Tweet
[HELP]Apex Protect & Unable to write memory to game.
I recently started out on bypassing game security few weeks ago.Now i am stuck with this problem.Totally unable to write to memory.
*i don't wish to write my own driver.
Used virtual protect,doesnt change memory,hooked the NtProtectVirtualMemory using ms detour , game crashes.(Information i provided below does not hook NtProtectVirtualMemory)
I hooked the game launcher's createprocess and called my own function within that hooked function.If i avoid writing to memory , the game runs as normal with my own function of CreateProcess.
NtWriteVirtualMemory is also hooked , so i avoided changing memory with WPM and used memcpy , also because the game reboots itself,my handle returned by createprocess is of no use.When i write to memory,there is a crash report that comes out but the memory is not rewritten which means its probably overwritten by the game HOWEVER the game itself doesnt crash.(i exclude some addresses which i did not want to be virtualprotect by the game and as for the rest of the address outside the list,it will return original NtProtectVirtualMemory)
As you can see , i placed a GetLastError before memcpy / after virtual protect.It returns 57 or "The parameter is incorrect." which i have no idea why.Its the first "57" error recorded in my logged text file. Before that :
My code is rather messy and unorganised , but the general flow is below :
Hook CreateProcess in game launcher -> WaitForProcess() -> If process is running -> createthread -> Initialize my hack/cheat/etc.
For the first THREAD_DETACH(which is when i injected my dll into game launcher) i have no idea why it would return 998.
For the second THREAD_DETACH(which is before i createthread) i only called the function to check if game is running via window name
For PROCESS_DETACH ->The specified module could not be found. or 7e .the only module i tried to find was Kernel32, CreateProcessA which was meant for the game launcher.
Since i inject my dll into game launcher and then my FUNCTION get loaded through createprocess,does my DLL
reload itself also i thought it was only my function that was loaded and DLL_PROCESS_ATTACH would only happen once(at game launcher)
Any advice/suggestions please? Thanks in advance
*i don't wish to write my own driver.
Used virtual protect,doesnt change memory,hooked the NtProtectVirtualMemory using ms detour , game crashes.(Information i provided below does not hook NtProtectVirtualMemory)
I hooked the game launcher's createprocess and called my own function within that hooked function.If i avoid writing to memory , the game runs as normal with my own function of CreateProcess.
NtWriteVirtualMemory is also hooked , so i avoided changing memory with WPM and used memcpy , also because the game reboots itself,my handle returned by createprocess is of no use.When i write to memory,there is a crash report that comes out but the memory is not rewritten which means its probably overwritten by the game HOWEVER the game itself doesnt crash.(i exclude some addresses which i did not want to be virtualprotect by the game and as for the rest of the address outside the list,it will return original NtProtectVirtualMemory)
Code:
void copymemory(LPVOID lpMem,LPVOID lpSrc, size_t len)
{
DWORD oldP,oldP2;
VirtualProtect(lpMem,len,PAGE_EXECUTE_READWRITE,&oldP);
fs << "VP : " << GetLastError() << "\n";
memcpy(lpMem,lpSrc,len);
VirtualProtect(lpMem,len,oldP,&oldP2);
}
Code:
Log Started ! ... //Dll Main | Attached==== | //Dll Main At THREAD_DEATCH : 998 //Really not sure why this happens but still, it works. At THREAD_DEATCH : 0 ====Created Process ! . | 4892 //Process was created //Some handle value which i also logged was here but unnecessary i believe Before CreateThread : 998 VP : 57 | The parameter is incorrect. At THREAD_DEATCH : 0 At PROCESS_DETACH : 126 | Detached==== |
Hook CreateProcess in game launcher -> WaitForProcess() -> If process is running -> createthread -> Initialize my hack/cheat/etc.
For the first THREAD_DETACH(which is when i injected my dll into game launcher) i have no idea why it would return 998.
For the second THREAD_DETACH(which is before i createthread) i only called the function to check if game is running via window name
Code:
bool isRunning(LPCSTR pName)
{
HWND hwnd;
hwnd = FindWindow(NULL, pName);
if (hwnd != 0) {
return true;
} else {
return false;
}
}
Since i inject my dll into game launcher and then my FUNCTION get loaded through createprocess,does my DLL
reload itself also i thought it was only my function that was loaded and DLL_PROCESS_ATTACH would only happen once(at game launcher)
Any advice/suggestions please? Thanks in advance