Filename instead of WinCap

sawky · #1 10-08-2008, 08:23

I currently us game trainer studio to make my hacks ...but it uses WindCap to poke the addresses ...I want it to poke a Filename.... How can I implement this in the example code below??

Code:

; #########################################################################

   .386
   .model flat, stdcall  ; 32 bit memory model
   option casemap :none  ; case sensitive

   include trainer.inc   ; local includes for this file



; #########################################################################

.data



; ### Constants Below

; ### Constants Above

; ### Bytes Below



Button00000 db 090h
            db 090h
            db 090h
            db 090h
            db 090h
            db 090h
; ### Bytes Above

; ### Button Messages Below



; ### Button Messages Above

   WindCap db 'Half-Life 2 DM',0
   szDisplayName db 'Trainer',0
.code

start:
   invoke GetModuleHandle, NULL
   mov hInstance, eax

   invoke GetCommandLine
   mov CommandLine, eax

   invoke WinMain,hInstance,NULL,CommandLine,SW_SHOWDEFAULT
   invoke ExitProcess,eax

; #########################################################################

WinMain proc hInst     :DWORD,
             hPrevInst :DWORD,
             CmdLine   :DWORD,
             CmdShow   :DWORD

   ;====================
   ; Put LOCALs on stack
   ;====================

   LOCAL wc   :WNDCLASSEX
   LOCAL msg  :MSG
   LOCAL Wwd  :DWORD
   LOCAL Wht  :DWORD
   LOCAL Wtx  :DWORD
   LOCAL Wty  :DWORD

   ;==================================================
   ; Fill WNDCLASSEX structure with required variables
   ;==================================================

   invoke LoadIcon,hInst,500    ; icon ID
   mov hIcon, eax

   szText szClassName,"Trainer_Class"

   mov wc.cbSize,         sizeof WNDCLASSEX
   mov wc.style,          CS_HREDRAW or CS_VREDRAW \
                or CS_BYTEALIGNWINDOW
   mov wc.lpfnWndProc,    offset WndProc
   mov wc.cbClsExtra,     NULL
   mov wc.cbWndExtra,     NULL
   m2m wc.hInstance,      hInst
   mov wc.hbrBackground,  COLOR_BTNFACE+1
   mov wc.lpszMenuName,   NULL
   mov wc.lpszClassName,  offset szClassName
   m2m wc.hIcon,          hIcon
   invoke LoadCursor,NULL,IDC_ARROW
   mov wc.hCursor,        eax
   m2m wc.hIconSm,        hIcon

   invoke RegisterClassEx, ADDR wc

   ;================================
   ; Centre window at following size
   ;================================

   mov Wwd, 160 ; Dialog Width
   mov Wht, 76 ; Dialog Height

   invoke GetSystemMetrics,SM_CXSCREEN
   invoke TopXY,Wwd,eax
   mov Wtx, eax

   invoke GetSystemMetrics,SM_CYSCREEN
   invoke TopXY,Wht,eax
   mov Wty, eax

   invoke CreateWindowEx,WS_EX_LEFT,
               ADDR szClassName,
               ADDR szDisplayName,
               WS_MINIMIZEBOX or WS_OVERLAPPED or WS_SYSMENU,
               Wtx,Wty,Wwd,Wht,
               NULL,NULL,
               hInst,NULL
   mov   hWnd,eax

   invoke ShowWindow,hWnd,SW_SHOWNORMAL
   invoke UpdateWindow,hWnd

   ;===================================
   ; Loop until PostQuitMessage is sent
   ;===================================

   StartLoop:
       invoke GetMessage,ADDR msg,NULL,0,0
       cmp eax, 0
       je ExitLoop
       invoke TranslateMessage, ADDR msg
       invoke DispatchMessage,  ADDR msg
       jmp StartLoop
   ExitLoop:

   return msg.wParam

WinMain endp

; #########################################################################

WndProc proc hWin   :DWORD,
             uMsg   :DWORD,
             wParam :DWORD,
             lParam :DWORD

    LOCAL var    :DWORD
    LOCAL caW    :DWORD
    LOCAL caH    :DWORD
    LOCAL color  :DWORD
    LOCAL hDC    :DWORD
    LOCAL Rct    :RECT
    LOCAL Ps     :PAINTSTRUCT
    LOCAL buffer1[128]:BYTE
    LOCAL buffer2[128]:BYTE
    LOCAL lfnt   :LOGFONT
    LOCAL psd    :PAGESETUPDLG
    LOCAL pd     :PRINTDLG

   .if uMsg == WM_COMMAND
        MOV EAX, wParam
       .if wParam == 499

       .elseif wParam == 500

       ButtonJump_Jump500:
Invoke TrainerEngine, NULL, Offset WindCap, 024000300h, Offset Button00000, 6


       .endif
   .elseif uMsg == WM_CREATE


           Invoke Protection
        MOV HotKeyMiniToggle, TRUE
        szText font1,'MS Sans Serif'
        invoke CreateFont,8,5,0,0,500,0,0,0, \
                          DEFAULT_CHARSET,0,0,0,\
                          DEFAULT_PITCH,ADDR font1
        mov hFont, eax

       Invoke SetTimer, hWin, 1, 100, 0 ; HotKey Timer
       Invoke SetTimer, hWin, 2, 300, 0 ; EditBox Timer 1
       Invoke SetTimer, hWin, 3, 300, 0 ; EditBox Timer 2



       szText bTxt1,"New Button"
       invoke PushButton,ADDR bTxt1,hWin,21,9,110,20,500

   .elseif uMsg == WM_TIMER
           Invoke Protection
       .If wParam == 1 ;   ### Timer Below ###




       .Endif ;        ### Timer Above ###

       .If wParam == 2 ;   ### Timer Below ###

       .Endif ;        ### Timer Above ###

       .If wParam == 3 ;   ### Timer Below ###




       .Endif ;        ### Timer Above ###



   .elseif uMsg == WM_PAINT
       invoke BeginPaint,hWin,ADDR Ps
         mov hDC, eax
         invoke Paint_Proc,hWin,hDC
       invoke EndPaint,hWin,ADDR Ps
       return 0
   .elseif uMsg == WM_DESTROY
       invoke PostQuitMessage,NULL
       return 0 
   .endif

    invoke DefWindowProc,hWin,uMsg,wParam,lParam

    ret

WndProc endp

; ########################################################################

TopXY proc wDim:DWORD, sDim:DWORD

   shr sDim, 1      ; divide screen dimension by 2
   shr wDim, 1      ; divide window dimension by 2
   mov eax, wDim    ; copy window dimension into eax
   sub sDim, eax    ; sub half win dimension from half screen dimension

   return sDim

TopXY endp

; #########################################################################

Paint_Proc proc hWin:DWORD, hDC:DWORD

   LOCAL btn_hi   :DWORD
   LOCAL btn_lo   :DWORD
   LOCAL Rct      :RECT

   invoke GetSysColor,COLOR_BTNHIGHLIGHT
   mov btn_hi, eax

   invoke GetSysColor,COLOR_BTNSHADOW
   mov btn_lo, eax

   return 0

Paint_Proc endp

; ########################################################################

end start

As you can see its finding "Half-Life 2 DM" window caption when I want "hl2.exe" Filename ...

Any ideas??

Regards sawky

DABhand · #2 10-08-2008, 18:55

There is a tut I did showing sheeps trainer skeleton.

It will show you how to load a specific file, and then obviously poke address/es

sawky · #3 11-08-2008, 04:09

Yeah...I looked at that ..I thought that changing

WindCap db 'Half-Life 2 DM',0 to
FileName db 'hl2.exe',0

and changing

Invoke TrainerEngine, NULL, Offset WindCap, 024000300h, Offset Button00000, 6 to

Invoke TrainerEngine, NULL, Offset FileName, 024000300h, Offset Button00000, 6

would of done it ....but not to be!!lol

is there anyway for it to look for multiple windows then.....

as an example (I know this doesnt work)

WindCap db 'Half-Life 2 DM' or 'Counter-Strike Source',0

thanx

TippeX · #4 11-08-2008, 06:31

erm...

WindCap = Window Caption

the code OBVIOUSLY uses FindWindow to do its work, checking the window caption, changing this to a filename would be utterly pointless..

if you're coding a trainer, then gettheprocessid from the window (or when you launch it using createprocess), then work from that...

i get the feeling you don't really know what you're doing

sawky · #5 11-08-2008, 07:20

I didnt just change the window caption to a file name .... I looked at the skeleton example which uses

FileName db 'game.exe',0

where as I use

WindCap db 'my game',0

and changed my code respectively but to no avail ....(as described above)

My WindCap trainers work fine..... I just wanted to change to 'FileName' ....

Not to worry If no-one knows how to do it....

Cheers sawky

TippeX · #6 11-08-2008, 08:01

you mean you want to display the filename in the trainer or something? cos im lost now...

DABhand · #7 11-08-2008, 09:42

By the looks of things he wants his trainer to find the Process name of a game.

But he cant change his WindCap for Filename as the rest of the coding doesnt work that way of course.

@sawky - you have to have similar as the skeleton to invoke loading the designated file and poking addresses. As said changing your WindCap for the Filename wont do anygood at all.

You will have to have this somewhere in your coding

invoke CreateProcess, ADDR FileName, NULL,NULL,NULL,NULL,\
NORMAL_PRIORITY_CLASS,NULL,NULL,ADDR StartUpInfo,ADDR hProcess

(the \ just lets the compiler know to goto the next line to continue the sequence)

Also setting the following under your .data? section

StartUpInfo STARTUPINFO <>
hProcess dd ?

So when the game is loaded it sets the address of where the game has loaded into your memory etc properly. So you can later use WriteProcessMemory to write your data.

Like so

invoke WriteProcessMemory,hProcess,Address,addr bytestobewritten,numberofbytestowrite

Would be just as easy to use the skeleton and change what you wanted it is easy enough to follow and change accordingly

[Psych] · #8 10-09-2009, 02:21

Then install WinPCap..

http://www.winpcap.org/install/default.htm

:/

Similar Threads
Thread	Thread Starter	Forum	Replies	Last Post
some selfboot games work but, some go to the cdplayer	SoilentBlue	DC Games	12	28-11-2002 01:56
DC and long filename support	LeeC	DC Games	1	12-04-2001 21:52