 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
AlbanainRetard
Master Cheater
 Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
 Posted: Fri Dec 05, 2008 5:45 pm Post subject: [REFRENCE] How to make Hack/Bot |
 |
|
Info/Notes/Update
Welcome to my reference page for c++ Hacks/Bots, and I hope you find this,
A guid guide if you are interested in learning to make DLL/EXE Bots/Hacks,
in C++
~Good Luck!
~Give me some suggestions
Current: v.5
1 ~ Made Guide
2 ~ Updated added : Num 2
3 ~ Grammar - Section
4 ~ Added : Num 3-4 (Pointers)
5 ~ Added : Num 5-6 (Trampoline, AoB), Updated: Pointers thanks to BanMe
1. Basic Dll
This section is for the absolute beginner.
Here is the code:
| Code: |
#include <windows.h>
#include <tchar.h> //Unless linking Multi-Byte ( Project > Properties > Config > Char Set > Multi-Byte )
HMOUDLE Moudle;
void IntWindow()
{
//Do stuff here.
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
if (ul_reason_for_call == DLL_PROCESS_ATTACH)
{
Module = hModule;
CreateThread(0,0,(LPTHREAD_START_ROUTINE)&Window,0,0,0);
}
return TRUE;
}
|
Ok so here is the break down:
We have a void object that will house our window and can be called by thread,
| Code: |
void IntWindow()
{
//Do stuff here.
}
|
So we need to call this when the DLL is started or called,
| Code: |
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
//Do Stuff
}
|
Now all this is a return value of bool so if it works true if not false,
Now it is called so we have values like its module, its reseon and a void
that is reserved for padding purpuses. So all we need is Reson and module.
So this code says if it is called by attaching, use module to point and create thread to it.
| Code: |
if (ul_reason_for_call == DLL_PROCESS_ATTACH) //If we are attaching
{
Module = hModule; //Set moudle for later
CreateThread(0,0,(LPTHREAD_START_ROUTINE)&Window,0,0,0); // Into this later
}
return TRUE; //I know but for good purpose.
|
2. A popup Win32 Window
This is for that person who can make a dll base, but wants a window for that cool effect.
The code:
| Code: |
LRESULT CALLBACK ProcWindow (HWND hWnd, UINT iMsg, WPARAM wParam, LPARAM lParam)
{
switch (iMsg)
{
case WM_CREATE:
break;
case WM_DESTROY:
PostQuitMessage(0);
break;
}
return DefWindowProc(hWnd,iMsg,wParam,lParam);
}
void DeintWindow()
{
UnregisterClass(_T("Tut Window"), Module);
FreeLibraryAndExitThread(Module, 0);
}
void IntWindow()
{
HWND hWnd;
MSG iMsg;
WNDCLASSEX wc;
ZeroMemory(&wc,sizeof(WNDCLASSEX));
wc.cbSize = sizeof(WNDCLASSEX);
wc.style = CS_HREDRAW | CS_VREDRAW;
wc.cbClsExtra = 0;
wc.cbWndExtra = 0;
wc.hbrBackground = (HBRUSH)COLOR_BTNSHADOW;
wc.hIcon = LoadIcon(NULL,IDI_APPLICATION);
wc.hCursor = LoadCursor(NULL,IDC_ARROW);
wc.hInstance = Module;
wc.lpfnWndProc = ProcWindow;
wc.lpszMenuName = NULL;
wc.lpszClassName = _T("Tut Window");
wc.hIconSm = LoadIcon(NULL,IDI_APPLICATION);
if (!RegisterClassEx(&wc))
{
MessageBox(0,_T("Failed"),0,0);
ExitWindow();
}
hWnd = CreateWindowEx(WS_EX_APPWINDOW | WS_EX_TOOLWINDOW,_T("Tut window"),_T("Tut Window"),WS_SYSMENU,CW_USEDEFAULT,CW_USEDEFAULT,200,400,0,0,Module,NULL);
ShowWindow(hWnd,SW_SHOWNORMAL);
UpdateWindow(hWnd);
while (GetMessage(&iMsg,0,0,0))
{
TranslateMessage(&iMsg);
DispatchMessage(&iMsg);
}
DeintWindow();
}
|
Break down:
Well the window function is just the start of making a cool bot with pictures, but a lot is need to learn.
The reason for zeromemory in wc is to make room for the class of the window, or well *bad*. So thats that.
Now "Wc" class is for the windows settings like its message handler, etc .... Now Only things to change are,
Name, to your desired class ( lpszClassName ), unless you know how WinProc works. ( See links ).
HWND and MSG are also parts of the handler. and Register is to make that class for the window , create window for the popup,
show window for the HWND and Update to call draw, and while loop for messages, unless PostMessage == 0.
Deint() is just Freeing the libary and thread in Moudle and killing the class of the window.
ProcWindow is the message center for the popup, more on that.
3. Pointers ~ Reading
This section is for the beginning of actual memory edits.
Here is the code:
| Code: |
#include <windows.h>
#include <tchar.h> //Unless linking Multi-Byte ( Project > Properties > Config > Char Set > Multi-Byte )
//Reads a Pointer
__inline ULONG_PTR ReadPointer(ULONG_PTR* ulBase, INT nOffset)
{
if ( !IsBadReadPtr((VOID*)ulBase, sizeof(ULONG_PTR)) )
if ( !IsBadReadPtr((VOID*)((*(ULONG_PTR*)ulBase)+nOffset), sizeof(ULONG_PTR)) )
return *(ULONG_PTR*)((*(ULONG_PTR*)ulBase)+nOffset);
return 0;
}
|
Break up:
A pointer basically asks for a base and then a offset, this makes it so you don't have to recode it every time you play, and even then you won't be able know the address before playing.
inline and ulong_ptr are just the typedef for the function don't worry we can use it to check our pointers later.
Basicly all this is doing is checking if the base/offset and base+offset are bad and if it is it won't read it and return the value of 0x000000 or 0. If it works it will return the value of that pointer.
4. Pointers ~ Writing
This section is for the beginning of actual memory edits.
Here is the code:
| Code: |
*(DWORD*)(*(DWORD*)Base + Offset) = 0;
|
BanMe's:
| Code: |
*(DWORD**)(Base+Offset ) = (DWORD*) = 0; //Because he doesn't like that actual asm to be 0x000000 (Although...)
//It could also have a different base address like the famous PowerPC gaming rig (Xbox360)
|
Break up:
As we know the Pointer is read similarly, so changing is like changing a DWORD, yep using the "=" operator. Basically we use the same prefix for pointers: *(DWORD*), then use (*(DWORD*) so it will be turned into a WORD, and then add the base+offset and let it = 0;
So:
Base+Offset = the address that we point to
= 0 = what we changed the address to
5. Trampoline Bypass
This section is for the beginning of hopping past GameGaurd
s hooks (Usermode).
Here is the code:
| Code: |
//PostMessage Bypass
DWORD DLLFunc = (DWORD)GetProcAddress( LoadLibraryW(L"User32.dll" ), "PostMessageA" ) + 5;
__declspec(naked) BOOL WINAPI PM(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
{
__asm
{
mov edi, edi
push ebp
mov ebp, esp
jmp dword ptr ds:[DLLFunc]
}
}
|
Break up:
As you can see we are loading PostMessage by our self from User32.dll with its address plus five, so we are going past GameGaurd's little mechanism to prevent from PostMessage (Although Send Message is batter). Then in the inline ASM your just doing the natural stuff until: jmp dword ptr ds:[DLLFunc]: so we can jump against GameGaurd
So:
Loaded address +5, Our function does the normal function and jumps to that loaded one.
Last edited by AlbanainRetard on Sun Apr 05, 2009 4:42 pm; edited 8 times in total |
|
| Back to top |
|
 |
nwongfeiying
Grandmaster Cheater
![]() Reputation: 2
Joined: 25 Jun 2007
Posts: 695
|
| Posted: Fri Dec 05, 2008 6:14 pm Post subject: |
|
|
| It could be better.
|
|
| Back to top |
|
|
AlbanainRetard
Master Cheater
Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
| Posted: Fri Dec 05, 2008 6:19 pm Post subject: |
|
|
| nwongfeiying wrote: | | It could be better. |
Its a work in progress, any advice?
_________________
|
|
| Back to top |
|
|
nwongfeiying
Grandmaster Cheater
![]() Reputation: 2
Joined: 25 Jun 2007
Posts: 695
|
| Posted: Fri Dec 05, 2008 6:22 pm Post subject: |
|
|
| If you want professionalism, then take out words like "okay" or "penis". The red font is always a distraction. A proper introduction would be nice. That's all for now.
|
|
| Back to top |
|
|
AlbanainRetard
Master Cheater
Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
| Posted: Fri Dec 05, 2008 9:20 pm Post subject: |
|
|
| nwongfeiying wrote: | | If you want professionalism, then take out words like "okay" or "penis". The red font is always a distraction. A proper introduction would be nice. That's all for now. |
Sorry about that, Kinda mad, cause of A/B (never try to UA/GOD/MapShift).
But that doesn't excuse my ignorance, my apologies.
~Albanain
And updated...
_________________
|
|
| Back to top |
|
|
gunminiho
Expert Cheater
![]() Reputation: 0
Joined: 15 Dec 2008
Posts: 144
Location: peru
|
| Posted: Tue Feb 24, 2009 1:19 pm Post subject: |
|
|
| AlbanainRetard wrote: | | nwongfeiying wrote: | | It could be better. |
Its a work in progress, any advice? |
i give you one  , How to declarate pointers :S and a few WINAPI's and data types and things like:
Pointers, address, how to call an already created function any way ¬¬
|
|
| Back to top |
|
|
&Vage
Grandmaster Cheater Supreme
![]() Reputation: 0
Joined: 25 Jul 2008
Posts: 1053
|
| Posted: Tue Feb 24, 2009 3:58 pm Post subject: |
|
|
| Why use hmodule = hmodule;? That's what CreateThread's extra parameter is for...
|
|
| Back to top |
|
|
Bizarro
I post too much
 Reputation: 0
Joined: 01 May 2007
Posts: 2648
|
| Posted: Tue Feb 24, 2009 4:11 pm Post subject: |
|
|
| _void_ wrote: | | Why use hmodule = hmodule;? That's what CreateThread's extra parameter is for... |
so u can use it in any thread or any function without passing the extra parameter every single time...
_________________
w8 baby.com Banner contest, Come join NOW!!
Check us out for Prize deatils |
|
| Back to top |
|
|
AlbanainRetard
Master Cheater
Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
| Posted: Tue Feb 24, 2009 5:50 pm Post subject: |
|
|
| Bizarro wrote: | | _void_ wrote: | | Why use hmodule = hmodule;? That's what CreateThread's extra parameter is for... |
so u can use it in any thread or any function without passing the extra parameter every single time... |
God, Bizzarro your da Man. I love you (as a admirer, not sexually(thanks for reading my mind)). I will work on Making a section for Pointers,Types and start the actuall inner workings.
Updated to version 4, pointers.
_________________
|
|
| Back to top |
|
|
Deve
Expert Cheater
 Reputation: 0
Joined: 20 Jan 2007
Posts: 245
Location: Stockholm, Sweden
|
| Posted: Wed Feb 25, 2009 1:55 am Post subject: |
|
|
May i come with an suggestion?
I like what you have done with the tut so far and would suggest that you show how to do stuff with Hotkeys.
_________________
Leecher. |
|
| Back to top |
|
|
hcavolsdsadgadsg
I'm a spammer
![]() Reputation: 26
Joined: 11 Jun 2007
Posts: 5801
|
| Posted: Wed Feb 25, 2009 2:16 am Post subject: |
|
|
What is the point of this other than spoonfeeding retards?
If anyone had the slightest clue what they were doing, this would be obvious enough.
|
|
| Back to top |
|
|
Spawnfestis
GO Moderator
 Reputation: 0
Joined: 02 Nov 2007
Posts: 1746
Location: Pakistan
|
| Posted: Wed Feb 25, 2009 6:19 am Post subject: |
|
|
| slovach wrote: | What is the point of this other than spoonfeeding retards?
If anyone had the slightest clue what they were doing, this would be obvious enough. |
The real question is - why not?
_________________
CLICK TO HAX MAPLESTORAY ^ !!!! |
|
| Back to top |
|
|
Darkcow45
Grandmaster Cheater
 Reputation: 0
Joined: 24 Aug 2008
Posts: 879
|
| Posted: Wed Feb 25, 2009 7:20 am Post subject: |
|
|
it looks promising
_________________
Courage is the magic that turns dreams into reality. |
|
| Back to top |
|
|
SXGuy
I post too much
![]() Reputation: 0
Joined: 19 Sep 2006
Posts: 3551
|
| Posted: Wed Feb 25, 2009 7:23 am Post subject: |
|
|
| slovach wrote: | What is the point of this other than spoonfeeding retards?
If anyone had the slightest clue what they were doing, this would be obvious enough. |
i actually agree, your time would be better spent showing how you re-write code to bypass problems when dealing with games that have protection such as gamegaurd or hackshield.
otherwise all this is, is a very basic tutorial that anyone with google could find for themselves.
|
|
| Back to top |
|
|
manc
Grandmaster Cheater
 Reputation: 1
Joined: 16 Jun 2006
Posts: 551
|
| Posted: Wed Feb 25, 2009 8:54 am Post subject: |
|
|
I appreciate it. 
_________________
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
