Jump to content

Question

12 answers to this question

Recommended Posts

  • 0
Posted
5 hours ago, DARK_DEMON_SCRIPTER said:

Hi guys I want to know about this code gg.allocatePage() I didn't understand how to use this 🙂 pls help me

It allows you to allocate a new page in the target processes. You can write code to the page for a hook, or data or anything. What are you looking to do?

  • 0
Posted
8 minutes ago, darklinux said:

It allows you to allocate a new page in the target processes. You can write code to the page for a hook, or data or anything. What are you looking to do?

I think he is just curious.

  • 0
Posted
41 minutes ago, darklinux said:

It allows you to allocate a new page in the target processes. You can write code to the page for a hook, or data or anything. What are you looking to do?

Hmm, never used it but it looks useful. How you mean for a hook? Can you explain? Would be appreciated.

  • 0
Posted (edited)
On 6/22/2022 at 2:05 PM, Platonic said:

Hmm, never used it but it looks useful. How you mean for a hook? Can you explain? Would be appreciated.

If you wanted to hook a function to change values, or call thread specific functions.

  • allocate new page
  • write shell code to page
  • write hook to target function

GG does something like this for speed hacks, but they load a shared library and not shell code.

I have used this method to send packets on a specific game play trigger. Lots of fun and powerful but you start to get into native hacks real quick. I wish GG supported hooks and more native stuff.

Edited by darklinux
  • 0
Posted
19 minutes ago, darklinux said:

If you wanted to hook a function to change values, or call thread specific functions.

  • allocate new page
  • write shell code to page
  • write hook to target function

GG does something like this for speed hacks, but they load a shared library and not shell code.

I have used this method to send packets on a specific game play trigger. Lots of fun and powerful but you start to get into native hacks real quick. I wish GG supported hooks and more native stuff.

Hmm i see. All this is done in Lua?

  • 0
Posted (edited)
24 minutes ago, Platonic said:

Hmm i see. All this is done in Lua?

Not the shell code part, that's why I wish GG supported hooks. GG would handle the allocation and hooking, and then passes the values to lua. GG is currently external, so it would be a drastic change. I have implemented my own hooking library for lua, so it can be done.

 

Hook example,

hookFun = function(x)
    return x * 2
end

-- address
-- lua hook function
-- arg sizes array
-- return arg size
-- return or complete function (ret, complete)
gg.hook(offset + base, hookFun, [TYPE_DWORD], TYPE_DWORD, HOOK_RET)

 

Native call example

-- address
-- name
-- arg sizes array
-- return arg size
gg.regsiterNative(offset + base, 'sendPacket', [TYPE_DWORD, TYPE_DWORD], TYPE_DWORD)

function StopFalling()
    packetStopFallingId = 154
    return sendPacket(packetStopFallingId, 1) == 1
end
Edited by darklinux
  • 0
Posted (edited)
14 hours ago, DARK_DEMON_SCRIPTER said:

Guys can I get any tutorials for it pls

https://gameguardian.net/help/classgg.html#a15e72eaba99c1eadac1ccdeb8e2b5009
Has some good info
 

I would use a site like https://godbolt.org/

I'm using ARM64 gcc trunk

You can write some c++ code like,

int square(int num) {
    return num * num;
}

and get asm for it

sub     sp, sp, #16
str     w0, [sp, 12]
ldr     w0, [sp, 12]
mul     w0, w0, w0
add     sp, sp, 16
ret

 

then use something like http://shell-storm.org/online/Online-Assembler-and-Disassembler/

I'm using AArch64

This will take your asm and convert it to byte code

"\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6"

 

You will need to write your own functions, but something like this,

local shell_code = "\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6"
local shell_address = gg.allocatePage(gg.PROT_READ | gg.PROT_WRITE | gg.PROT_EXEC)
local result = hook(offset + base, shell_code, shell_address)

 

I would recommend reading over this project,

GGInjector (#9c9qcq9g)

 

Edited by darklinux
  • 0
Posted (edited)
On 6/24/2022 at 8:33 PM, darklinux said:

https://gameguardian.net/help/classgg.html#a15e72eaba99c1eadac1ccdeb8e2b5009
Has some good info
 

I would use a site like https://godbolt.org/

I'm using ARM64 gcc trunk

You can write some c++ code like,

int square(int num) {
    return num * num;
}

and get asm for it

sub     sp, sp, #16
str     w0, [sp, 12]
ldr     w0, [sp, 12]
mul     w0, w0, w0
add     sp, sp, 16
ret

 

then use something like http://shell-storm.org/online/Online-Assembler-and-Disassembler/

I'm using AArch64

This will take your asm and convert it to byte code

"\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6"

 

You will need to write your own functions, but something like this,

local shell_code = "\xff\x43\x00\xd1\xe0\x0f\x00\xb9\xe0\x0f\x40\xb9\x00\x7c\x00\x1b\xff\x43\x00\x91\xc0\x03\x5f\xd6"
local shell_address = gg.allocatePage(gg.PROT_READ | gg.PROT_WRITE | gg.PROT_EXEC)
local result = hook(offset + base, shell_code, shell_address)

 

I would recommend reading over this project,

GGInjector (#9c9qcq9g)

 

So i can as well allocate a memory page and writhe a function in assembly, and make the pointer that points to the original function point to the new function that has been allocated?

I don't understand a thing of C++ to be fair, a little bit ARM 32/64, so was thinking about writhing it out and converting to hex and past it in the new allocated memory page. Then setting pointers to new function.

Edited by Platonic
  • 0
Posted
12 hours ago, Platonic said:

So i can as well allocate a memory page and writhe a function in assembly, and make the pointer that points to the original function point to the new function that has been allocated?

I don't understand a thing of C++ to be fair, a little bit ARM 32/64, so was thinking about writhing it out and converting to hex and past it in the new allocated memory page. Then setting pointers to new function.

I have been writing an arm64 .so lib loader for GG over the last week. I'm going to be releasing it soon. It will have some examples of shellcode and hooks. Yes, that's the idea, you would allocate a page and write your asm byte code to it.

  • 0
Posted
On 7/26/2022 at 1:06 AM, darklinux said:

I have been writing an arm64 .so lib loader for GG over the last week. I'm going to be releasing it soon. It will have some examples of shellcode and hooks. Yes, that's the idea, you would allocate a page and write your asm byte code to it.

The heck you doing here ;D?

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.