What is going on with this community? Everything, is 'closed source' only, nowadays every gunz server has anti-lead and all stuff, so I think it's time for us to start sharing, instead of PAYING for something, I see so much awesome designers releasing their projects, because they feel so good at doing it and showing people what they have done.
Why is it that with us programmers have to be different?
To boost the idea up, I'll make a fast simple and clean tutorial of something that everyone may already know, but you can come up with an idea from it.
Reading a memory from a running process.
This function will read an specified address of all running process on windows. You can use it to detect which a program is running or not.Code:bool ProcessRead(DWORD address, DWORD binary, int bytes) { HANDLE openpid, snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0); unsigned nHandle; PROCESSENTRY32 Process32; memset (&Process32, 0, sizeof (Process32)); Process32.dwSize = sizeof (Process32); while (Process32Next (snap, &Process32)) { openpid = OpenProcess(PROCESS_VM_READ,false,Process32.th32ProcessID); ReadProcessMemory(openpid,(void *)address,&nHandle,bytes,NULL); if(nHandle == binary) return true; CloseHandle(uHandle); } CloseHandle(snap); return false; }
Example, you want to know whether dev-cpp is running or not.
Choose 1,2,3...(how much you want) address(es) from dev-cpp memory.
Open up ollydbg and highlight and address, and right click
Copy->To Clipboard, and paste it somewhere
//0041A2F7 |. 8B4D 08 MOV ECX,DWORD PTR SS:[EBP+8]
If you would like, find another address, to be more specific when snap reading the running processes memory
I chose this one to be quickly
//0041A309 |. 895424 10 MOV DWORD PTR SS:[ESP+10],EDX
The function itself will read all the running process memory at the address you specified (in this case 0041A2F7).
It will also compare, if the binary on that region matches with the one you specified.
So we will use the function this way
if(ProcessRead(the address we choose, the bytes in that regions, how many bytes to read))Code:if(ProcessRead(0x0041A2F7,0x084D8B,3)) //if true { MessageBoxA(0,"hey dev cpp is running","ok",MB_OK); }
08 4D 8B - Wew it's 3 bytes! so we must choose it to read 3 bytes
Do not forget that, it'll not read as displayed on the ollydbg or the memory viewer you're using, I can say it'll read backwards so if it displays:
8B4D 08
you have to use
0x 08 4D8B
also do not forget to add a 0x in front of the address.
You can specify how many addresses you want to read on that process, if you think another process will have the same (bytes) on that address.
do not forget to
#include <tlhelp32.h>
I found this way the fastest and the easier one to use, sice c++ forbids comparison between pointer and integer.
I was going to show up how to hook things like mouse_event, get from where it is being called and etc, but it's a lot late here on brazil and i got to sleep.
If you have any ideas of how can we improve this, it would be so nice to hear you. I'll be releasing some more complex tutorials later then.
Have a good time you all
![[Tutorial]Reading process and Blocking functions](http://ragezone.com/hyper728.png)
Originally Posted by Rotana
