flat assembler
Message board for the users of flat assembler.

Index > Windows > NewBie migrating from MASM...

Goto page Previous  1, 2
Author
Thread Post new topic Reply to topic
Zani



Joined: 26 Mar 2005
Posts: 21
Zani
it compiled removing invoke..... but it crashes when try to write... dont know why....when the game is not running it does no crach just display the erro msg for OpenProcess error.... but when it found the process...it crashs....
Post 27 Mar 2005, 02:10
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Zani



Joined: 26 Mar 2005
Posts: 21
Zani
If it helps heres the working MASM code:


Code:
Adciona Proc lpWndCap: DWORD, lpBaseAddress: DWORD, lpBuffer: DWORD, nToAdd: DWORD

        invoke  FindWindowExA,0,0,0,lpWndCap                
        invoke  GetWindowThreadProcessId,eax,addr Dummy     
                                                            
        invoke  OpenProcess,PROCESS_ALL_ACCESS,FALSE,Dummy
        mov     hProcess,eax                               
        .IF     eax==FALSE
            invoke  MessageBoxA,0,addr Err_open,addr AppName,MB_ICONWARNING
            ret
        .endif        
        
        
        
                                                          
        invoke  ReadProcessMemory,eax,lpBaseAddress,lpBuffer,4,addr Dummy
        
        .IF     eax==FALSE
            invoke  MessageBoxA,0,addr Err_Read,addr AppName,MB_ICONWARNING
        .endif
        
        mov     ecx,nToAdd                                  
        mov     ebx,dword ptr [lpBuffer]                   
        add     dword ptr [ebx],ecx                       

                                                          
        invoke  WriteProcessMemory,hProcess,lpBaseAddress,lpBuffer,4,ADDR Dummy
        .IF     eax==FALSE
            invoke  MessageBoxA,0,addr Err_patch,addr AppName,MB_ICONWARNING
        .endif

        invoke  CloseHandle,hProcess                       
        ret

Adciona endp
    
Post 27 Mar 2005, 02:13
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Zani



Joined: 26 Mar 2005
Posts: 21
Zani
Well.... the error is here:

Code:
 invoke  ReadProcessMemory,eax,[lpBaseAddress],[lpBuffer],4,[dummy]
    


the code execute fine and do everything it should .... but when it got here it crashs a fatal error sayng:

The memory could not be "written"

i believe that theres a problem with the lpBuffer variable... but im not sure.......

Any help is welcome

Tnx in advance....
Post 27 Mar 2005, 03:33
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Zani



Joined: 26 Mar 2005
Posts: 21
Zani
Here is the full source :
Code:

; Template for simple game trainers
; MASM specific source 28/05/2001 By Zani

format PE GUI 4.0
entry start

include 'win32a.inc'

section '.data' data readable writeable

  _title db 'BroodWar 1.08 Trainer - By Zanis',0
  _class db 'ZanisFASMTrainer',0

  _bclass db 'BUTTON',0
  _binfo db 'Info',0
  _bbout db 'About',0


   dbug db 'dbug',0

   WndCap  db "Brood War",0

   Err_patch   db "Sorry im not able to write into the process...",0
   Err_open    db "I cant find the process make sure the game is running.",0
   Err_Read    db "Sorry im not able to read from the process...",0

   nfo   db "Use:",0ah
         db "=========================",0ah
         db "Press the respective function key to your",0ah
         db "player number.",0ah
         db " ",0ah
         db "eg.",0ah
         db "To give 5k of Mineral and Gas to player 1",0ah
         db "press F1, to player 2 use F2 and so on...",0ah
         db "=========================",0ah
         db "This trainer was written to be used on 4x4",0ah
         db "games on The Hunters and may not work",0ah
         db "with other type/map.",0ah
          db "=========================",0ah
         db "Dont use this to cheat on BNET or it will",0ah
         db "crash the game...enjoy!",0

   about db "BroodWar 1.08 Trainer - MultiPlayer",0ah
         db "======================",0ah
         db "100% ASM  = Simple + Small + Fast",0ah
         db " ",0ah
         db "            Dont like it?Bite Me!",0ah
         db " ",0ah
         db "                                              By Zani",0

  hProcess    dd  0
  mainhwnd dd ?
  hinstance dd ?

  dummy dd 0
  buffer dd 0

  bid dd ?
  b2id dd ?

  msg MSG
  wc WNDCLASS

section '.code' code readable executable

  start:

        invoke  GetModuleHandle,0
        mov     [hinstance],eax
        invoke  LoadIcon,0,IDI_APPLICATION
        mov     [wc.hIcon],eax
        invoke  LoadCursor,0,IDC_ARROW
        mov     [wc.hCursor],eax
        mov     [wc.style],0
        mov     [wc.lpfnWndProc],WindowProc
        mov     [wc.cbClsExtra],0
        mov     [wc.cbWndExtra],0
        mov     eax,[hinstance]
        mov     [wc.hInstance],eax
        mov     [wc.hbrBackground],COLOR_BTNFACE+1
        mov     [wc.lpszMenuName],0
        mov     [wc.lpszClassName],_class
        invoke  RegisterClass,wc

        invoke  CreateWindowEx,0,_class,_title,WS_VISIBLE+WS_MINIMIZEBOX + WS_SYSMENU,CW_USEDEFAULT,CW_USEDEFAULT,220,60,NULL,NULL,[hinstance],NULL
        mov     [mainhwnd],eax

        invoke CreateWindowEx,0,_bclass,_binfo, WS_VISIBLE + WS_CHILD, 5, 5, 100, 20,[mainhwnd], NULL,[hinstance], NULL
        mov [bid],eax

        invoke CreateWindowEx,0,_bclass,_bbout, WS_VISIBLE + WS_CHILD, 110, 5, 100, 20,[mainhwnd], NULL,[hinstance], NULL
        mov [b2id],eax

        invoke  SetTimer,[mainhwnd],123,500,NULL

  msg_loop:
        invoke  GetMessage,msg,NULL,0,0
        or      eax,eax
        jz      end_loop
        invoke  TranslateMessage,msg
        invoke  DispatchMessage,msg
        jmp     msg_loop

  end_loop:
        invoke  ExitProcess,[msg.wParam]

proc WindowProc, hwnd,wmsg,wparam,lparam
        push    ebx esi edi
        cmp     [wmsg],WM_DESTROY
        je      wmdestroy
        cmp     [wmsg],WM_COMMAND
        je     wmcommand
        cmp     [wmsg],WM_TIMER
        je     wmtimer

defwndproc:
        invoke  DefWindowProc,[hwnd],[wmsg],[wparam],[lparam]
        jmp     finish

wmcommand:

        mov eax,[lparam]
        cmp eax,[bid]
        je  info_click
        cmp eax,[b2id]
        je  bout_click
        jmp finish

  info_click:
        invoke  MessageBox,0,nfo,_title,MB_ICONINFORMATION
        jmp finish
  bout_click:
        invoke  MessageBox,0,about,_title,MB_ICONINFORMATION
        jmp finish

wmtimer:

invoke   GetAsyncKeyState,VK_F1
cmp eax,1
je F1_Press
invoke   GetAsyncKeyState,VK_F2
cmp eax,1
je F2_Press
invoke   GetAsyncKeyState,VK_F3
cmp eax,1
je F3_Press
invoke   GetAsyncKeyState,VK_F4
cmp eax,1
je F4_Press
invoke   GetAsyncKeyState,VK_F5
cmp eax,1
je F5_Press
invoke   GetAsyncKeyState,VK_F6
cmp eax,1
je F6_Press
invoke   GetAsyncKeyState,VK_F7
cmp eax,1
je F7_Press
invoke   GetAsyncKeyState,VK_F8
cmp eax,1
je F8_Press
jmp finish

  F1_Press:
  push 5000
  push buffer
  push 508718h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508748h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508748h,buffer,5000
  jmp finish

  F2_Press:
  push 5000
  push buffer
  push 50871Ch
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 50874Ch
  push WndCap
  call addval
  jmp finish
  ;invoke  addval,WndCap,508748h,buffer,5000

  F3_Press:
  push 5000
  push buffer
  push 508720h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508750h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508748h,buffer,5000
  jmp finish

  F4_Press:
  push 5000
  push buffer
  push 508724h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508724h
  push WndCap
  call addval
  jmp finish
  ;invoke  addval,WndCap,508748h,buffer,5000

  F5_Press:
  push 5000
  push buffer
  push 508728h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508758h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508748h,buffer,5000
  jmp finish

  F6_Press:
  push 5000
  push buffer
  push 50872Ch
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 50875Ch
  push WndCap
  call addval
  jmp finish
  ;invoke  addval,WndCap,508748h,buffer,5000

  F7_Press:
  push 5000
  push buffer
  push 508730h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508760h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508748h,buffer,5000
  jmp finish

  F8_Press:
  push 5000
  push buffer
  push 508734h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508764h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508748h,buffer,5000
  jmp finish




wmdestroy:
        invoke  PostQuitMessage,0
        xor     eax,eax
finish:
        pop     edi esi ebx
        return
endp


proc addval,lpWndCap,lpBaseAddress,lpBuffer,nToAdd

        invoke  FindWindow,0,[lpWndCap]
        invoke  GetWindowThreadProcessId,eax,dummy

        invoke  OpenProcess,PROCESS_ALL_ACCESS,FALSE,[dummy]
        mov     [hProcess],eax
        cmp  eax,0
        je err_open

        invoke  ReadProcessMemory,eax,[lpBaseAddress],[lpBuffer],4,[dummy]
        cmp  eax,0
        je err_read


        mov     ecx,[nToAdd]
        lea     ebx,[lpBuffer]
        add     [ebx],ecx


        invoke  WriteProcessMemory,[hProcess],[lpBaseAddress],[lpBuffer],4,[dummy]
        cmp  eax,0
        je err_write

        invoke  CloseHandle,[hProcess]
        err_read:
        invoke  MessageBox,0,Err_Read,_title,MB_ICONERROR
        jmp fim
        err_write:
        invoke  MessageBox,0,Err_patch,_title,MB_ICONERROR
        jmp fim
        err_open:
        invoke  MessageBox,0,Err_open,_title,MB_ICONERROR
        fim:
        return

endp



section '.idata' import data readable writeable

  library kernel32,'KERNEL32.DLL',\
          user32,'USER32.DLL'

  include 'apia\kernel32.inc'
  include 'apia\user32.inc'
    


tnx...
Post 27 Mar 2005, 03:50
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: usa
coconut
zani see this example on a keyboard hook for nt/xp systems, it may prove more efficient than a timer: http://board.flatassembler.net/topic.php?t=1670

i think theres a couple problems looking at the masm source, ill try to correct them as best as i can
Post 27 Mar 2005, 04:22
View user's profile Send private message Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: usa
coconut
ok here it is, i cannot work around the push/call convention with invoke i dont know how. also i cannot get it to compile with the window caption as a parameter to the addval function, simply hardcore the caption as i did with _notepad. i believe this is a correct translation of the masm source you provided, i would appreciate if anyone seeing this can point out any errors. the main confusing thing for me is the adding part, masm uses the dword ptr [ebx], which i think is simply ebx in fasm syntax:

Code:

; Template for program using standard Win32 headers

format PE GUI 4.0
entry start

include '%fasminc%\win32a.inc'

section '.data' data readable writeable

  _title db 'Win32 program template',0
  _class db 'FASMWIN32',0

  mainhwnd dd ?
  hinstance dd ?

  buffer dd ?
  pid dd ?
  hprocess dd ?

  _notepad db 'Untitled - Notepad',0
  _no_window db 'window not found',0
  _no_pid db 'process id error',0
  _err_open db 'open error',0
  _err_read db 'read error',0
  _err_write db 'write error',0
  _success db 'success',0


  msg MSG
  wc WNDCLASS

section '.code' code readable executable

  start:
        invoke  GetModuleHandle,0
        mov     [hinstance],eax
        invoke  LoadIcon,0,IDI_APPLICATION
        mov     [wc.hIcon],eax
        invoke  LoadCursor,0,IDC_ARROW
        mov     [wc.hCursor],eax
        mov     [wc.style],0
        mov     [wc.lpfnWndProc],WindowProc
        mov     [wc.cbClsExtra],0
        mov     [wc.cbWndExtra],0
        mov     eax,[hinstance]
        mov     [wc.hInstance],eax
        mov     [wc.hbrBackground],COLOR_BTNFACE+1
        mov     [wc.lpszMenuName],0
        mov     [wc.lpszClassName],_class
        invoke  RegisterClass,wc
        invoke  CreateWindowEx,0,_class,_title,WS_VISIBLE+WS_DLGFRAME+WS_SYSMENU,128,128,192,192,NULL,NULL,[hinstance],NULL
        mov     [mainhwnd],eax
  msg_loop:
        invoke  GetMessage,msg,NULL,0,0
        or      eax,eax
        jz      end_loop
        invoke  TranslateMessage,msg
        invoke  DispatchMessage,msg
        jmp     msg_loop
  end_loop:
        invoke  ExitProcess,[msg.wParam]

proc WindowProc, hwnd,wmsg,wparam,lparam
        push    ebx esi edi
        cmp     [wmsg],WM_DESTROY
        je      wmdestroy
        cmp     [wmsg],WM_CREATE
        je      wmcreate
  defwndproc:
        invoke  DefWindowProc,[hwnd],[wmsg],[wparam],[lparam]
        jmp     finish
  wmdestroy:
        invoke  PostQuitMessage,0
        xor     eax,eax
        jmp     finish
  wmcreate:
        push     50
        push     buffer            ;push   [buffer]  ????
        push     4871h
        call     addval
        xor      eax,eax
  finish:
        pop     edi esi ebx
        return
endp

proc addval,baseaddr,temp,addend
        invoke   FindWindow,0,_notepad
        push    eax
        or      eax,eax
        jz      .window_not_found
        pop     eax
        invoke  GetWindowThreadProcessId,eax,pid
        or      eax,eax
        jz      .no_pid
        invoke  OpenProcess,PROCESS_ALL_ACCESS,0,[pid]
        mov     [hprocess],eax
        or      eax,eax
        jz      .err_open
        invoke  ReadProcessMemory,[hprocess],[baseaddr],[temp],4,pid
        or      eax,eax
        jz      .err_read
        mov     ecx,[addend]
        mov     ebx,[temp]
        add     ebx,[ecx]
        invoke  WriteProcessMemory,[hprocess],[baseaddr],[temp],4,pid
        or      eax,eax
        jz      .err_write
        invoke  CloseHandle,[hprocess]
        invoke  MessageBox,0,_success,_success,0
        jmp     .done
  .window_not_found:
        invoke  MessageBox,0,_no_window,_no_window,0
        jmp     .done
  .no_pid:
        invoke  MessageBox,0,_no_pid,_no_pid,0
        jmp     .done
  .err_open:
        invoke  MessageBox,0,_err_open,_err_open,0
        jmp     .done
  .err_read:
        invoke  MessageBox,0,_err_read,_err_read,0
        jmp     .done
  .err_write:
        invoke  MessageBox,0,_err_write,_err_write,0
  .done:
        return
endp

section '.idata' import data readable writeable

  library kernel32,'KERNEL32.DLL',\
          user32,'USER32.DLL'

  include '%fasminc%\apia\kernel32.inc'
  include '%fasminc%\apia\user32.inc'
    
Post 27 Mar 2005, 04:53
View user's profile Send private message Reply with quote
JohnFound



Joined: 16 Jun 2003
Posts: 3500
Location: Bulgaria
JohnFound
coconut wrote:
Code:
        push     50
        push     buffer            ;push   [buffer]  ????
        push     4871h
        call     addval
    


At first you can use "stdcall" instead of "push, call". It will be more consistent with using "invoke" for external functions. Also, the right syntax is [buffer], because visibly "buffer" is the variable keeping the address of the area we want to write:
Code:
stdcall addval, 4871h, [buffer], 50
    


Also, you should initialize the value in [buffer] somewhere in the code, because now it will be 0.

Regards
Post 27 Mar 2005, 07:36
View user's profile Send private message Visit poster's website ICQ Number Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: usa
coconut
thanks john, id completely overlooked stdcall
Post 27 Mar 2005, 14:20
View user's profile Send private message Reply with quote
Zani



Joined: 26 Mar 2005
Posts: 21
Zani
I have rewritten some parts of the code and now it is working as expected ... here is the working code:

Code:

; Template for simple game trainers
; MASM specific source 28/05/2001 By Zani

format PE GUI 4.0
entry start

include 'win32a.inc'

section '.data' data readable writeable

  _title db 'BroodWar 1.08 Trainer - By Zanis',0
  _class db 'ZanisFASMTrainer',0

  _bclass db 'BUTTON',0
  _binfo db 'Info',0
  _bbout db 'About',0


   dbug db 'dbug',0

   WndCap  db "Brood War",0

   Err_patch   db "Sorry im not able to write into the process...",0
   Err_open    db "I cant find the process make sure the game is running.",0
   Err_Read    db "Sorry im not able to read from the process...",0

   nfo   db "Use:",0ah
         db "=========================",0ah
         db "Press the respective function key to your",0ah
         db "player number.",0ah
         db " ",0ah
         db "eg.",0ah
         db "To give 5k of Mineral and Gas to player 1",0ah
         db "press F1, to player 2 use F2 and so on...",0ah
         db "=========================",0ah
         db "This trainer was written to be used on 4x4",0ah
         db "games on The Hunters and may not work",0ah
         db "with other type/map.",0ah
          db "=========================",0ah
         db "Dont use this to cheat on BNET or it will",0ah
         db "crash the game...enjoy!",0

   about db "BroodWar 1.08 Trainer - MultiPlayer",0ah
         db "======================",0ah
         db "100% ASM  = Simple + Small + Fast",0ah
         db " ",0ah
         db "            Dont like it?Bite Me!",0ah
         db " ",0ah
         db "                                              By Zani",0

  hProcess    dd  0
  mainhwnd dd ?
  hinstance dd ?

  dummy dd 0
  buffer rd 4

  bid dd ?
  b2id dd ?

  msg MSG
  wc WNDCLASS

section '.code' code readable executable

  start:

        invoke  GetModuleHandle,0
        mov     [hinstance],eax
        invoke  LoadIcon,0,IDI_APPLICATION
        mov     [wc.hIcon],eax
        invoke  LoadCursor,0,IDC_ARROW
        mov     [wc.hCursor],eax
        mov     [wc.style],0
        mov     [wc.lpfnWndProc],WindowProc
        mov     [wc.cbClsExtra],0
        mov     [wc.cbWndExtra],0
        mov     eax,[hinstance]
        mov     [wc.hInstance],eax
        mov     [wc.hbrBackground],COLOR_BTNFACE+1
        mov     [wc.lpszMenuName],0
        mov     [wc.lpszClassName],_class
        invoke  RegisterClass,wc

        invoke  CreateWindowEx,0,_class,_title,WS_VISIBLE+WS_MINIMIZEBOX + WS_SYSMENU,CW_USEDEFAULT,CW_USEDEFAULT,220,60,NULL,NULL,[hinstance],NULL
        mov     [mainhwnd],eax

        invoke CreateWindowEx,0,_bclass,_binfo, WS_VISIBLE + WS_CHILD, 5, 5, 100, 20,[mainhwnd], NULL,[hinstance], NULL
        mov [bid],eax

        invoke CreateWindowEx,0,_bclass,_bbout, WS_VISIBLE + WS_CHILD, 110, 5, 100, 20,[mainhwnd], NULL,[hinstance], NULL
        mov [b2id],eax

        invoke  SetTimer,[mainhwnd],123,500,NULL

  msg_loop:
        invoke  GetMessage,msg,NULL,0,0
        or      eax,eax
        jz      end_loop
        invoke  TranslateMessage,msg
        invoke  DispatchMessage,msg
        jmp     msg_loop

  end_loop:
        invoke  ExitProcess,[msg.wParam]

proc WindowProc, hwnd,wmsg,wparam,lparam
        push    ebx esi edi
        cmp     [wmsg],WM_DESTROY
        je      wmdestroy
        cmp     [wmsg],WM_COMMAND
        je     wmcommand
        cmp     [wmsg],WM_TIMER
        je     wmtimer

defwndproc:
        invoke  DefWindowProc,[hwnd],[wmsg],[wparam],[lparam]
        jmp     finish

wmcommand:

        mov eax,[lparam]
        cmp eax,[bid]
        je  info_click
        cmp eax,[b2id]
        je  bout_click
        jmp finish

  info_click:
        invoke  MessageBox,0,nfo,_title,MB_ICONINFORMATION
        jmp finish
  bout_click:
        invoke  MessageBox,0,about,_title,MB_ICONINFORMATION
        jmp finish

wmtimer:

invoke   GetAsyncKeyState,VK_F1
cmp eax,1
je F1_Press
invoke   GetAsyncKeyState,VK_F2
cmp eax,1
je F2_Press
invoke   GetAsyncKeyState,VK_F3
cmp eax,1
je F3_Press
invoke   GetAsyncKeyState,VK_F4
cmp eax,1
je F4_Press
invoke   GetAsyncKeyState,VK_F5
cmp eax,1
je F5_Press
invoke   GetAsyncKeyState,VK_F6
cmp eax,1
je F6_Press
invoke   GetAsyncKeyState,VK_F7
cmp eax,1
je F7_Press
invoke   GetAsyncKeyState,VK_F8
cmp eax,1
je F8_Press
jmp finish

  F1_Press:
  push 5000
  push buffer
  push 508718h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508748h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508748h,buffer,5000
  jmp finish

  F2_Press:
  push 5000
  push buffer
  push 50871Ch
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 50874Ch
  push WndCap
  call addval
  jmp finish
  ;invoke  addval,WndCap,508748h,buffer,5000

  F3_Press:
  push 5000
  push buffer
  push 508720h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508750h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508748h,buffer,5000
  jmp finish

  F4_Press:
  push 5000
  push buffer
  push 508724h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508754h
  push WndCap
  call addval
  jmp finish
  ;invoke  addval,WndCap,508748h,buffer,5000

  F5_Press:
  push 5000
  push buffer
  push 508728h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508758h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508748h,buffer,5000
  jmp finish

  F6_Press:
  push 5000
  push buffer
  push 50872Ch
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 50875Ch
  push WndCap
  call addval
  jmp finish
  ;invoke  addval,WndCap,508748h,buffer,5000

  F7_Press:
  push 5000
  push buffer
  push 508730h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508760h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508748h,buffer,5000
  jmp finish

  F8_Press:
  push 5000
  push buffer
  push 508734h
  push WndCap
  call addval
  ;invoke  addval,WndCap,508718h,buffer,5000
  push 5000
  push buffer
  push 508764h
  push WndCap
  call addval

  ;invoke  addval,WndCap,508748h,buffer,5000
  jmp finish




wmdestroy:
        invoke  PostQuitMessage,0
        xor     eax,eax
finish:
        pop     edi esi ebx
        return
endp


proc addval,lpWndCap,lpBaseAddress,lpBuffer,nToAdd

        invoke  FindWindow,0,[lpWndCap]
        invoke  GetWindowThreadProcessId,eax,dummy

        invoke  OpenProcess,PROCESS_ALL_ACCESS,FALSE,[dummy]
        mov     [hProcess],eax
        cmp  eax,0
        je err_open

        invoke  ReadProcessMemory,eax,[lpBaseAddress],[lpBuffer],4,dummy
        cmp  eax,0
        je err_read


        mov     ecx,[nToAdd]
        mov     ebx,[lpBuffer]
        add     [ebx],ecx


        invoke  WriteProcessMemory,[hProcess],[lpBaseAddress],[lpBuffer],4,dummy
        cmp  eax,0
        je err_write

        invoke  CloseHandle,[hProcess]
        jmp fim
        err_read:
        invoke  MessageBox,0,Err_Read,_title,MB_ICONERROR
        jmp fim
        err_write:
        invoke  MessageBox,0,Err_patch,_title,MB_ICONERROR
        jmp fim
        err_open:
        invoke  MessageBox,0,Err_open,_title,MB_ICONERROR
        fim:
        return

endp



section '.idata' import data readable writeable

  library kernel32,'KERNEL32.DLL',\
          user32,'USER32.DLL'

  include 'apia\kernel32.inc'
  include 'apia\user32.inc'
    


tnx to everyone here ...mainly coconut who have helped a lot...

any comments and improvements are welcome...
Post 27 Mar 2005, 18:36
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: usa
coconut
your welcome zani, welcome to fasm and the boards
Post 28 Mar 2005, 00:34
View user's profile Send private message Reply with quote
coconut



Joined: 02 Apr 2004
Posts: 326
Location: usa
coconut
zani, i have rewritten the program using a keyboard hook to detect the key presses. this may be more effective than a simple timer and getasynckeystate. i cant test if the hook works on 9x systems. thanks to mike.dld for helping fix the hookproc function. let me know if it works


Description:
Download
Filename: TRAINER.ASM
Filesize: 6.33 KB
Downloaded: 85 Time(s)

Post 31 Mar 2005, 01:16
View user's profile Send private message Reply with quote
Zani



Joined: 26 Mar 2005
Posts: 21
Zani
Wow tnx mate the result is awesome... and yes it works on all windows i have tested including 98,95 ... and tnx for send me a msg telling me about this cause actually dont have enough time during week to mess around with ASM stuff... im system developer so i got lots of works to do and my deadlines are insane but on the weekends i will be here all the time....

Tnx again.
Post 31 Mar 2005, 14:16
View user's profile Send private message AIM Address Yahoo Messenger MSN Messenger ICQ Number Reply with quote
Display posts from previous:
Post new topic Reply to topic

Jump to:  
Goto page Previous  1, 2

< Last Thread | Next Thread >
Forum Rules:
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Copyright © 1999-2020, Tomasz Grysztar.

Powered by rwasa.