Jump to content
View in the app

A better way to browse. Learn more.
Shaiya.gg

A full-screen app on your home screen with push notifications, badges and more.

To install this app on iOS and iPadOS
  1. Tap the Share icon in Safari
  2. Scroll the menu and tap Add to Home Screen.
  3. Tap Add in the top-right corner.
To install this app on Android
  1. Tap the 3-dot menu (⋮) in the top-right corner of the browser.
  2. Tap Add to Home screen or Install app.
  3. Confirm by tapping Install.

Convert CT to CPP

  •

Hi, can anyone help me how to convert the CT code to CPP?

 

 

[ENABLE]
"ps_game.exe"+7F629:
nop
nop
nop
nop
nop
nop

"ps_game.exe"+7FF69:
nop
nop
nop
nop
nop
nop


[DISABLE]
"ps_game.exe"+7F629:
jne ps_game.exe+7F70E

"ps_game.exe"+7FF69:
jne ps_game.exe+8004E

 

Here is what I did, can you point out where is the mistake because it doesn't work.

 

 

#define WIN32_LEAN_AND_MEAN
#include <windows.h>

#include <include/main.h>
#include <include/util.h>


namespace cross_faction {
}


void __declspec(naked) naked_0x7F629() {
   __asm {
       nop
       nop
       nop
       nop
       nop
       nop
   }
}

void __declspec(naked) naked_0x7FF69() {
   __asm {
       nop
       nop
       nop
       nop
       nop
       nop
   }
}

void hook::cross_faction() {
   util::detour((void*)0x7F629, naked_0x7F629, 6);
   util::detour((void*)0x7FF69, naked_0x7FF69, 6);
}

 

PS: I am still learning but I think I nailed it but I dunno why it doesn't work. I injected it to ps_game.exe as well correctly.

Edited by Zhein

Featured Replies

i've never tried it that way, but the addresses should be:

 

0x47F629

0x47FF69

 

you can also do a memory write. i think it makes your intent more clear.

 

#include <array>

std::array<std::uint8_t, 6> a00{ 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 };
util::write_memory((void*)0x47F629, &a00, 6);
util::write_memory((void*)0x47FF69, &a00, 6);

  • Author

It crashes ps_game and here is the log.

 

 

2023-12-23 11:24:52 <Console input> /nprotectoff

2023-12-23 11:24:52 <Console output> cmd NProtect off ok





================================================================

2023-12-23 11:27:42 Exception !!!, code=0x80000003, address=0x6D36C016

Minidump write end.....................

0x6D36C016 sdev.dll: naked_0x47FF69 + 6

0x29979020 <unknown module>: <unknown symbol>

0x004058A0 ps_game.exe: <unknown symbol>

0x004058A0 ps_game.exe: <unknown symbol>

0x57F0BB80 <unknown module>: <unknown symbol>

Stack trace end.....................



Stack trace(all thread) begin.....................



Module list:

D:\EP6.4 Server Files\PSM_Client\bin\ps_game.exe, loaded at 0x00400000 - 11/09/14 17:10:08

WARNING: ps_game.exe is not accessible
Symbol search path is: ps_game.pdb
WARNING: ps_game.pdb is not accessible
WARNING: ps_game.pdb is not accessible

Microsoft (R) Windows Debugger  Version 6.3.0017.0
Copyright (c) Microsoft Corporation. All rights reserved.


Loading Dump File [D:\EP6.4 Server Files\PSM_Client\bin\Log\20231223_112441_ps_game.dmp]
User Mini Dump File: Only registers, stack and portions of memory are available

Windows Longhorn Version 9200 MP (4 procs) Free x86 compatible
Product: WinNt, suite: SingleUserTS
Debug session time: Sat Dec 23 11:27:42 2023
System Uptime: not available
Process Uptime: 0 days 0:03:02.000
Symbol search path is: ps_game.pdb
Executable search path is: ps_game.exe
...................................................
The call to LoadLibrary(ext) failed, Win32 error 2
   "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(exts) failed, Win32 error 2
   "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(uext) failed, Win32 error 2
   "The system cannot find the file specified."
Please check your debugger configuration and/or network access.
The call to LoadLibrary(ntsdexts) failed, Win32 error 2
   "The system cannot find the file specified."
Please check your debugger configuration and/or network access.

thread count = 22
thread 0(16200)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x76C46A52 sechost.dll: RegisterServiceCtrlHandlerExW + 594

0x76C576DE sechost.dll: I_ScIsSecurityProcess + 4526

0x76C55ACC sechost.dll: StartServiceCtrlDispatcherA + 108

0x004FC01B ps_game.exe: <unknown symbol>


thread 1(11996)

0x77C1315C ntdll.dll: ZwWaitForMultipleObjects + 12

0x76AF4CC8 KERNELBASE.dll: WaitForMultipleObjects + 24

0x004FA938 ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 2(1244)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004F5A78 ps_game.exe: <unknown symbol>

0x76D7FCC9 KERNEL32.DLL: BaseThreadInitThunk + 25

0x77C07C6E ntdll.dll: RtlGetAppContainerNamedObjectPath + 286

0x77C07C3E ntdll.dll: RtlGetAppContainerNamedObjectPath + 238


thread 3(15264)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 4(3300)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 5(9788)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x75524F62 MSWSOCK.dll: sethostname + 16658

0x7610692F WS2_32.dll: WSAAccept + 143

0x004E9B6E ps_game.exe: <unknown symbol>


thread 6(10280)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 7(13504)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 8(13960)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 9(4412)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 10(8152)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 11(13588)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 12(13784)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 13(12276)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 14(12920)

0x77C12C1C ntdll.dll: NtRemoveIoCompletion + 12

0x004F2492 ps_game.exe: <unknown symbol>


thread 15(2436)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x004E941B ps_game.exe: <unknown symbol>

0xCCCC76DE <unknown module>: <unknown symbol>


thread 16(11944)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x0040374D ps_game.exe: <unknown symbol>


thread 17(12160)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x00403ADB ps_game.exe: <unknown symbol>


thread 18(3836)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x00403ADB ps_game.exe: <unknown symbol>


thread 19(13036)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x00403ADB ps_game.exe: <unknown symbol>


thread 20(10092)

0x77C13ADC ntdll.dll: ZwGetContextThread + 12

0x046E0190 dbghelp.dll: SymFunctionTableAccess

0x52990C45 <unknown module>: <unknown symbol>


thread 21(15892)

0x77C12BCC ntdll.dll: NtWaitForSingleObject + 12

0x76AEABB2 KERNELBASE.dll: WaitForSingleObject + 18

0x00403ADB ps_game.exe: <unknown symbol>



Stack trace(all thread) end.....................

================================================================

the function you're passing to the detour function doesn't return. it ends up hitting a breakpoint.

 

void __declspec(naked) naked_0x7F629() {
   __asm {
       nop
       nop
       nop
       nop
       nop
       nop
       // crashes
   }
}

 

when you injected the dll, this is what the code looked like in memory.

 

0x6D36C010 0x90
0x6D36C011 0x90
0x6D36C012 0x90
0x6D36C013 0x90
0x6D36C014 0x90
0x6D36C015 0x90
0x6D36C016 0xCC // BOOM!

 

edit: i committed a write_memory overload to github that will make this easier.

 

#define WIN32_LEAN_AND_MEAN
#include <windows.h>

#include <include/main.h>
#include <include/util.h>

namespace cross_faction {

}

void hook::cross_faction() {
   util::write_memory((void*)0x47F629, 0x90, 6);
   util::write_memory((void*)0x47FF69, 0x90, 6);
}

    •
    • Thanks 1
    • Author

    Thanks [mention=7]Bowie[/mention]

     

    Request for closing this thread. Solved!

    Create an account or sign in to comment
    Go to topic listing

    Account

    Navigation

    Search

    Configure browser push notifications
    Chrome (Android)
    1. Tap the lock icon next to the address bar.
    2. Tap Permissions → Notifications.
    3. Adjust your preference.
    Chrome (Desktop)
    1. Click the padlock icon in the address bar.
    2. Select Site settings.
    3. Find Notifications and adjust your preference.