16 replies to this topic

[kemicza]

Please do not spread this application to any other website. This is exclusive for members from this forum.

This application will scan a byte pattern through a certain process and module.
If it succeeds it will return the beginning address of the the given pattern and
the lenght of the given pattern.

USAGE/NOTE:
1) Select your process and press Set button
2) Select a DLL if needed
3) Enter your signature byte per byte seprated by a space.
4) Press the scan button and wait, result will show up and the lenght
of your pattern

Example:
The xlive memory bypass pattern (Found by Psych) is:
8B EC 83 EC 20 53 56 57 8D 45 E0 33 F6 50 FF 75 0C 8B F9

Writing these bytes into the Signature Pattern box will search for this pattern
through the selected process/module. If it succeeds it returns the address in memory
where this pattern starts. Also it will return the lenght of the given pattern.

Make sure you always write 2 numbers for every byte. Do not use a 0 in front of it
like: 0FF. Just a plain byte XY where x and y must be a hex number (0 TO F).


The Xlive button will try to patch the memory checks that xlive does. This does not
disable any debugging code, just the memory check. If you don't know what this is then
don't even use it. Make sure your game does use xlive, eventough I've implement checks
to not patch if the xlive.dll is not found.

The "No Module/Refresh" button will refresh the module's list. If you want to scan the
module of the EXE itself, then just press the button to make it blank. Blank means it
will scan from the base of the EXE itself.

Enjoy!


v1.0: 19:23 27/06/2010
-----------------------
No extra notes for this release, because it's the first one .

Attached Files

•  dvt-sgscn.rar   16.93K   154 downloads

[CJB]

Wow nice little snippet you got there. I will test it later on. To see how fast it is. Cause else the source code can be really handy for me to put it inside the trainers ^^

[kemicza]

This is actually a release without the source code. Just the application.

I would really appreciate if you could test it. Also try the xlive patcher, if it works.

Thanks

[CJB]

Just tested it. And guess what, as expected.. works like a charm

gimme gimme gimme

[kemicza]

You can implement this two ways in your trainer. One would be to inject a dll, and read the memory directly and use a scan function to search your signature. A second method is to just use ReadProcessMemory and compare your signature through this way.

But I failed many times trying to figure out a good and fast method. And I'm still not confident it will work 100%. There's always something that fails for some reason. I spent hours sometimes on a small bug, really frustrating. But hopefully it will work good enough now.

[CJB]

Yeah I know what you mean. I also managed to make a scanner. But I dont think 5 minutes for each signature is handy

[Bastiaan]

Yeah I know what you mean. I also managed to make a scanner. But I dont think 5 minutes for each signature is handy

Just an idea:
If the trainer is opened for the first time do a search and save what you found in a file.
When it's run again check if the bytes in the file are still in the same place (save the place too in the file).
If not run the search again.

[CJB]

Well my idea was to put it in trainers. Cause then the trainer wont need to update on every single game patch. If you know what I mean.

[STN]

Nice APP!, i am sure it would come in handy

[Aspras]

Very nice. In case you used C/C++ you can add these lines to make the controls use the theme of the operating system, not that it makes any difference but I just hate the way those controls look so out of style

#pragma comment(linker,"/manifestdependency:\"type='win32' name='Microsoft.Windows.Common-Controls' ""version='6.0.0.0' processorArchitecture='X86' publicKeyToken='6595b64144ccf1df' language='*'\"")

[kemicza]

Hehe Sorry Aspras this time I really didn't focus on looks at all .. And it's done in asm, I'll keep that in mind if I update it in the future.

[0tik]

it's not working anymore. 3.4.18.0 - my xlive version. Proces EFLC.exe/module xlive.dll/sig pattern 8B EC 83 EC 20 53 56 57 8D 45 E0 33 F6 50 FF 75 0C 8B F9/and then i clickXlive button. after a secont game crash. Thats funny- when i used only trainer i could play half a minute with working trainer, but then game crash crash.

[BRiGHT]

Yeah Microsoft released a new version of Games for Windows Live couple of days back. Guess they finally managed to change the signature patern

[STN]

Aw, BAD NEWS!. Guess we will see a halt in trainers for sometime.

[Baxter]

Yeah Microsoft released a new version of Games for Windows Live couple of days back. Guess they finally managed to change the signature patern

Nah, the bypass still works. The problem is the patcher.
Patcher c2 cc 00 90 90 <--wrong
Should be c2 0c 00 90 90 or c2 0c 00 without the nops
I use a different method for this, just jump the function.

@*NOMENTIONPLOX*
Outof curiosity, why wouldnt you just hardcode the byte sequence and xlive module in the source.
From what i gather, the app only patches the integrity check. So pasting the pattern and choosing the xlive module isnt really needed. More work for the lazy people like me!