Quantcast
Jump to content
Search In
  • More options...
Find results that contain...
Find results in...
    1. Welcome to GTAForums!

    2. News

    1. Red Dead Redemption 2

      1. Gameplay
      2. Missions
      3. Help & Support
    2. Red Dead Online

      1. Gameplay
    1. GTA Online

      1. After Hours
      2. Find Lobbies & Players
      3. Guides & Strategies
      4. Vehicles
      5. Content Creator
      6. Help & Support
    2. Crews

      1. Events
      2. Recruitment
    1. Grand Theft Auto Series

    2. GTA Next

    3. GTA V

      1. PC
      2. Guides & Strategies
      3. Help & Support
    4. GTA IV

      1. Episodes from Liberty City
      2. Multiplayer
      3. Guides & Strategies
      4. Help & Support
      5. GTA Mods
    5. GTA Chinatown Wars

    6. GTA Vice City Stories

    7. GTA Liberty City Stories

    8. GTA San Andreas

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    9. GTA Vice City

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    10. GTA III

      1. Guides & Strategies
      2. Help & Support
      3. GTA Mods
    11. Top Down Games

      1. GTA Advance
      2. GTA 2
      3. GTA
    12. Wiki

      1. Merchandising
    1. GTA Modding

      1. GTA V
      2. GTA IV
      3. GTA III, VC & SA
      4. Tutorials
    2. Mod Showroom

      1. Scripts & Plugins
      2. Maps
      3. Total Conversions
      4. Vehicles
      5. Textures
      6. Characters
      7. Tools
      8. Other
      9. Workshop
    3. Featured Mods

      1. DYOM
      2. OpenIV
      3. GTA: Underground
      4. GTA: Liberty City
      5. GTA: State of Liberty
    1. Red Dead Redemption

    2. Rockstar Games

    1. Off-Topic

      1. General Chat
      2. Gaming
      3. Technology
      4. Programming
      5. Movies & TV
      6. Music
      7. Sports
      8. Vehicles
    2. Expression

      1. Graphics / Visual Arts
      2. GFX Requests & Tutorials
      3. Writers' Discussion
      4. Debates & Discussion
    1. Forum Support

    2. Site Suggestions

Sign in to follow this  
Neproify

Problem with code in c++ - GTA IV

Recommended Posts

Neproify

Hello everyone. I trying to create modification to GTA IV in clean c++(without any scripthook, etc.). First, I unprotect memory(this code is from IV:Multiplayer).

void UnprotectMemory(){	BYTE * pImageBase = (BYTE *)(g_pCore->GetBaseAddress() + 0x400000);	PIMAGE_DOS_HEADER pDosHeader = (PIMAGE_DOS_HEADER)pImageBase;	PIMAGE_NT_HEADERS pNtHeader = (PIMAGE_NT_HEADERS)(pImageBase + pDosHeader->e_lfanew);	PIMAGE_SECTION_HEADER pSection = IMAGE_FIRST_SECTION(pNtHeader);	for (int iSection = 0; iSection < pNtHeader->FileHeader.NumberOfSections; iSection++, pSection++)	{		char * pszSectionName = (char *)pSection->Name;		if (!strcmp(pszSectionName, ".text") || !strcmp(pszSectionName, ".rdata"))			CPatcher::Unprotect((DWORD)(pImageBase + pSection->VirtualAddress), ((pSection->Misc.VirtualSize + 4095) & ~4095));	}}

The CPatcher class is from here: https://github.com/anumaz/IVMultiplayer/blob/master/Shared/Patcher/CPatcher.cpp

Next, I use CPatches to add some patches, for example no peds, etc.

void CPatches::Initialize(){	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9849F0) = 0x900004C2; // ambient animations	CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0xD549DC), (g_pCore->GetBaseAddress() + 0xD549C0)); // gta iv startup functions	CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0xD549EC), (g_pCore->GetBaseAddress() + 0xD549D0));	*(BYTE *)(g_pCore->GetBaseAddress() + 0x10F1390) = 0; // Make the game think we are not connected to the internet	*(DWORD *)(g_pCore->GetBaseAddress() + 0x7AF1A0) = 0x90C3C032;	*(BYTE *)(g_pCore->GetBaseAddress() + 0x809A8A) = 0x75; // Disable resouce-loading script "main.sco"	CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0x5B0311), (g_pCore->GetBaseAddress() + 0x5B03BF)); // Always start a new game.	CPatcher::InstallRetnPatch(g_pCore->GetBaseAddress() + 0xB3EDF0); // Disable parked cars.	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x4215CF), 5); // Disable emergency services and garbage trucks.	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9B1ED0) = 0x0CC2C033; // Disable vehicle entries.	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9B1ED4) = 0x00;	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9BBBFC) = 0xEB; // Disable vehicle exits.	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x8ACD64), 5); // Disable random peds and vehicles	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x421610), 5);	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x81B22E), 5);	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9F72C0) = 0xB8; // Disable scenario peds.	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9F72C1) = 0x0; 	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9F72C5) = 0xC3; 	CPatcher::InstallRetnPatch(g_pCore->GetBaseAddress() + 0x9055D0); // Disable fake cars.}

But there's a problem. Those patches doesn't work. I seem other thing. If I try to terminate process before ambient animations it works. But if I try to do it after any operation on memory, it doesn't work(for example, I commented ambient animations and try to terminate process after "gta iv startup functions", it doesn't work. But if I try to terminate process before it, it works). Anyone know why? Maybe memory is protected?

Share this post


Link to post
Share on other sites
byteMe420

this isn't valid...

 

*(DWORD *)(g_pCore->GetBaseAddress() + 0x9849F0) = 0x900004C2; // ambient animations

 

= is an assignment operator... so you set a variable's value with it... http://www.cplusplus.com/doc/tutorial/operators/

 

maybe you wanted ==, are you checking equality?

Share this post


Link to post
Share on other sites
Neproify

That's not that. If i try to terminateprocess after first jmp patch (I commented the ambient animations line) That's this same.

Share this post


Link to post
Share on other sites
byteMe420

That's not that. If i try to terminateprocess after first jmp patch (I commented the ambient animations line) That's this same.

no clue what you mean, does anyone that plays this game speak english??

 

No i iz no understand for you sory fren

Edited by byteMe420

Share this post


Link to post
Share on other sites
Neproify

I try to show this on code.

Program is terminated.

void CPatches::Initialize(){        TerminateProcess(GetCurrentProcess(), 0);	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9849F0) = 0x900004C2; // ambient animations	CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0xD549DC), (g_pCore->GetBaseAddress() + 0xD549C0)); // gta iv startup functions	CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0xD549EC), (g_pCore->GetBaseAddress() + 0xD549D0));	*(BYTE *)(g_pCore->GetBaseAddress() + 0x10F1390) = 0; // Make the game think we are not connected to the internet	*(DWORD *)(g_pCore->GetBaseAddress() + 0x7AF1A0) = 0x90C3C032;	*(BYTE *)(g_pCore->GetBaseAddress() + 0x809A8A) = 0x75; // Disable resouce-loading script "main.sco"	CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0x5B0311), (g_pCore->GetBaseAddress() + 0x5B03BF)); // Always start a new game.	CPatcher::InstallRetnPatch(g_pCore->GetBaseAddress() + 0xB3EDF0); // Disable parked cars.	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x4215CF), 5); // Disable emergency services and garbage trucks.	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9B1ED0) = 0x0CC2C033; // Disable vehicle entries.	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9B1ED4) = 0x00;	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9BBBFC) = 0xEB; // Disable vehicle exits.	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x8ACD64), 5); // Disable random peds and vehicles	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x421610), 5);	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x81B22E), 5);	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9F72C0) = 0xB8; // Disable scenario peds.	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9F72C1) = 0x0; 	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9F72C5) = 0xC3; 	CPatcher::InstallRetnPatch(g_pCore->GetBaseAddress() + 0x9055D0); // Disable fake cars.}

Program isn't terminated

void CPatches::Initialize(){	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9849F0) = 0x900004C2; // ambient animations        TerminateProcess(GetCurrentProcess(), 0);	CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0xD549DC), (g_pCore->GetBaseAddress() + 0xD549C0)); // gta iv startup functions        CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0xD549EC), (g_pCore->GetBaseAddress() + 0xD549D0));	*(BYTE *)(g_pCore->GetBaseAddress() + 0x10F1390) = 0; // Make the game think we are not connected to the internet	*(DWORD *)(g_pCore->GetBaseAddress() + 0x7AF1A0) = 0x90C3C032;	*(BYTE *)(g_pCore->GetBaseAddress() + 0x809A8A) = 0x75; // Disable resouce-loading script "main.sco"	CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0x5B0311), (g_pCore->GetBaseAddress() + 0x5B03BF)); // Always start a new game.	CPatcher::InstallRetnPatch(g_pCore->GetBaseAddress() + 0xB3EDF0); // Disable parked cars.	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x4215CF), 5); // Disable emergency services and garbage trucks.	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9B1ED0) = 0x0CC2C033; // Disable vehicle entries.	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9B1ED4) = 0x00;	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9BBBFC) = 0xEB; // Disable vehicle exits.	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x8ACD64), 5); // Disable random peds and vehicles	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x421610), 5);	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x81B22E), 5);	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9F72C0) = 0xB8; // Disable scenario peds.	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9F72C1) = 0x0; 	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9F72C5) = 0xC3; 	CPatcher::InstallRetnPatch(g_pCore->GetBaseAddress() + 0x9055D0); // Disable fake cars.}

Program isn't terminated

void CPatches::Initialize(){	//*(DWORD *)(g_pCore->GetBaseAddress() + 0x9849F0) = 0x900004C2; // ambient animations	CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0xD549DC), (g_pCore->GetBaseAddress() + 0xD549C0)); // gta iv startup functions        TerminateProcess(GetCurrentProcess(), 0);        CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0xD549EC), (g_pCore->GetBaseAddress() + 0xD549D0));	*(BYTE *)(g_pCore->GetBaseAddress() + 0x10F1390) = 0; // Make the game think we are not connected to the internet	*(DWORD *)(g_pCore->GetBaseAddress() + 0x7AF1A0) = 0x90C3C032;	*(BYTE *)(g_pCore->GetBaseAddress() + 0x809A8A) = 0x75; // Disable resouce-loading script "main.sco"	CPatcher::InstallJmpPatch((g_pCore->GetBaseAddress() + 0x5B0311), (g_pCore->GetBaseAddress() + 0x5B03BF)); // Always start a new game.	CPatcher::InstallRetnPatch(g_pCore->GetBaseAddress() + 0xB3EDF0); // Disable parked cars.	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x4215CF), 5); // Disable emergency services and garbage trucks.	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9B1ED0) = 0x0CC2C033; // Disable vehicle entries.	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9B1ED4) = 0x00;	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9BBBFC) = 0xEB; // Disable vehicle exits.	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x8ACD64), 5); // Disable random peds and vehicles	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x421610), 5);	CPatcher::InstallNopPatch((g_pCore->GetBaseAddress() + 0x81B22E), 5);	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9F72C0) = 0xB8; // Disable scenario peds.	*(DWORD *)(g_pCore->GetBaseAddress() + 0x9F72C1) = 0x0; 	*(BYTE *)(g_pCore->GetBaseAddress() + 0x9F72C5) = 0xC3; 	CPatcher::InstallRetnPatch(g_pCore->GetBaseAddress() + 0x9055D0); // Disable fake cars.}

So, any operation on GTA IV memory causes the code don't proceed.

Edited by Neproify

Share this post


Link to post
Share on other sites
The_GTA

1) how are you loading your code into the game? DLL inject? entry point injection? is the game suspended before you do your stuff?

2) have you tried adding breakpoints into your code to see where it does wrong? this is done by setting a breakpoint at your injector right before you launch the remote code, attaching to GTA IV, setting a breakpoint in the injected DLL logic, resuming the injector and waiting for the breakpoint in your DLL to be hit.

 

to be frank, I do not trust your UnprotectMemory function.

Edited by The_GTA

Share this post


Link to post
Share on other sites
Neproify

1) how are you loading your code into the game? DLL inject? entry point injection? is the game suspended before you do your stuff?

2) have you tried adding breakpoints into your code to see where it does wrong? this is done by setting a breakpoint at your injector right before you launch the remote code, attaching to GTA IV, setting a breakpoint in the injected DLL logic, resuming the injector and waiting for the breakpoint in your DLL to be hit.

 

to be frank, I do not trust your UnprotectMemory function.

DLL Inject, with this code:

bool LibraryIntoProcess(const char * szLibraryPath, HANDLE hProcess)		{			// Check file exist			struct stat s;			bool bExists = !stat(szLibraryPath, &s);			// If exists continue injecting			if (bExists)			{				// Allocate virtual memory for library				void * pRemoteLibraryPath = VirtualAllocEx(hProcess, NULL, (strlen(szLibraryPath) + 1), MEM_COMMIT, PAGE_READWRITE);				// Check allocated memory				if (!pRemoteLibraryPath)					return false;				// Create varible to save writen bytes size				unsigned int uiBytesWritten = 0;				// Write memory into process				WriteProcessMemory(hProcess, pRemoteLibraryPath, (void *)szLibraryPath, (strlen(szLibraryPath) + 1), (SIZE_T *)&uiBytesWritten);				// Check writen bytes				if (uiBytesWritten != (strlen(szLibraryPath) + 1))				{					VirtualFreeEx(hProcess, pRemoteLibraryPath, sizeof(pRemoteLibraryPath), MEM_RELEASE);					return false;				}				// Get Kernel32 module handle				HMODULE hKernel32 = GetModuleHandle("Kernel32");				// Get LoadLibraryA function from Kernel32 module				FARPROC pfnLoadLibraryA = GetProcAddress(hKernel32, "LoadLibraryA");				// Create thread to load library into process				HANDLE hThread = CreateRemoteThread(hProcess, NULL, 0, (LPTHREAD_START_ROUTINE)pfnLoadLibraryA, pRemoteLibraryPath, 0, NULL);				// Check Thread handle				if (!hThread)				{					VirtualFreeEx(hProcess, pRemoteLibraryPath, sizeof(pRemoteLibraryPath), MEM_RELEASE);					return false;				}				// Wait for single object from thread				WaitForSingleObject(hThread, INFINITE);				// Close thread handle				CloseHandle(hThread);				return true;			}			return false;		}

2) How to do it in Visual Studio, if I do dll injecting? I can't start debuging on my core dll.

 

@edit: I probably know what is a problem. I need to inject dll in the GTAIV.exe, not LaunchGTAIV.exe.

Edited by Neproify

Share this post


Link to post
Share on other sites
The_GTA

Alright, we are getting somewhere. I want you to get the breakpoints to work.

 

Put this code into into your DllMain, under the event that the DLL attaches.

while ( !IsDebuggerPresent() ){    Sleep( 1 );}__asm nop  // PUT BREAKPOINT HERE.

Now put a breakpoint in the following code lines:

            CPatcher::Unprotect((DWORD)(pImageBase + pSection->VirtualAddress), ((pSection->Misc.VirtualSize + 4095) & ~4095));
    *(DWORD *)(g_pCore->GetBaseAddress() + 0x9849F0) = 0x900004C2; // ambient animations

This should put breakpoints at the most interesting places in our game code. You can launch the injector now. When launched you will notice that the game is waiting, basically until you have attached your debugger to it.

 

Now is the time to attach to the GTA IV executable using Visual Studio. Immediatly after attaching our breakpoint should be hit at....

 

 

__asm nop  // PUT BREAKPOINT HERE.

If so, perfect! If you compiled your DLL using the "Edit and Continue" feature, you can make changes to it while it is running.

 

When debugging a Windows DLL loading procedure be very careful. Any Win32 exception will cause the DLL to automatically unload from the application. It most likely will not tell your debugger about it. That is why you must step through every line of your code to determine the real reason of the crash. ;)

 

Good luck.

Share this post


Link to post
Share on other sites
NTAuthority

by setting a breakpoint at your injector right before you launch the remote code

>having an injector

fatal error; why not consume the game executable?

Edited by NTAuthority

Share this post


Link to post
Share on other sites
The_GTA
>having an injector

fatal error; why not consume the game executable?

ask the thread author instead :p

pretty sure he uses the standard MTA approach.

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
Sign in to follow this  

  • 1 User Currently Viewing
    0 Members, 0 Anonymous, 1 Guest

×

Important Information

By using GTAForums.com, you agree to our Terms of Use and Privacy Policy.