Fixing some small errors, HELP!

General FreeBASIC programming questions.
Post Reply
perfecticus
Posts: 2
Joined: Aug 31, 2009 20:08

Fixing some small errors, HELP!

Post by perfecticus »

Ok, I found an outdated Freebasic file, which I'd like to get to work.

As I have close to none experience with this language, I'm asking for help.

Help.

Code: Select all


#include "windows.bi"
#include "win\psapi.bi"
#include "win/tlhelp32.bi"
#define ThreadQuerySetWin32StartAddress 9

Function FindProcessId(ByVal ProcessName As String) As DWORD
   DIM ProcessIds (1 to 256) as DWORD
    Dim BytesReturned As DWORD
    Dim ProcessNumber As DWORD
    Dim TotalProcesses As DWORD
   DIM FileName as STRING * 128
    Dim ExecutableName As String
    Dim hProcess As HANDLE
   EnumProcesses(@ProcessIds(0), 1024, @BytesReturned)
    TotalProcesses = BytesReturned / 4
    For ProcessNumber = 1 To TotalProcesses
        hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessIds(ProcessNumber))
      GetModuleFileNameEx(hProcess, NULL, @FileName, 128)
        ExecutableName = FileName
        If UCASE(RIGHT(ExecutableName, LEN(ProcessName))) = UCASE(ProcessName) Then
            CloseHandle(hProcess)
            Return ProcessIds(ProcessNumber)
        Else
            CloseHandle(hProcess)
        End If
    Next
    Return 0
End Function

Function FindThreadIds(ByVal ProcessId As DWORD, ByVal ThreadIds() As DWORD) As DWORD
    Dim TE32 As THREADENTRY32
    TE32.dwSize = SIZEOF(THREADENTRY32)
    Dim hSnapshot As HANDLE
    Dim TotalThreads As DWORD
    TotalThreads = 0
    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPTHREAD, 0)
   Thread32First(hSnapshot,@TE32)
    While TE32.th32OwnerProcessID <> ProcessId
      Thread32Next(hSnapshot,@TE32)
    End While
    While TE32.th32OwnerProcessID = ProcessId
        TotalThreads = TotalThreads + 1
        ThreadIds(TotalThreads) = TE32.th32ThreadID
      Thread32Next(hSnapshot,@TE32)
        If ThreadIds(TotalThreads) = ThreadIds(TotalThreads - 1) Then
            CloseHandle(hSnapshot)
            Return TotalThreads - 1
        End If
    End While
    CloseHandle(hSnapshot)
    Return TotalThreads
End Function

Function FindModuleHandle(ByVal ProcessId As DWORD, ByVal ModuleName As String) As HMODULE
   DIM hModules (1 to 256) as HMODULE   
    Dim hProcess As HANDLE
    Dim BytesReturned As DWORD
    Dim ModuleNumber As Byte
    Dim TotalModules As Byte
   DIM FileName as STRING * 128
    Dim ModName As String
    hProcess = OpenProcess(PROCESS_ALL_ACCESS, False, ProcessId)
   EnumProcessModules(hProcess, @hModules(0), 1024, @BytesReturned)
    TotalModules = BytesReturned / 4
    For ModuleNumber = 1 To TotalModules
      GetModuleFileNameEx(hProcess, hModules(ModuleNumber), @FileName, 128)
        ModName = FileName
        If UCASE(RIGHT(ModName, LEN(ModuleName))) = UCASE(ModuleName) Then
            CloseHandle(hProcess)
            Return hModules(ModuleNumber)
        End If
    Next
    CloseHandle(hProcess)
    Return 0
End Function

Sub OpcodePatch(ByVal hProcess As HANDLE, ByVal StartAddress As DWORD, ByVal Opcodes As String)
    Dim Patch As DWORD
    Dim PatchValue As DWORD
    For Patch = 1 To len(Opcodes) Step 2
        PatchValue = val("&H" + mid(Opcodes, Patch, 2))
    WriteProcessMemory(hProcess, StartAddress + (Patch \ 2), @PatchValue, 1, NULL)
    Next
End Sub

dim QueryInformationThread as function (byval as HANDLE, byval as LONG, byval as PVOID, byval as ULONG, byval as PULONG) as LONG 
QueryInformationThread = GetProcAddress(GetModuleHandle("ntdll.dll"), "NtQueryInformationThread")

Dim ProcessId As DWORD
Dim hProcess As HANDLE
Dim hThread As HANDLE
DIM ThreadIds(1 to 256) as DWORD
Dim ThreadProc As DWORD
Dim ThreadNum As DWORD
Dim ThreadCount As DWORD
screen 18
? "- #%$@(MY)v6.06a - www.snoxd.net -"
? "Start RYL or press any key to exit..."

while ProcessId = 0
  sleep 10
  ProcessId = FindProcessId ("gameguard.des")
  if inkey$ <> "" then end
wend
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId)
TerminateProcess(hProcess,0)
CloseHandle(hProcess)

ProcessId = 0
while ProcessId = 0
  sleep 10
  ProcessId = FindProcessId ("Client.exe") 'change this to the process you want to suspend/resume
  if inkey$<>"" then end
wend
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, ProcessId)

Dim GGPatch As Byte
Dim Test As Byte
While Test <> &H0F
  ReadProcessMemory(hProcess, &H004B53BD, @Test, 1, NULL)
Wend

OpcodePatch (hProcess, &H004B53BD, "E9F900000090")

ThreadCount = FindThreadIds (ProcessId, ThreadIds(0))
For ThreadNum = 1 to ThreadCount
  hThread = OpenThread(THREAD_ALL_ACCESS, FALSE, ThreadIds(ThreadNum))
  QueryInformationThread(hThread, ThreadQuerySetWin32StartAddress, @ThreadProc, sizeof(DWORD), NULL)
  If ThreadProc = &H020C10B0 then
    TerminateThread(hThread, 0)
  End If
  If ThreadProc = &H010FA150 then
    TerminateThread(hThread, 0)
  End If
  CloseHandle(hThread)
Next

CLS
DIM CrazyOrc AS STRING*9
Dim mobbma As Integer
DIM snoxd AS STRING*32
DIM newmob AS STRING*32
Dim mobsize As float
snoxd="www.snoxd.net"
newmob = "MON_frincle.GCMDS"
mobsize = 2

While CrazyOrc <> "Crazy Orc"
  ReadProcessMemory(hProcess, &H0093DB18, @mobbma, 4, NULL)
  ReadProcessMemory(hProcess, mobbma+&H212B0, @CrazyOrc, 9, NULL)
Wend

WriteProcessMemory(hProcess, mobbma+&H212B0, @snoxd, 32, NULL)
WriteProcessMemory(hProcess, mobbma+&H212D0, @newmob, 32, NULL)
WriteProcessMemory(hProcess, mobbma+&H2132C, @mobsize, 4, NULL)

DIM ItemMesh AS STRING*10
DIM NewItemMesh AS STRING*14
Dim ItemBMA As DWORD
NewItemMesh="tro_a_gold.r3s"

While ItemMesh <> "acc000.r3s"
  ReadProcessMemory(hProcess, &H0093DB34, @ItemBMA, 4, NULL)
  ReadProcessMemory(hProcess, ItemBMA+&H1688F8, @ItemMesh, 10, NULL)
Wend

WriteProcessMemory(hProcess, ItemBMA+&H1688F8, @NewItemMesh, 14, NULL)

? "Waiting for login..."

Dim shopBMA As Integer
Dim shopREP As Integer
Dim shopREPALL As Integer
Dim shopMETALS As Integer

Dim CharBMA As Integer
Dim tpBMA As Integer

Dim f As Integer
Dim Zero As Byte = 0
Dim One As Byte = 1
Dim tpX As float
Dim tpY As float
Dim tpZ As float
Dim NPCx As float
Dim NPCy As float
Dim NPCz As float
Dim NPCa As float
Dim PCx As float
Dim PCy As float
Dim PCz As float
Dim PCa As float
DIM NPCname AS STRING*4
Dim NPCvac2(0 To 50) As DWORD
DIM NPCarray(1 TO 1024) AS DWORD
Dim tmp0 As UBYTE
Dim ExitCode As DWORD
Dim VAC As UBYTE
Dim VAC1 As UBYTE
Dim VAC2 As UBYTE
Dim FLY As UBYTE
Dim NPCPTR As DWORD
Dim NPCCOUNT As DWORD
Dim NPCDATA As DWORD
Dim NPCLOCPTR As DWORD

WHILE shopBMA = 0
   SLEEP 10
   GetExitCodeProcess(hProcess, @ExitCode)
   IF ExitCode <> STILL_ACTIVE THEN END
   ReadProcessMemory(hProcess, &H008B47E8, @shopBMA, 4, NULL)
WEND

SLEEP 2000
ReadProcessMemory(hProcess, &H008B47E8, @shopBMA, 4, NULL)

Dim vaultBMA As Integer
ReadProcessMemory(hProcess, &H008B47F4, @vaultBMA, 4, NULL)

Dim inventoryBMA As Integer
ReadProcessMemory(hProcess, &H006A07D4, @inventoryBMA, 4, NULL)

Dim blacksmithBMA As Integer
ReadProcessMemory(hProcess, &H0069EBFC, @blacksmithBMA, 4, NULL)

Dim restatBMA As Integer
ReadProcessMemory(hProcess, &H006A0D24, @restatBMA, 4, NULL)

Dim metal2moneyBMA As Integer
ReadProcessMemory(hProcess, &H0069E740, @metal2moneyBMA, 4, NULL)

CLS
? "This window will close when RYL closes"
?
? "Press F1 to open the shop"
? "Press F2 to open the vault"
? "Press F3 to open the blacksmith"
?
? "Press F4 to toggle fly (freezes z coordinate so you are in the air)"
? "This is so you remain hidden whilst using the vacuum hack"
?
? "Press F5 to toggle Monster Vacuum Hack"
? "This moves any enemy NPC near you to your location"
?
? "Press F6 to toggle Akkan Vacuum Hack"
? "This moves any Akkan near you to your location"
?
? "Press F7 to toggle Human Vacuum Hack"
? "This moves any Human near you to your location"
?
? "Hold F8 then press a number key (1 to 9) to set a teleport point"
? "Hold F9 then press a number key (1 to 9) to go to a teleport point"
? "Teleport points are saved so you can use them next time you run RYL"

WHILE ExitCode = STILL_ACTIVE
SLEEP 10 'dont be a cpu hog

GetExitCodeProcess(hProcess, @ExitCode)

IF GetAsyncKeyState(VK_F1) THEN
    ReadProcessMemory(hProcess, shopBMA+332, @shopREP, 4, NULL)
    ReadProcessMemory(hProcess, shopBMA+336, @shopREPALL, 4, NULL)
    ReadProcessMemory(hProcess, shopBMA+340, @shopMETALS, 4, NULL)
    WriteProcessMemory(hProcess, shopREP+20, @One, 1, NULL)
    WriteProcessMemory(hProcess, shopREPALL+20, @One, 1, NULL)
    WriteProcessMemory(hProcess, shopMETALS+20, @Zero, 1, NULL)
    WriteProcessMemory(hProcess, shopBMA+20, @One, 1, NULL)
    WriteProcessMemory(hProcess, inventoryBMA+20, @One, 1, NULL)
END IF

IF GetAsyncKeyState(VK_F2) THEN
    WriteProcessMemory(hProcess, vaultBMA+20, @One, 1, NULL)
END IF
IF GetAsyncKeyState(VK_F3) THEN
    WriteProcessMemory(hProcess, blacksmithBMA+20, @One, 1, NULL)
END IF

IF GetAsyncKeyState(VK_F8) THEN
    FOR f=1 TO 10
        IF GetAsyncKeyState(&H30+f) THEN EXIT FOR
    NEXT
    IF f < 10 THEN
        ReadProcessMemory(hProcess, &H0069F348, @CharBMA, 4, NULL)
        ReadProcessMemory(hProcess, CharBMA, @tpBMA, 4, NULL)
        ReadProcessMemory(hProcess, tpBMA+28, @tpX, 4, NULL)
        ReadProcessMemory(hProcess, tpBMA+36, @tpY, 4, NULL)
        ReadProcessMemory(hProcess, tpBMA+32, @tpZ, 4, NULL)
        OPEN mid(chr(1)+"tp.dat",2,6) FOR BINARY AS #1
        PUT #1,((f-1)*12)+1,tpX
        PUT #1,((f-1)*12)+5,tpY
        PUT #1,((f-1)*12)+9,tpZ
        CLOSE #1
        WHILE GetAsyncKeyState(VK_F9):WEND
    END IF
END IF

IF GetAsyncKeyState(VK_F9) THEN
    FOR f=1 TO 10
        IF GetAsyncKeyState(&H30+f) THEN EXIT FOR
    NEXT
    IF f < 10 THEN 
        OPEN mid(chr(1)+"tp.dat",2,6) FOR BINARY AS #1
        GET #1,((f-1)*12)+1,tpX
        GET #1,((f-1)*12)+5,tpY
        GET #1,((f-1)*12)+9,tpZ
        CLOSE #1
        IF tpX<>0 THEN
            ReadProcessMemory(hProcess, &H0069F348, @CharBMA, 4, NULL)
            ReadProcessMemory(hProcess, CharBMA, @tpBMA, 4, NULL)
            WriteProcessMemory(hProcess, tpBMA+28, @tpX, 4, NULL)
            WriteProcessMemory(hProcess, tpBMA+36, @tpY, 4, NULL)
            WriteProcessMemory(hProcess, tpBMA+32, @tpZ, 4, NULL)
        END IF
        WHILE GetAsyncKeyState(VK_F9):WEND
    END IF
END IF

IF GetAsyncKeyState(VK_F5) THEN
    VAC=1-VAC
    WHILE GetAsyncKeyState(VK_F5):WEND
END IF
IF GetAsyncKeyState(VK_F6) THEN
    VAC1=1-VAC1
    WHILE GetAsyncKeyState(VK_F6):WEND
END IF
IF GetAsyncKeyState(VK_F7) THEN
    VAC2=1-VAC2
    WHILE GetAsyncKeyState(VK_F7):WEND
END IF
IF GetAsyncKeyState(VK_F4) THEN
    FLY=1-FLY
    WHILE GetAsyncKeyState(VK_F4):WEND
END IF

IF FLY=1 THEN
    NPCz=30000
    ReadProcessMemory(hProcess, &H0069F348, @CharBMA, 4, NULL)
    ReadProcessMemory(hProcess, CharBMA, @tpBMA, 4, NULL)
    WriteProcessMemory(hProcess, tpBMA+32, @NPCz, 4, NULL)
END IF

IF VAC=1 THEN

    ReadProcessMemory(hProcess, &H0069F340, @NPCCOUNT, 4, NULL)
    ReadProcessMemory(hProcess, &H0069F33C, @NPCPTR, 4, NULL)
    FOR f=0 TO NPCCOUNT
        ReadProcessMemory(hProcess, NPCPTR+(f*4), @NPCDATA, 4, NULL)
        ReadProcessMemory(hProcess, NPCDATA+12, @NPCLOCPTR, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+28, @NPCx, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+36, @NPCy, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+32, @NPCz, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+52, @NPCa, 4, NULL)
        ReadProcessMemory(hProcess, NPCDATA+16, @NPCname, 4, NULL)
        IF f=0 THEN
            PCx=NPCx
            PCy=NPCy
            PCz=NPCz
            PCa=NPCa
        ELSE
            IF UCASE(NPCname) = mid(chr(1)+"MON_",2,4) THEN
                NPCx=PCx-(SIN(PCa)*200)
                NPCy=PCy-(COS(PCa)*200)
                NPCz=PCz
                WriteProcessMemory(hProcess, NPCLOCPTR+28, @NPCx, 4, NULL)
                WriteProcessMemory(hProcess, NPCLOCPTR+36, @NPCy, 4, NULL)
                WriteProcessMemory(hProcess, NPCLOCPTR+32, @NPCz, 4, NULL)
            END IF
        END IF
    NEXT
END IF

IF VAC1=1 THEN
    ReadProcessMemory(hProcess, &H0069F340, @NPCCOUNT, 4, NULL)
    ReadProcessMemory(hProcess, &H0069F33C, @NPCPTR, 4, NULL)
    FOR f=0 TO NPCCOUNT
        ReadProcessMemory(hProcess, NPCPTR+(f*4), @NPCDATA, 4, NULL)
        ReadProcessMemory(hProcess, NPCDATA+12, @NPCLOCPTR, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+28, @NPCx, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+36, @NPCy, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+32, @NPCz, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+52, @NPCa, 4, NULL)
        ReadProcessMemory(hProcess, NPCDATA+16, @NPCname, 6, NULL)
        IF f=0 THEN
            PCx=NPCx
            PCy=NPCy
            PCz=NPCz
            PCa=NPCa
        ELSE
            IF UCASE(NPCname) = mid(chr(1)+"PC_A",2,4) THEN
                NPCx=PCx-(SIN(PCa)*200)
                NPCy=PCy-(COS(PCa)*200)
                NPCz=PCz
                WriteProcessMemory(hProcess, NPCLOCPTR+28, @NPCx, 4, NULL)
                WriteProcessMemory(hProcess, NPCLOCPTR+36, @NPCy, 4, NULL)
                WriteProcessMemory(hProcess, NPCLOCPTR+32, @NPCz, 4, NULL)
            END IF
        END IF
    NEXT
END IF

IF VAC2=1 THEN
    ReadProcessMemory(hProcess, &H0069F340, @NPCCOUNT, 4, NULL)
    ReadProcessMemory(hProcess, &H0069F33C, @NPCPTR, 4, NULL)
    FOR f=0 TO NPCCOUNT
        ReadProcessMemory(hProcess, NPCPTR+(f*4), @NPCDATA, 4, NULL)
        ReadProcessMemory(hProcess, NPCDATA+12, @NPCLOCPTR, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+28, @NPCx, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+36, @NPCy, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+32, @NPCz, 4, NULL)
        ReadProcessMemory(hProcess, NPCLOCPTR+52, @NPCa, 4, NULL)
        ReadProcessMemory(hProcess, NPCDATA+16, @NPCname, 6, NULL)
        IF f=0 THEN
            PCx=NPCx
            PCy=NPCy
            PCz=NPCz
            PCa=NPCa
        ELSE
        IF UCASE(NPCname) = mid(chr(1)+"PC_M",2,4) THEN
            NPCx=PCx-(SIN(PCa)*200)
            NPCy=PCy-(COS(PCa)*200)
            NPCz=PCz
            WriteProcessMemory(hProcess, NPCLOCPTR+28, @NPCx, 4, NULL)
            WriteProcessMemory(hProcess, NPCLOCPTR+36, @NPCy, 4, NULL)
            WriteProcessMemory(hProcess, NPCLOCPTR+32, @NPCz, 4, NULL)
        END IF
        IF UCASE(NPCname) = mid(chr(1)+"PC_W",2,4) THEN
            NPCx=PCx-(SIN(PCa)*200)
            NPCy=PCy-(COS(PCa)*200)
            NPCz=PCz
            WriteProcessMemory(hProcess, NPCLOCPTR+28, @NPCx, 4, NULL)
            WriteProcessMemory(hProcess, NPCLOCPTR+36, @NPCy, 4, NULL)
            WriteProcessMemory(hProcess, NPCLOCPTR+32, @NPCz, 4, NULL)
        END IF
    END IF
NEXT
END IF
WEND
Top
counting_pine
Site Admin
Posts: 6323
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Post by counting_pine »

Where did your code come from? There are a few syntax anomalies that prevent it compiling in FB, i.e. "End While" and "Byval ThreadIds()".

I haven't looked too deeply into the code, but one thing I notice is, you're dimming arrays from 1 to 256, but trying to pass the address of the 0th element, which doesn't exist. It looks like the code expects 1-based arrays, so the easiest fix for it is to pass the address of the 1st element instead.
Top
perfecticus
Posts: 2
Joined: Aug 31, 2009 20:08

Post by perfecticus »

Alright thank you.

It was a friend of mine who made it a while back, so changes in the language has probably been made, for example concerning WEND/end while.

I've got it to compile, but not fully working.
It now exceeds my programming knowledge, when it comes to 'foreign' languages.
Top
notthecheatr
Posts: 1759
Joined: May 23, 2007 21:52
Location: Cut Bank, MT
Contact:
Contact notthecheatr

Post by notthecheatr »

What is it supposed to do, and on what point does it fail to do that?
Top
counting_pine
Site Admin
Posts: 6323
Joined: Jul 05, 2005 17:32
Location: Manchester, Lancs

Post by counting_pine »

I don't really understand how it works, but it looks like it might be a game trainer (i.e. a program to cheat in a game by changing bytes in its memory whle it runs).


This version has been changed since the last thread ( www.freebasic.net/forum/viewtopic.php?t=14421 ). Apart from whitespace, the main changes seem to be that all the parameters are now passed Byval, and that Wend has been changed to End While.

Regarding Byval - you should remove it from the array parameter because Byval/Byref aren't allowed for arrays. I also suggest passing Strings Byref instead of Byval. The reasons are complicated and unintuitive, but if you want to know you can check www.freebasic.net/wiki/KeyPgByval for a more thorough explanation.

Regarding End While - it doesn't work, and I don't think it ever has, so just change it back to Wend.

I don't know what things like Mid(Chr(1)+"tp.dat",2,6) are supposed to do - it seems a very roundabout way of just saying saying "tp.dat".
Top
notthecheatr
Posts: 1759
Joined: May 23, 2007 21:52
Location: Cut Bank, MT
Contact:
Contact notthecheatr

Post by notthecheatr »

Cool. I wonder if this is the first time anyone's ever used FreeBASIC to try to cheat in an MMORPG? Now I want this program to work =P
counting_pine wrote: I don't know what things like Mid(Chr(1)+"tp.dat",2,6) are supposed to do - it seems a very roundabout way of just saying saying "tp.dat".
o_O Why on earth would they do that?
Top
AGS
Posts: 1284
Joined: Sep 25, 2007 0:26
Location: the Netherlands

Post by AGS »

The code has a link in it to snoxd.net On that site there is a link to snoxd hacking (reverse engineering, programming). The patch is supposed to take out gameguard, the (found the next line of text on the net):
anti-hacking solution that acts like a rootkit, included with many popular online games like: crossfire, Gunz, soldier front, etc
'Acts like a rootkit'. That's 'nice', you play a game and the root gets kitted.

This is what the company producing the virus, sorry, 'gameguard' have to say about it:
Online game has become a popular form of entertainment with a solid base. However, defined rules in game system are being violated by those who have ill intention of using personal account by hacking and game hack based-foul play.
INCA Internet Co, Ltd., has been providing diagnosis and blocking services against these malicious codes.
Basing on client's demand and KNOW-HOW in game security techniques, INCA Internet Co, Ltd., has brought a new concept of security solution that has hacking block system: nProtect GameGuard
nProtect GameGuard is a game security program that can defend from game hack or hacking attempt at client end.
Chances are the people producing gameguard have changed their rootkit thingy since the release of the FB source code presented. So just updating the source code so it will compile again might not do the trick (the patch most likely will not work any more?).

And the source code is soooo nice and hackish. I'm seeing magic numbers (&H004B53BD, "E9F900000090",&H0093DB18,&H0093DB34 etc... ), WriteProcessMemory, patchopcode. Nice!

Patching an opcode is actually very useful for setting breakpoints (debugging). And for hacking purposes. But me thinks hacking is illegal and we should not be discussing that (on a public forum). No, we will have nothing to do with hacking.

But getting the source code to compile is a different matter altogether (getting code to compile has nothing to do with hacking). Too bad I can't test the code to see if it does what it should do (don't have gameguard on my PC).
Top
Post Reply

Return to “General”