Exetools  

Go Back   Exetools > General > Source Code

Notices

Reply
 
Thread Tools Display Modes
  #1  
Old 08-15-2014, 02:08
namreeb namreeb is offline
Friend
 
Join Date: Jun 2011
Posts: 17
Rept. Given: 1
Rept. Rcvd 10 Times in 6 Posts
Thanks Given: 1
Thanks Rcvd at 29 Times in 9 Posts
namreeb Reputation: 10
[C++] Hack sniff

Hello. I am writing this to share with those who might be interested that I have started writing a tool to monitor the changes a given process makes to other processes. My purpose for this is to watch how game hacks behave. There are other potential uses, as well.

The source is available here: https://github.com/namreeb/hacksniff

This software assumes you have the boost API and hadesmem installed. hadesmem can be found here: https://code.google.com/p/hadesmem/

Feel free to provide any feedback or feature requests on GitHub (or here since I guess if I don't make posts that means my account should be deleted).
Reply With Quote
The Following 4 Users Gave Reputation+1 to namreeb For This Useful Post:
Debugger (08-16-2014), emo (08-16-2014), niculaita (08-20-2014), Storm Shadow (08-15-2014)
The Following 3 Users Say Thank You to namreeb For This Useful Post:
niculaita (02-25-2017), zeffy (07-27-2017)
  #2  
Old 08-19-2014, 03:22
namreeb namreeb is offline
Friend
 
Join Date: Jun 2011
Posts: 17
Rept. Given: 1
Rept. Rcvd 10 Times in 6 Posts
Thanks Given: 1
Thanks Rcvd at 29 Times in 9 Posts
namreeb Reputation: 10
Update: Added ReadProcessMemory hook and logging
Reply With Quote
  #3  
Old 08-20-2014, 00:57
Carbon Carbon is offline
VIP
 
Join Date: Sep 2013
Posts: 113
Rept. Given: 7
Rept. Rcvd 189 Times in 48 Posts
Thanks Given: 0
Thanks Rcvd at 59 Times in 18 Posts
Carbon Reputation: 100-199 Carbon Reputation: 100-199
Some game hacks I know of use low level functions.... so you should hook as deep as possible. NtWriteVirtualMemory instead of WriteProcessMemory
__________________
My blog: https://ntquery.wordpress.com
Reply With Quote
The Following 2 Users Gave Reputation+1 to Carbon For This Useful Post:
DMichael (08-20-2014), namreeb (08-20-2014)
  #4  
Old 08-20-2014, 02:07
namreeb namreeb is offline
Friend
 
Join Date: Jun 2011
Posts: 17
Rept. Given: 1
Rept. Rcvd 10 Times in 6 Posts
Thanks Given: 1
Thanks Rcvd at 29 Times in 9 Posts
namreeb Reputation: 10
I didn't realize WriteProcessMemory called NtWriteVirtualMemory. Hooking that was on my todo list.

Edit: I removed the word that starts with th and rhymes with tanks because I don't think I'm supposed to say that in a post. But you can pretend I said it
Reply With Quote
  #5  
Old 10-07-2014, 09:25
namreeb namreeb is offline
Friend
 
Join Date: Jun 2011
Posts: 17
Rept. Given: 1
Rept. Rcvd 10 Times in 6 Posts
Thanks Given: 1
Thanks Rcvd at 29 Times in 9 Posts
namreeb Reputation: 10
Quote:
Originally Posted by Carbon View Post
Some game hacks I know of use low level functions.... so you should hook as deep as possible. NtWriteVirtualMemory instead of WriteProcessMemory
Update: I have taken your suggestion and made that change. https://github.com/namreeb/hacksniff/commit/51125a6973434f5d3ea463f65be888a33c6c7138
Reply With Quote
The Following User Gave Reputation+1 to namreeb For This Useful Post:
  #6  
Old 02-25-2017, 02:56
namreeb namreeb is offline
Friend
 
Join Date: Jun 2011
Posts: 17
Rept. Given: 1
Rept. Rcvd 10 Times in 6 Posts
Thanks Given: 1
Thanks Rcvd at 29 Times in 9 Posts
namreeb Reputation: 10
FYI I have added x64 support to this and issued a new release here: https://github.com/namreeb/hacksniff/releases/tag/0.2
Reply With Quote
The Following 2 Users Gave Reputation+1 to namreeb For This Useful Post:
alephz (02-28-2017), niculaita (02-25-2017)
The Following 10 Users Say Thank You to namreeb For This Useful Post:
besoeso (02-25-2017), blue_devil (05-23-2017), chessgod101 (02-26-2017), elephant (02-26-2017), emo (02-26-2017), foosaa (02-26-2017), Hypnz (02-25-2017), niculaita (02-25-2017), zeffy (07-27-2017), zeuscane (02-25-2017)
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is On



All times are GMT +8. The time now is 18:50.


Always Your Best Friend: Aaron, JMI, ahmadmansoor, ZeNiX, chessgod101
( 1998 - 2024 )