Convert CT to CPP

Z

Zhein

Member
Joined
Dec 17, 2023
Messages
21
Hi, can anyone help me how to convert the CT code to CPP?


Code: 
[ENABLE]
"ps_game.exe"+7F629:
nop
nop
nop
nop
nop
nop

"ps_game.exe"+7FF69:
nop
nop
nop
nop
nop
nop


[DISABLE]
"ps_game.exe"+7F629:
jne ps_game.exe+7F70E

"ps_game.exe"+7FF69:
jne ps_game.exe+8004E

Here is what I did, can you point out where is the mistake because it doesn't work.


Code: 
#define WIN32_LEAN_AND_MEAN
#include <windows.h>

#include <include/main.h>
#include <include/util.h>


namespace cross_faction {
}


void __declspec(naked) naked_0x7F629() {
    __asm {
        nop
        nop
        nop
        nop
        nop
        nop
    }
}

void __declspec(naked) naked_0x7FF69() {
    __asm {
        nop
        nop
        nop
        nop
        nop
        nop
    }
}

void hook::cross_faction() {
    util::detour((void*)0x7F629, naked_0x7F629, 6);
    util::detour((void*)0x7FF69, naked_0x7FF69, 6);
}

PS: I am still learning but I think I nailed it but I dunno why it doesn't work. I injected it to ps_game.exe as well correctly.
 
Last edited:
Solution
B
the function you're passing to the detour function doesn't return. it ends up hitting a breakpoint.

C++: 
void __declspec(naked) naked_0x7F629() {
    __asm {
        nop
        nop
        nop
        nop
        nop
        nop
        // crashes
    }
}

when you injected the dll, this is what the code looked like in memory.

Code: 
0x6D36C010 0x90
0x6D36C011 0x90
0x6D36C012 0x90
0x6D36C013 0x90
0x6D36C014 0x90
0x6D36C015 0x90
0x6D36C016 0xCC // BOOM!

edit: i committed a write_memory overload to github that will make this easier.

C++: 
#define WIN32_LEAN_AND_MEAN
#include <windows.h>

#include <include/main.h>
#include <include/util.h>

namespace cross_faction {

}

void hook::cross_faction() {
    util::write_memory((void*)0x47F629...
Sort by date Sort by votes
i've never tried it that way, but the addresses should be:

0x47F629
0x47FF69

you can also do a memory write. i think it makes your intent more clear.

C++: 
#include <array>

std::array<std::uint8_t, 6> a00{ 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
util::write_memory((void*)0x47F629, &a00, 6);
util::write_memory((void*)0x47FF69, &a00, 6);
 
Upvote 0 Downvote
It crashes ps_game and here is the log.


Code: 
2023-12-23 11:24:52 <Console input> /nprotectoff

2023-12-23 11:24:52 <Console output> cmd NProtect off ok





================================================================

2023-12-23 11:27:42 Exception !!!, code=0x80000003, address=0x6D36C016

Minidump write end.....................

0x6D36C016 sdev.dll: naked_0x47FF69 + 6

0x29979020 <unknown module>: <unknown symbol>

0x004058A0 ps_game.exe: <unknown symbol>

0x004058A0 ps_game.exe: <unknown symbol>

0x57F0BB80 <unknown module>: <unknown symbol>

Stack trace end.....................



Stack trace(all thread) begin.....................



Module list:

D:\EP6.4 Server Files\PSM_Client\bin\ps_game.exe, loaded at 0x00400000 - 11/09/14 17:10:08

WARNING: ps_game.exe is not accessible
Symbol search path is: ps_game.pdb
WARNING: ps_game.pdb is not accessible
WARNING: ps_game.pdb is not accessible

Microsoft (R) Windows Debugger  Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\EP6.4 Server Files\PSM_Client\bin\Log\20231223_112441_ps_game.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Windows Longhorn Version 9200 MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sat Dec 23 11:27:42 2023
System Uptime: not available
Process Uptime: 0 days 0:03:02.000
Symbol search path is: ps_game.pdb
Executable search path is: ps_game.exe
...................................................
The call to LoadLibrary(ext) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(uext) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(ntsdexts) failed, Win32 error 2
    "The system cannot find the file specified."
Please check your debugger configuration and/or network access.

thread count = 22
thread 0(16200)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x76C46A52 sechost.dll: RegisterServiceCtrlHandlerExW + 594

0x76C576DE sechost.dll: I_ScIsSecurityProcess + 4526

0x76C55ACC sechost.dll: StartServiceCtrlDispatcherA + 108

0x004FC01B ps_game.exe: <unknown symbol>


thread 1(11996)

0x77C1315C ntdll.dll: ZwWaitForMultipleObjects + 12

0x76AF4CC8 KERNELBASE.dll: WaitForMultipleObjects + 24

0x004FA938 ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 2(1244)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004F5A78 ps_game.exe: <unknown symbol>

0x76D7FCC9 KERNEL32.DLL: BaseThreadInitThunk + 25

0x77C07C6E ntdll.dll: RtlGetAppContainerNamedObjectPath + 286

0x77C07C3E ntdll.dll: RtlGetAppContainerNamedObjectPath + 238


thread 3(15264)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 4(3300)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 5(9788)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x75524F62 MSWSOCK.dll: sethostname + 16658

0x7610692F WS2_32.dll: WSAAccept + 143

0x004E9B6E ps_game.exe: <unknown symbol>


thread 6(10280)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 7(13504)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 8(13960)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 9(4412)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 10(8152)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 11(13588)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 12(13784)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 13(12276)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 14(12920)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 15(2436)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 16(11944)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x0040374D ps_game.exe: <unknown symbol>


thread 17(12160)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x00403ADB ps_game.exe: <unknown symbol>


thread 18(3836)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x00403ADB ps_game.exe: <unknown symbol>


thread 19(13036)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x00403ADB ps_game.exe: <unknown symbol>


thread 20(10092)

0x77C13ADC ntdll.dll: ZwGetContextThread + 12

0x046E0190 dbghelp.dll: SymFunctionTableAccess

0x52990C45 <unknown module>: <unknown symbol>


thread 21(15892)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x00403ADB ps_game.exe: <unknown symbol>



Stack trace(all thread) end.....................

================================================================
 
Upvote 0 Downvote
the function you're passing to the detour function doesn't return. it ends up hitting a breakpoint.

C++: 
void __declspec(naked) naked_0x7F629() {
    __asm {
        nop
        nop
        nop
        nop
        nop
        nop
        // crashes
    }
}

when you injected the dll, this is what the code looked like in memory.

Code: 
0x6D36C010 0x90
0x6D36C011 0x90
0x6D36C012 0x90
0x6D36C013 0x90
0x6D36C014 0x90
0x6D36C015 0x90
0x6D36C016 0xCC // BOOM!

edit: i committed a write_memory overload to github that will make this easier.

C++: 
#define WIN32_LEAN_AND_MEAN
#include <windows.h>

#include <include/main.h>
#include <include/util.h>

namespace cross_faction {

}

void hook::cross_faction() {
    util::write_memory((void*)0x47F629, 0x90, 6);
    util::write_memory((void*)0x47FF69, 0x90, 6);
}
 
Upvote 0 Downvote
Solution
You must log in or register to reply here.
Back
Top