PDA

View Full Version : Useful tool for Code shifting


SkOss|nO
24-02-2008, 15:16
Hi men, i coded this tool in 2 version VB6 and .NET, it's a tool to know the Modules loaded in memory from a process, and calculate the offset and base address, useful for code shifting.
the VB6 version uses the createtoolhelp32snapshot API and seems to work for all processes but not the system processes, but for the games and other processes there is no problem, the .NET version work for all, system and not system processes, so is advisable for people with the framework installed.
Enjoy!

UPDATE:
Link Updated
I have added a version using the PSapi API that is able to load system processes and not, as the .NET version, thx TippeX for advice

DOWNLOAD:
http://www.megaupload.com/it/?d=L1B8ATJM

TippeX
24-02-2008, 22:42
why oh why oh why did u do it in vb / .net, its bloated and not really 'suited' for training or whatnot.. put simply vb is shit... why not try coding in a better language and not one suited for noobs?

and using createtoolhelp32 api only works on 9x os's (toolhelp isnt present on nt os's afaik).. you need to use psapi instead...

DABhand
25-02-2008, 06:27
Wow TippeX youve been very grumpy lately :P

At least he done something to help others. You dont get anything like that these days anymore :)

TippeX
25-02-2008, 06:34
heh yeh cos my hands are tied..
and naw im not being grumpy, maybe it comes across that way, but im trying to point out to people starting to code tools etc / learning to code that vb may seem a good idea at the time, but really... it is not :)

caki
25-02-2008, 16:37
VB.net is my main programming language because of ease of use. If I need to toss together something for accounting and yet a couple of complex mathematical thingamajigs, VB.net is the way to go. Over time I have become so used to it that its all I use nowadays (except ASM for the good ole stuff ;) )

As for VB.net not being suited for trainers... well is this a trainer or a tool? =/ Either way, modern computers are so fast today that the bloat doesn't really matter (tho I agree .NET architecture is inefficient to the extremes... every 2 seconds it loads and unloads 14 modules due to crappy coding...).

SkOss|nO
25-02-2008, 17:17
why oh why oh why did u do it in vb / .net, its bloated and not really 'suited' for training or whatnot.. put simply vb is shit... why not try coding in a better language and not one suited for noobs?

and using createtoolhelp32 api only works on 9x os's (toolhelp isnt present on nt os's afaik).. you need to use psapi instead...
Relax man, I took it as a council and i made a PSapi version, i have updated the link and now there are .NET, VB6 Psapi and VB6 CreateToolhelp32, anyway thx for the council, but ther is no need to criticize the program only because is made in VB, sure C++ is better but if it work what is the problem? I agree with caki, .NET is not the best as performances, but for a tool like this there are not differences between languages, anyway thx for the council of PSapi :)

Wow TippeX youve been very grumpy lately :P

At least he done something to help others. You dont get anything like that these days anymore

I Love this man :D Hey DAB it's great to se you always active here, Keep supporting Game Hacking :)

TippeX
26-02-2008, 00:30
for me there is every need, and its really for your benefit...
eventually (hopefully soon) you'll realise that vb is a 'prototype' language, designed for prototyping code, and while it is easy to code, its bloated and not best designed for certain applications, like process monitoring, dumping, training, cracking / hacking related stuff.. its fine for inet, file stuff etc simply because the inet lags, files have access times and so on.. put simply its slow.. bloated and no matter what you think of your coding skills, you will always be viewed as a 'noob' coder simply because its an 'easy' language..

getting jobs in the industry for example usually require c/c++/asm knowledge, its rare to see jobs asking for vb coders (unless its some database program, or similar)... so changing languages to a 'better' one will benefit you in the future if you plan to get a job in the industry.. and once you switch you'll see what visual basic actually did.... and that was to hide most of how everything works in the windows system, eg: do you actually know how the text1.text="vb sux" works?.. by it making everything easy it 'limits' your understanding of the operating system, which in turn makes you a worse coder...

Joe Forster/STA
26-02-2008, 03:14
This is the same problem as having chosen between BASIC and assembly on a microcomputer in the 80's or choosing between a batch/shell/Perl/awk script or C/C++ today (mostly) under a Unix flavor. The former is easy and simple but not powerful, the latter vice versa.

SkOss|nO
26-02-2008, 04:10
Ok ok men, anyway i don't made it to show my skill to world, but simply hoping to do something of useful, and anyway a small tool like this of VB has only the declarations, the rest are only API functions, in my opinion isn't good to refuse a tool because the language used for it, but sure you are free to appreciate or refuse it, probably was not a good idea to release it.
Greetings! ;)

Synaesthesia
09-03-2008, 06:56
Good work, man. Instead of listening to all the bad mouths around, just evolve your skills in what ever language you want, and later you can shift them. It's not hard. Those stating VB is for the noob are so used to C++, that they think the rest of them languages are crap. Each with its beauty, I say. Out..

pikachu5501
19-03-2008, 15:36
modern computers are so fast today that the bloat doesn't really matter


well, it is not about performance. It is about limits. And stuff done in VB needs shitloads of runtimes and dll to run.

So, yes, vb is for "noob" but are we not noob at first when we learn ?.

My first language (beside "logo" at school when i was a kid) was Basic, quick-basic, powerbasic(the best basic for PC at this time and goddamn fast and could compile rather small exe files.). I did a lot of neat stuff with it but eventually i reached it's limit.

Anyway, learning C/C++ is reeealy easy. If you can count until 10 then Within 2 day you will get the basic of it like nothing. There is tons of tutorials and easy to install free C compiller on the net.

When you learning C/C++, you will notice that there is a lot more of language that look like C/C++ so it will be easier after to learn other language.

Anyway, you probally know all this but i just wanted to brag about it :p

TippeX
20-03-2008, 00:52
Good work, man. Instead of listening to all the bad mouths around, just evolve your skills in what ever language you want, and later you can shift them. It's not hard. Those stating VB is for the noob are so used to C++, that they think the rest of them languages are crap. Each with its beauty, I say. Out..

not quite, i've coded in dos 8 bit, 16 bit, pmode, 32 bit, vb dos, vb 16 bit, vb 32 bit, delphi, c, c++, and then fully onto win32 asm, so i know vb is a shit language, it hides so much from the end coder, so the coder will never evolve into something decent... hence my advice of dropping vb and moving to a better language like c/c++ or asm, which then makes the coder better skill wise.. vb is a prototyping language.. plain and simple and ditching it will increase your chances of getting a job in the industry... how many jobs out there (excluding database shit) require vb?...

SkOss|nO
25-03-2008, 07:33
Good work, man. Instead of listening to all the bad mouths around, just evolve your skills in what ever language you want, and later you can shift them. It's not hard. Those stating VB is for the noob are so used to C++, that they think the rest of them languages are crap. Each with its beauty, I say. Out..
Thx, i'm glad that you appreciate it :)

for the rest i think that what TippeX say is correct and it's a good advice i know that VB is limited and C++ is more powerful, but what i tryed to say is that this discussion is totally offtopic, i simply made a program and opened this topic to release it and not to talk of the best language.

TippeX
25-03-2008, 10:28
sorry yeah, i kind of side tracked the thread.. apologies, and the program is a nice thing to start off with (i did something similar in protectionid.. in asm though, with 'internal' methods and psapi/toolhelp - try finding the addresses of drivers with psapi heh :) )...

vb / .net is slowly getting more popular, mostly because of its 'stability', but with its stability the coder does lose a fair amount of how the operating system actually works (which was my main point) which might be microsoft's aim.. who knows..

and to be honest, you raised the languages thing in the first post..

actually, also, how is it useful for 'code shifting'.. if you mean code injection (either via a dll, or virtualallocex) then you're way off, there is no guarantee that the modules load at the same address on different systems (thats why dll's have relocations...).... if you mean something else, please explain

DABhand
25-03-2008, 19:21
Thats what Code Shifting is Tip, Coding that shifts addresses.

The address may change, but the contents and offsets dont :)

So obviously finding where say for example a game loads a specific dll and then use your trainer for that address+offset for things like health etc.

TippeX
25-03-2008, 23:54
aah okies, diff terminology.. :) relocating code is more accurate heheh

Softix
10-04-2008, 11:46
Nice i need something like this to test new dll for a hack hopefully it works ill let you know my results

pikachu5501
09-05-2008, 05:53
I dont know much about code shifting but searching for bytes pattern to find new adresses might work for code shifting? I know, that might sound ridiculous for some but i want to learn too.

TippeX
09-05-2008, 08:46
only byte patterns you could really use are mov <register>, [<value>] and then check if the value is within the exe, or in another memory area... and even then memory access stuff will be handled by the compiler for the game (which will probably be high level) and some compilers do some really strange stuff..

better way would be to 'walk the memory using VirtualQuery (if you're 'inside' the process) or VirtualQueryEx and check the data returned to see what type of memory it is (image, mem mapped, reserved, allocated or whatnot).. then you could process further

pikachu5501
15-05-2008, 06:45
Thanx . I will look into that.