Cheat Engine Forum Index Cheat Engine
The Official Site of Cheat Engine
 
 FAQFAQ   SearchSearch   MemberlistMemberlist   UsergroupsUsergroups   RegisterRegister 
 ProfileProfile   Log in to check your private messagesLog in to check your private messages   Log inLog in 


[Release]MapleStory MP & HP Instant Regain hacks DLL sou
Goto page 1, 2  Next
 
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming
View previous topic :: View next topic  
Author Message
Symbol
I'm a spammer
Reputation: 0

Joined: 18 Apr 2007
Posts: 5094
Location: Israel.

PostPosted: Thu Mar 06, 2008 2:17 pm    Post subject: [Release]MapleStory MP & HP Instant Regain hacks DLL sou Reply with quote

http://forum.cheatengine.org/viewtopic.php?p=2142889 Surprised

Edit: improved the source a bit:
Code:
#include <Windows.h>
#include <fstream>

using namespace std;

BOOL bWantQuit = FALSE;
DWORD HPAddress, MPAddress;
HMODULE thisModule;

BYTE MPAoB[7] = { 0x81, 0xFB, 0x10, 0x27, 0x00, 0x00, 0x7C }; //cmp ebx,00002710 and 0x7C = jnge short
BYTE HPAoB[7] = { 0x81, 0xFF, 0x10, 0x27, 0x00, 0x00, 0x7C }; //cmp edi,00002710 and 0x7C = jnge short

unsigned int FindMPAddress()
{
   int Index = 0;
   for (int i = 0x400000; i < 780000; i++) //Starting from 0x450000 from some reason...
   {
      if (*(BYTE*)i == MPAoB[Index])
         Index++;
      else Index = 0;

      if (Index == 7)
         return i-6; //Because there are 7 bytes, but I need the "0x27" byte (4th) which is address+4, but "i" incrases anyway, so decrase "i" and add 4. :)
   }
   return 0;
}

unsigned int FindHPAddress()
{
   int Index = 0;
   for (int i = 0x400000; i < 0x780000; i++)
   {
      if (*(BYTE*)i == HPAoB[Index])
         Index++;
      else Index = 0;

      if (Index == 7)
         return i-6;
   }
   return 0;
}

void Thread()
{
   if ( !bWantQuit )
   {
   Sleep(2000); //Let it load MapleStory...
   ofstream OFile;
   OFile.open("Log.txt");
   OFile << "Trying to get MP and HP regain addresses..." << endl;

   HPAddress = FindHPAddress()+3;
   MPAddress = FindMPAddress()+3;

      if (HPAddress == 0 || MPAddress == 0)
      {
         bWantQuit = TRUE;
         OFile << "Failed getting MP and HP regain addresses!";
      }
      else
         OFile << "HP Address: " << HPAddress << endl << "MP Address: " << MPAddress;

      OFile.close();

      while ( !bWantQuit )
      {
         if (GetAsyncKeyState(VK_F8))
          {
            *(BYTE*)HPAddress ^= 0x27;
            *(BYTE*)MPAddress ^= 0x27;

            Sleep(300);
         }

      if (GetAsyncKeyState(VK_F12))
         bWantQuit = TRUE;
      }
    }

   MessageBox(NULL, L"Log.txt was created at MapleStory folder.\nNow exiting...", NULL, MB_OK);
   FreeLibraryAndExitThread(thisModule,0);
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                )
{
   if (ul_reason_for_call == DLL_PROCESS_ATTACH)
   {
      DisableThreadLibraryCalls( hModule );
      thisModule = hModule;
      CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&Thread, (LPVOID)hModule, 0, 0);
   }
   return TRUE;
}


Last edited by Symbol on Fri Mar 07, 2008 9:52 am; edited 1 time in total
Back to top
View user's profile Send private message
MrNeef
Cheater
Reputation: 0

Joined: 26 Feb 2008
Posts: 44

PostPosted: Thu Mar 06, 2008 2:23 pm    Post subject: Reply with quote

Great, bookmarked it!

Thanks symbol Very Happy

_________________
Stop leeching, start learning.

Current Projects :
MrNeef's DLL injector + MrNeef's basic DLL [ 75% ]
Back to top
View user's profile Send private message
BlackD
Newbie cheater
Reputation: 0

Joined: 22 Apr 2007
Posts: 12

PostPosted: Thu Mar 06, 2008 2:40 pm    Post subject: Reply with quote

Hello, Thank you for your source. I've been looking for a general format. One question though, in your other thread you said that changing the value from 10 to 9 could make it work, but i don't see a 10 or an 'A'(the hex value of 10). So my question is, where is the 10 you were talking about? Also is there a way I can add a gui to this, kinda like ecstatic trainer(sorry for the noob questions)?

Thanks for any help.
BlackD


Last edited by BlackD on Thu Mar 06, 2008 2:45 pm; edited 2 times in total
Back to top
View user's profile Send private message
Jonny999
Grandmaster Cheater
Reputation: 0

Joined: 10 Jan 2007
Posts: 789
Location: England, Near London

PostPosted: Thu Mar 06, 2008 2:43 pm    Post subject: Reply with quote

Nice, and good to see some of the script commented also =]
_________________
1 Step ahead of the rest.
Back to top
View user's profile Send private message
Codeslinger
I post too much
Reputation: 1

Joined: 11 Oct 2007
Posts: 3652
Location: Midwest, United States of America

PostPosted: Thu Mar 06, 2008 2:47 pm    Post subject: Reply with quote

Thank you!!

Finally someone has posted source to a simple injectable DLL. I tried this before and had simple questions that no one could answer.

I wasn't sure if I use DllMain as the main function or what (maplestory could have simply loaded the DLL and called a specific procedure other than DllMain).

That is a very good way of writing memory, it seems. I thought you would have to use an API call but it looks like your simply finding an address and then writing a value to it by using pointers...
Back to top
View user's profile Send private message MSN Messenger
Fisk
Grandmaster Cheater
Reputation: 0

Joined: 18 Mar 2007
Posts: 711
Location: rymdsylt

PostPosted: Thu Mar 06, 2008 2:47 pm    Post subject: Reply with quote

It would've been cool if I understood any of that =P
Great job though, nice to see that you're working on your trainer

_________________
мs,
Back to top
View user's profile Send private message
Symbol
I'm a spammer
Reputation: 0

Joined: 18 Apr 2007
Posts: 5094
Location: Israel.

PostPosted: Thu Mar 06, 2008 3:15 pm    Post subject: Reply with quote

BlackD wrote:
Hello, Thank you for your source. I've been looking for a general format. One question though, in your other thread you said that changing the value from 10 to 9 could make it work, but i don't see a 10 or an 'A'(the hex value of 10). So my question is, where is the 10 you were talking about? Also is there a way I can add a gui to this, kinda like ecstatic trainer(sorry for the noob questions)?

Thanks for any help.
BlackD

I meant 10 seconds, every 10 seconds you gain MP, so if you'll change it to 9 seconds, it might work without dc'ing.
If you'll check the array of byte, you'll see that the MP address bytes are:
0x81, 0xFB, 0x10, 0x27, 0x00, 0x00 (the extra 0x7C is the jnge from the address below) and if you'll convert that to assembly its
cmp ebx,00002710

Notice that 2710 is in hex, and 0x2710 is actually 10,000. (10,000ms = 10 seconds, time to regain MP)
If you'll change it to cmp ebx,2328 (0x2328 = 9000) you might not dc. (or at least, not right away)
Notice that the bytes are opposite (its called little endian) so if you'll change the value that my DLL changes, ofcoruse you'll have to use WORD instead of BYTE and make it write 2 bytes, (0x28 0x23, instead 0x00 on 0x27 and leaving 0x10 so it regains MP every 10ms) it would work.

Good luck.
Back to top
View user's profile Send private message
hcavolsdsadgadsg
I'm a spammer
Reputation: 26

Joined: 11 Jun 2007
Posts: 5801

PostPosted: Thu Mar 06, 2008 3:21 pm    Post subject: Reply with quote

Kenny420 wrote:
Thank you!!

Finally someone has posted source to a simple injectable DLL. I tried this before and had simple questions that no one could answer.

I wasn't sure if I use DllMain as the main function or what (maplestory could have simply loaded the DLL and called a specific procedure other than DllMain).

That is a very good way of writing memory, it seems. I thought you would have to use an API call but it looks like your simply finding an address and then writing a value to it by using pointers...


You're in the memory space when you're injected, so you don't need to use the API
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1887
Location: Canada

PostPosted: Thu Mar 06, 2008 3:40 pm    Post subject: Reply with quote

Your code is ugly and redundant, here is an improved version (not saying it is perfect). Might be an error or two, coded quickly.

Code:
#include <windows.h>
#include <tchar.h>

unsigned char hp_aob[] = { 0x81, 0xFF, 0x10, 0x27, 0x00, 0x00, 0x7C };
unsigned char mp_aob[] = { 0x81, 0xFB, 0x10, 0x27, 0x00, 0x00, 0x7C };

void __declspec(noinline) __declspec(noreturn) ErrorAndExit(LPTSTR error, HMODULE hMod)
{
    MessageBox(0, error, _T("Error!"), 0);
    FreeLibraryAndExitThread((HMODULE)hMod, EXIT_FAILURE);
}

unsigned long __declspec(noinline) ArrayToPtr(unsigned char * aob)
{
    int k = 0, i;
    __try {
        for (i = 0x400000; i < 0x780000; i++) {
            if(*((unsigned char*)i) == aob[k]) {
                k++;
                if (k == 7) return (unsigned long)(i-6);
            } else k = 0;
        }
    } __except(EXCEPTION_EXECUTE_HANDLER) {
        return 0;
    }
    return 0;
}

void __declspec(noreturn) Thread(LPVOID hMod)
{
    unsigned char * hp = ((unsigned char *)ArrayToPtr(hp_aob)) + 3;
    unsigned char * mp = ((unsigned char *)ArrayToPtr(mp_aob)) + 3;

    if(hp == 0 || mp == 0) ErrorAndExit(_T("HP/MP addresses invalid!"), (HMODULE)hMod);

    __try {
        for(;; Sleep(10)) {
            if(GetAsyncKeyState(VK_F8)) {
                *hp ^= 0x27;
                *mp ^= 0x27;
            }
            if(GetAsyncKeyState(VK_F12)) break;
        }
    } __except(EXCEPTION_EXECUTE_HANDLER) {
        ErrorAndExit(_T("OH SHI-, BLACK HOLE!"), (HMODULE)hMod);
    }
    FreeLibraryAndExitThread((HMODULE)hMod, EXIT_SUCCESS);
}

BOOL APIENTRY DllMain(HMODULE hModule, DWORD call, LPVOID lpReserved)
{
   if (call == DLL_PROCESS_ATTACH) {
      DisableThreadLibraryCalls(hModule);
      CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&Thread, (LPVOID)hModule, 0, 0);
   }
   return TRUE;
}


Edit: Small fix.


Last edited by Flyte on Thu Mar 06, 2008 5:26 pm; edited 1 time in total
Back to top
View user's profile Send private message
Symbol
I'm a spammer
Reputation: 0

Joined: 18 Apr 2007
Posts: 5094
Location: Israel.

PostPosted: Thu Mar 06, 2008 3:50 pm    Post subject: Reply with quote

Flyte wrote:
Your code is ugly and redundant, here is an improved version (not saying it is perfect). Might be an error or two, coded quickly.

Well, yea, its better, I'm not coding much in C++ so I'm not that good, but I really liked the xor bytes idea. very clever. Smile
Back to top
View user's profile Send private message
BlackD
Newbie cheater
Reputation: 0

Joined: 22 Apr 2007
Posts: 12

PostPosted: Thu Mar 06, 2008 4:37 pm    Post subject: Reply with quote

Did I do this right?
Code:
#include <Windows.h>
#include <fstream>

using namespace std;

DWORD FindMPAddress()
{
   BYTE AoB[7] = { 0x81, 0xFB, 0x10, 0x27, 0x00, 0x00, 0x7C }; //cmp ebx,00002710 and 0x7C = jnge short
   int Index = 0;
   for (int i = 0x450000; i < 0x800000; i++) //Starting from 0x450000 from some reason...
   {
      if (*(BYTE*)i == AoB[Index])
         Index++;
      else Index = 0;

      if (Index == 7)
         return i-3; //Because there are 7 bytes, but I need the "0x27" byte (4th) which is address+4, but "i" incrases anyway, so decrase "i" and add 4. :)
   }
   return 0;
}

DWORD FindHPAddress()
{
   BYTE AoB[7] = { 0x81, 0xFF, 0x10, 0x27, 0x00, 0x00, 0x7C };
   int Index = 0;
   for (int i = 0x450000; i < 0x800000; i++)
   {
      if (*(BYTE*)i == AoB[Index])
         Index++;
      else Index = 0;

      if (Index == 7)
         return i-3;
   }
   return 0;
}

BOOL InstantRegainON = FALSE, bWantQuit = FALSE;
DWORD HPAddress, MPAddress;
HMODULE thisModule;

void Thread()
{
   if ( !bWantQuit )
   {
   Sleep(5000); //Let it load MapleStory...
   ofstream OFile;
   OFile.open("Log.txt");
   OFile << "Trying to get MP and HP regain addresses..." << endl;

   HPAddress = FindHPAddress();
   MPAddress = FindMPAddress();

      if (HPAddress == 0 || MPAddress == 0)
      {
         bWantQuit = TRUE;
         OFile << "Failed getting MP and HP regain addresses!";
      }
      else
         OFile << "HP Address: " << HPAddress << endl << "MP Address: " << MPAddress;

      OFile.close();

      WORD OnOff[2] = { 0x00, 0x28, 0x23 };  //<-------
     
      while ( !bWantQuit )
      {
         if (GetAsyncKeyState(VK_F8))
          {
            InstantRegainON = !InstantRegainON;

            *(BYTE*)HPAddress = OnOff[InstantRegainON];
            *(BYTE*)MPAddress = OnOff[InstantRegainON];

            Sleep(300);
         }

      if (GetAsyncKeyState(VK_F12))
         bWantQuit = TRUE;
      }
    }

   MessageBox(NULL, L"Log.txt was created at MapleStory folder.\nNow exiting...", NULL, MB_OK);
   FreeLibraryAndExitThread(thisModule,0);
}

BOOL APIENTRY DllMain( HMODULE hModule,
                       DWORD  ul_reason_for_call,
                       LPVOID lpReserved
                )
{
   if (ul_reason_for_call == DLL_PROCESS_ATTACH)
   {
      DisableThreadLibraryCalls( hModule );
      thisModule = hModule;

      DWORD tID;
      CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&Thread, 0, 0, &tID);

      MessageBox(NULL, L"Welcome to Symbol's instant MP and HP regain!\nPress F8 to activate or F12 to exit.\nHave fun! :)", L"Symbol's instant MP & HP regain!", MB_ICONINFORMATION | MB_OK);
   }
   return TRUE;
}

Thanks BlackD


Last edited by BlackD on Thu Mar 06, 2008 5:12 pm; edited 1 time in total
Back to top
View user's profile Send private message
mOnSoOn
Expert Cheater
Reputation: 0

Joined: 05 Jul 2007
Posts: 203

PostPosted: Thu Mar 06, 2008 5:07 pm    Post subject: Reply with quote

Lol?
I thought your address updating method is different, this method is really bad... You really need to think about which errors can cause through this scanning ( not compiling errors.. ).
anyway.. Why don't you make a function that update addresses? Why do you have to write it again and again? Neutral
Anyway, the address updating method will fail next version or more 2 versions.
Back to top
View user's profile Send private message MSN Messenger
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1887
Location: Canada

PostPosted: Thu Mar 06, 2008 5:13 pm    Post subject: Reply with quote

mOnSoOn wrote:
Lol?
I thought your address updating method is different, this method is really bad... You really need to think about which errors can cause through this scanning ( not compiling errors.. ).
anyway.. Why don't you make a function that update addresses? Why do you have to write it again and again? Neutral
Anyway, the address updating method will fail next version or more 2 versions.


See the version I posted above. Rolling Eyes
Back to top
View user's profile Send private message
BlackD
Newbie cheater
Reputation: 0

Joined: 22 Apr 2007
Posts: 12

PostPosted: Thu Mar 06, 2008 5:19 pm    Post subject: Reply with quote

Hey Flyte to do it your way would i do it like this..
to change the pointer from 10s to 9s would i do
*hp ^= 0x28, 0x23; ?

Thanks BlackD
Back to top
View user's profile Send private message
Flyte
Peanuts!!!!
Reputation: 6

Joined: 19 Apr 2006
Posts: 1887
Location: Canada

PostPosted: Thu Mar 06, 2008 5:25 pm    Post subject: Reply with quote

BlackD wrote:
Hey Flyte to do it your way would i do it like this..
to change the pointer from 10s to 9s would i do
*hp ^= 0x28, 0x23; ?

Thanks BlackD


Should be the same value, but since I don't play MapleStory I can't be sure.

Oh, and in the code above, you have to add 3 to each pointer after ArrayToPtr returns. I'll fix that now, didn't noticed the comment in the code.
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   Reply to topic    Cheat Engine Forum Index -> General programming All times are GMT - 6 Hours
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum


Powered by phpBB © 2001, 2005 phpBB Group

CE Wiki   IRC (#CEF)   Twitter
Third party websites