 |
Cheat Engine The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Samuel-Sama How do I cheat?
Reputation: 0
Joined: 28 Dec 2007 Posts: 9
|
Posted: Fri Dec 28, 2007 9:20 am Post subject: [TUTORIAL] How to make a DLL in C |
|
|
First, I would like to say, this is my first ever tutorial. Please do not flame etc. If you don't like my tutorial don't use it.
By using this tutorial, you agree that it has no warranty and there is no guarantee that it will work. This agreement is binding and is subject to change without reason and/or notice.
Please note: This shows how to make a DLL for the game Windows Minesweeper v.5.1
----------------------------------------------------------------------------------------------------------------------------------
CREDITS
======
KOrUPt (For being patient with my Uber n00b questions and being nice)
EvilFourZero (Stole parts of his tutorial without permission =D)
Xander, Ben`, Jonathan|roh, nofrillz, Uranium-239, Hav0c, xWeasel, Xavier, Peasley, Toao
-----------------------------------------------------------------------------------------------------------------------------------
How to make a DLL hack
By Samuel-Sama
==================
Requirements:
Basic knowledge of C
A compiler (Capable of compiling DLL)
Windows Minesweeper v5.1 (Should work with other versions but untested)
Cheat Engine v5.3 (or above)
DLL Injector (I recommend Injec-TOR)
1. Open up your IDE (I'll be using Dev-C++) and goto File -> New -> Project. Select the DLL icon and choose C project. (You need to include C++ runtime library if you're doing it in C++)
2. Close the .h file (don't save it). You will see something like the following:
| Code: | /* Replace "dll.h" with the name of your header */
#include "dll.h"
#include <windows.h>
#include <stdio.h>
#include <stdlib.h>
DLLIMPORT void HelloWorld ()
{
MessageBox (0, "Hello World from DLL!\n", "Hi", MB_ICONINFORMATION);
}
BOOL APIENTRY DllMain (HINSTANCE hInst /* Library instance handle. */ ,
DWORD reason /* Reason this function is being called. */ ,
LPVOID reserved /* Not used. */ )
{
switch (reason)
{
case DLL_PROCESS_ATTACH:
break;
case DLL_PROCESS_DETACH:
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
}
/* Returns TRUE on success, FALSE on failure */
return TRUE;
} | Like every program, it has an entry point. The entry point for DLLs is: | Code: | BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved) {
return TRUE;
} | It has 3 parameters:
| Code: |
HINSTANCE hInst: The current hinstance of the DLL.
DWORD reason: States the reason for the entry point to be called
LPVOID reserved: This paramter is reserved for later use / Windows Vista |
DWORD reason can have 4 possible values:
| Code: |
DLL_PROCESS_ATTACH: The DLL injected/attached to the process
DLL_PROCESS_DETACH: Unloaded
DLL_THREAD_ATTACH: attached to a thread
DLL_THREAD_DETACH: detached from a thread |
I will only be working with DLL_PROCESS_ATTACH.
We will now make a DLL that when injected, displays a MessageBox.
| Code: | //DLL TEST
#include <windows.h>
BOOL APIENTRY DllMain (HINSTANCE hInst, DWORD reason, LPVOID reserved) {
if(callReason == DLL_PROCESS_ATTACH)
MessageBox(0, "Dll Injection Successful! ", "Dll Injector", MB_ICONEXCLAMATION | MB_OK);
return TRUE;
} | Simple, right? But that does nothing directly to the process.. Now we need to find some game variables or offsets which are basically addresses of the variables.
Windows Minesweeper has a timer.. We will use Cheat Engine to find the offset for the time.
1. First, open up Minesweeper, then open up Cheat Engine and click on the top left icon and find the process of your game. In this case, it will be winmine.exe and press 'OK'.
2. Below the 'First Scan' button, there is a edit for the value. Enter '0' (This is the current time of Minesweeper) and press 'First Scan'. A list of addresses will appear on the left hand side. One of these is the address of our timer.
3. On Minesweeper, start the game by clicking on one of the squares. The timer will start.
4. Go back to Cheat Engine and below 'value' should be 'Exact Value' change that to 'Changed Value' and press 'Next Scan'.
5. On the left, some of the addresses will be constantly changing. Find the address that has a value closest to the currrent time on Minesweeper.
Now we know our address or offset, we will need to make our DLL change it. So first make a pointer to the address like so:
| Code: | | int *time = (int*)0x0100579C; //Offset for time. | Then somewhere in your program, you will need to dereference your pointer respectively. BTW that offset was for v5.1 of Minesweeper, you may have a different offset for your version.
Your Minesweeper hack should end up something similar to mine:
| Code: | //Microsoft Minesweeper Time Hack
//By Samuel-Sama
//Preprocessor files
#include <windows.h>
//Define variables
DWORD ThreadID;
int *time = (int*)0x0100579C; //Offset for time.
DWORD WINAPI changeTime(LPVOID lParam) {
while(1)
*time = 0;
ExitThread(0);
}
//DllMain
BOOL APIENTRY DllMain(HINSTANCE hDll, DWORD callReason, LPVOID lpReserved) {
if(callReason == DLL_PROCESS_ATTACH) {
MessageBox(0, "Dll Injection Successful! ", "Dll Injector", MB_ICONEXCLAMATION | MB_OK);
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&changeTime, 0, 0, &ThreadID);
}
return 1;
} |
Upon compiling this, you should obtain a dll file.
You now need to inject this into Minesweeper using your DLL Injector. For this example, I will be using Injec-TOR as it has a nice clean interface and works like a charm.
1. Open up Injec-TOR and load the DLL.
2. Open up Windows Minesweeper.
3. Locate winmine.exe in Injec-TOR.
4. Press the 'Inject' button.
5. Done! =D
Thank you for reading this tutorial. After reading this, you should now be able to write simple hacks for some games. I hope you have enjoyed and learnt something.
DOWNLOAD
========
The link below contains Injec-TOR, winmine.exe, Cheat Engine v5.3 and a program specially desgined to test with.
[LINK BROKEN] (Can't post URLs)
|
|
| Back to top |
|
 |
oib111 I post too much
Reputation: 0
Joined: 02 Apr 2007 Posts: 2947 Location: you wanna know why?
|
Posted: Fri Dec 28, 2007 10:37 am Post subject: |
|
|
Really wanna know the truth? Friggin' awesome +rep
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
 |
atom0s Moderator
Reputation: 205
Joined: 25 Jan 2006 Posts: 8587 Location: 127.0.0.1
|
Posted: Fri Dec 28, 2007 12:03 pm Post subject: |
|
|
Heh, this looks a lot like a tutorial I just wrote a week or so back..
(Tutorial I wrote: http://www.extalia.com/forums/viewtopic.php?f=32&t=2795)
| Code: | #include <windows.h>
//Define variables
DWORD ThreadID;
int *time = (int*)0x0100579C; //Offset for time.
DWORD WINAPI changeTime(LPVOID lParam) {
while(1)
*time = 0;
ExitThread(0);
}
//DllMain
BOOL APIENTRY DllMain(HINSTANCE hDll, DWORD callReason, LPVOID lpReserved) {
if(callReason == DLL_PROCESS_ATTACH) {
MessageBox(0, "Dll Injection Successful! ", "Dll Injector", MB_ICONEXCLAMATION | MB_OK);
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&changeTime, 0, 0, &ThreadID);
}
return 1;
} |
As for this code, I have some suggestions..
Firstly, your thread:
Is bad practice. Along with that, no sleep will rape the processor with what ever it is you are doing. Instead, you should add a boolean check for when the dll is being called to unload to be used in the thread. Such as:
| Code: | #include <windows.h>
bool bWantsExit;
int *iTime = (int*)0x0100579C;
DWORD WINAPI MyThread()
{
while( !bWantsExit )
{
*iTime = 0;
Sleep( 10 );
}
return 0;
}
BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwMsg, LPVOID lpReserved)
{
switch( dwMsg )
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls( hModule );
bWantsExit = false;
CreateThread( NULL, 0, (LPTHREAD_START_ROUTINE)MyThread, NULL, 0, 0 );
return TRUE;
case DLL_PROCESS_DETACH:
bWantsExit = true;
return TRUE;
}
return TRUE;
} |
There are a few other aspecs you could add to that, such as ensuring the dll waits for the thread to cleanup and so on.
_________________
- Retired. |
|
| Back to top |
|
 |
appalsap Moderator
Reputation: 0
Joined: 27 Apr 2006 Posts: 6753 Location: Pakistan
|
Posted: Fri Dec 28, 2007 12:45 pm Post subject: |
|
|
almost all C runtime libraries will call DisableThreadLibraryCalls at startup (before DllMain, use DllMainCRTStartup to bypass this) since no one uses DLL_THREAD_ATTACH and DLL_THREAD_DETACH anymore, so they're not worth mentioning
_________________
|
|
| Back to top |
|
 |
Samuel-Sama How do I cheat?
Reputation: 0
Joined: 28 Dec 2007 Posts: 9
|
Posted: Fri Dec 28, 2007 2:33 pm Post subject: |
|
|
| Hi, thanks for the replies. The reason I wrote this tutorial was because I was unable to find a tutorial on this subject. (Perhaps I wasn't looking hard enough). If I have time, I will rewrite my tutorials based on your suggestions.
|
|
| Back to top |
|
 |
ername: How do I cheat?
Reputation: 0
Joined: 01 Jan 2008 Posts: 5 Location: In your head, forcing you to read this!
|
Posted: Thu Jan 03, 2008 1:41 am Post subject: |
|
|
| Woah that is a pretty good tutorial I'll try it out sometime
|
|
| Back to top |
|
 |
|
|
You cannot post new topics in this forum You cannot reply to topics in this forum You cannot edit your posts in this forum You cannot delete your posts in this forum You cannot vote in polls in this forum You cannot attach files in this forum You can download files in this forum
|
|