma){ nma=0;if(b)MessageBeep(MB_OK);}else{ nma=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)CSEAX      ^= 1;}
            if(GetAsyncKeyState(VK_INSERT)&0x8000){if (vki){ vki=0;if(b)MessageBeep(MB_OK);}else{ vki=1;if(b)MessageBeep(MB_ICONEXCLAMATION);} *(BYTE*)BHOP1      ^= 159;*(BYTE*)BHOP2      ^= 25;*(BYTE*)BHOP3      ^= 46;*(BYTE*)BHOP4      ^= 159;*(BYTE*)BHOP5      ^= 144;*(BYTE*)BHOP6      ^= 144;}
            if(GetAsyncKeyState(VK_HOME)&0x8000){if (vkh){ vkh=0;if(b)MessageBeep(MB_OK);}else{ vkh=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)NINJ      ^= 3;}
            if(GetAsyncKeyState(VK_PRIOR)&0x8000){if (vku){ vku=0;if(b)MessageBeep(MB_OK);}else{ vku=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)RED      ^= 2;}
            if(GetAsyncKeyState('C')&0x8000){if (c){ c=0;if(b)MessageBeep(MB_OK);}else{ c=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)CAMOHP1      ^= 102;*(BYTE*)CAMOHP2      ^= 102;*(BYTE*)CAMOHP3      ^= 17;*(BYTE*)CAMOHP4      ^= 123;}
            if(GetAsyncKeyState('Q')&0x8000){
                         if(b) MessageBeep(MB_ICONHAND);
                         if(k){*(BYTE*)KLIP      ^= 32; k=0;}
                         if(m){			*(WORD*)INF_MASSIVE1 ^= 38885;
    		                        	*(WORD*)INF_MASSIVE2 ^= 46308; m=0;}
                         if(p){*(BYTE*)PINGOU      ^= 11;p=0;}
                         if(h){h=1;  *(BYTE*)HP_LOCK     ^= 8;h=0;}
                         if(a){*(BYTE*)AP_LOCK     ^= 8;a=0;}
                         if(f){*(BYTE*)FAST_SWITCH ^= 14; f=0;}
                         if(j){*(BYTE*)INF_JUMP    ^= 1; j=0;}
                         if(g){*(BYTE*)FGLIDE      ^= 3; g=0;}
                         if(s){*(BYTE*)SSPEED      ^= 13; s=0;}
                         if(w){*(BYTE*)WALLH      ^= 4; w=0;}
                         if(l){*(BYTE*)LM11      ^= 228;*(BYTE*)LM12      ^= 238;*(BYTE*)LM21      ^= 229;*(BYTE*)LM22      ^= 229;*(BYTE*)LM31      ^= 229;*(BYTE*)LM32      ^= 250; l=0;}
                         if(vkd){*(BYTE*)HUNCH      ^= 15;vkd=0;}
                         if(vke){*(BYTE*)KDOWN      ^= 3;vke=0;}
                         if(vkp){*(BYTE*)FDEATH1      ^= 233;*(BYTE*)FDEATH2      ^= 208;*(BYTE*)FDEATH3      ^= 232;*(BYTE*)FDEATH4      ^= 166;vkp=0;}
                         if(nmp){*(BYTE*)LEVI      ^= 24;nmp=0;}
                         if(nm0){*(BYTE*)ROLLS      ^= 2;nm0=0;}
                         if(nm1){*(BYTE*)FLY      ^= 3;nm1=0;}
                         if(nm2){*(BYTE*)SWALLS      ^= 4;nm2=0;}
                         if(nm3){*(BYTE*)BOING1      ^= 73;*(BYTE*)BOING2      ^= 196;*(BYTE*)BOING3      ^= 180;*(BYTE*)BOING4      ^= 136;nm3=0;}
                         if(nm4){*(BYTE*)NBODY1      ^= 159;*(BYTE*)NBODY2      ^= 21;*(BYTE*)NBODY3      ^= 24;*(BYTE*)NBODY4      ^= 109;*(BYTE*)NBODY5      ^= 111;*(BYTE*)NBODY6      ^= 111;nm4=0;}
                         if(nm5){*(BYTE*)NST      ^= 3;nm5=0;}
                         if(nm6){*(BYTE*)INVIS      ^= 3;nm6=0;}
                         if(nm7){*(BYTE*)PURP      ^= 2;nm7=0;}
                         if(nm8){*(BYTE*)BLU      ^= 2;nm8=0;}
                         if(nm9){*(BYTE*)GRN      ^= 2;nm9=0;}
                         if(nmm){*(BYTE*)SWF      ^= 1;nmm=0;}
                         if(nmd){*(BYTE*)SLOMOTION      ^= 40;nmd=0;}
                         if(nma){*(BYTE*)CSEAX      ^= 1;nma=0;}
                         if(vki){*(BYTE*)BHOP1      ^= 159;*(BYTE*)BHOP2      ^= 25;*(BYTE*)BHOP3      ^= 46;*(BYTE*)BHOP4      ^= 159;*(BYTE*)BHOP5      ^= 144;*(BYTE*)BHOP6      ^= 144;vki=0;}
                         if(vkh){*(BYTE*)NINJ      ^= 3;vkh=0;}
                         if(vku){*(BYTE*)RED      ^= 2;vku=0;}
                         if(c){*(BYTE*)CAMOHP1      ^= 102;*(BYTE*)CAMOHP2      ^= 102;*(BYTE*)CAMOHP3      ^= 17;*(BYTE*)CAMOHP4      ^= 123;c=0;}
                         if(n){n=0;}}
        }
        if(n){*(WORD*)INF_MASSIVE1 ^= 38885; *(WORD*)INF_MASSIVE2 ^= 46308; SleepEx(175, 0); *(WORD*)INF_MASSIVE1 ^= 38885; *(WORD*)INF_MASSIVE2 ^= 46308;}
        }
    }

  10. #10
    Kernel hacker
    Join Date
    Jul 2007
    Location
    Farncombe, Surrey, England
    Posts
    15,677
    That looks like someone threw up...

    I can't read that code at all - lines are too long, and none of the variables have even remotely sane names.

    --
    Mats
    Compilers can produce warnings - make the compiler programmers happy: Use them!
    Please don't PM me for help - and no, I don't do help over instant messengers.

  11. #11
    Registered User
    Join Date
    Sep 2007
    Posts
    67
    I know, it's really horrible code.. it's one of the only publicly available DLL source codes for that game though.. it's outdated now anyway, I just keep it around as an example, but I haven't taken the time to clean it up too much

  12. #12
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,059
    err wow that's strange.. I've seen, especially in game hacking DLLs, people implement hacks that require flag changes.. the weird part was they were doing some sort of weird XOR thing that I couldn't understand
    If you're referring to the script kiddie code you just posted, then the author is doing nothing more than changing the value in a memory location. For instance

    Code:
    #define PINGOU       0x4dd170  //obviously refers to memory location 0x4dd170
    
                if(GetAsyncKeyState('P')&0x8000){if (p){ p=0;if(b)MessageBeep(MB_OK);}else{ p=1;if(b)MessageBeep(MB_ICONEXCLAMATION);}  *(BYTE*)PINGOU      ^= 11;}
    So, assuming memory location referred to by PINGOU contains the value 27, by ^= 11 that memory location will change the value in the memory location to 16

    27 = 00011011 (value this is originally in memory location 0x4dd170)
    11 = 00001011 (the exclusive or)

    16 = 00010000 (value that is now in memory location 0x4dd170)

    There isn't any exotic register/flag changing happening in the kiddie code you posted above.

  13. #13
    Registered User
    Join Date
    Sep 2007
    Posts
    67
    weird.. because I know some of these hacks usually needed a register change or breakpoint in the code.. not just on and off values... I wonder where he got these values

  14. #14
    Registered User
    Join Date
    Mar 2005
    Location
    Mountaintop, Pa
    Posts
    1,059
    Probably used a hacking tool like this one or this one to explore the memory of the target game

  15. #15
    Registered User
    Join Date
    Sep 2007
    Posts
    67
    I generally use CE, but it's just weird because that game has hack-protection.. nowadays it's done by searching for the byte signatures of old hacks

Page 1 of 2 12 LastLast
Popular pages Recent additions subscribe to a feed

Similar Threads

  1. Changing a char pointer via DLL
    By rockpaandi in forum C Programming
    Replies: 5
    Last Post: 04-11-2009, 11:16 PM
  2. non-MFC DLL with MFC app question.
    By Kempelen in forum Windows Programming
    Replies: 10
    Last Post: 08-20-2008, 07:11 AM
  3. dll communicating between each other
    By cloudy in forum C++ Programming
    Replies: 5
    Last Post: 06-17-2005, 02:20 AM
  4. DLL and std::string woes!
    By Magos in forum C++ Programming
    Replies: 7
    Last Post: 09-08-2004, 12:34 PM
  5. .lib vs .h vs .dll
    By Shadow12345 in forum C++ Programming
    Replies: 13
    Last Post: 01-01-2003, 04:29 AM

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21