 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
bimi074
How do I cheat?
![]() Reputation: 0
Joined: 15 Feb 2009
Posts: 3
Location: Kosovo/Albania/Holland
|
 Posted: Sun Feb 15, 2009 11:51 am Post subject: (Help)--> Create Device| Soldier front wallhack |
 |
|
Hey guys ,
Im new at this forum.
I have this problem .
Im not verry good with C++ / C#
but i tried to follow a tut on how to compile wallhack source.
so the compiling worked , but i used a patched source.
now the following tut is how to make a undetected wallhack.
-----------------------------------------------------------------------------
|UNDETECTED WALLING|
First lets analise Fatboy's source code as your all firmilia with it (wallhacks are very basic but theres alot of crap you have to add like hooking D3D and generating texture ect.
Firstly, we see that he defined his D3D API hook .
| Code: | static DWORD dwBeginScene = 0x6D9D9250;
static DWORD dwEndScene = 0x6d9d93a0;
static DWORD dwDrawIndexedPrimitive = 0x6d9d73a0;
static DWORD dwSetStreamSource = 0x6d9d6760;
static DWORD dwSetViewport = 0x6d9d5b90 ;
|
Now GameGuard Scans BeginScene, Endscene and the DIP. Although
Writing code into the DIP dosnt seem to cause any problems.
You can throw away BeginScene Altogether - i don't see it as any importance
Now Endscene is very useful but there is an alternative.
Use present  Normaly this is for stride logging but i find its a good
alternative display pod. Its a little laggy but in SF you can use that to glitch
| Code: | int m_Stride;
int texnum;
int nNumVertices;
int nPrimitiveCount;
|
Were just going to focus on Strides - You will still get a nice wallhack
m_Stride has been defined in his code somewhere as a Stride which 30 == players
| Code: | LPDIRECT3DTEXTURE8 Red,Yellow,Green,Blue,Purple,Pink,Orange;
|
This generates the color's we want for our Cham Shading.
Then he just defines all his variables as follows:
| Code: | bool Color = true;
bool Logger = false;
ofstream ofile;
char dlldir[320];
float ScreenCenterX = 0.0f;
float ScreenCenterY = 0.0f;
bool xhair = false;
bool WallHack = false;
bool WallHack2 = false;
HANDLE hand1 =NULL;
HANDLE hand2 =NULL;
|
Just throw away the logger function. You don't really need to log unless your wallhack is commercial
Add the Texture Generation code and im going to skip past his crosshair function and all that and we can look at
some more useful stuff.
We Are now in the hacks DIP, All the fun hacks are here 
Lets use some info Fatboy provided - he says that the stride for players
is 40 "if(m_Stride==40" now we don't want to add all the other info
lets keep it simple and close the if ")"
Now he has the start of the cham wallhack
| Code: | pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
pDevice->SetTexture(0,Orange);
|
Now we say that here it says (D3DRS_ZENABLE, D3DZB_FALSE);
So this is when the player is behind a wall.
He then sets the texture of stride 40 (players) to orange
| Code: | //pDevice->SetRenderState(D3DRS_FILLMODE, D3DFILL_WIREFRAME );
pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
//pDevice->SetRenderState(D3DRS_FILLMODE, D3DFILL_SOLID );
|
Here he has commented out another nice hack (WireFrame) probably wanted to keep it private
or just let people who can read his source use it.
| Code: | pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
pDevice->SetTexture(0,Pink); |
This is when there visable to you, the stride then is textured with a pink color.
[code]now we see more objects amungst the 40 stride such as grenades in his next cham code.
Anyway, now that i explained a bit about the wallhack. You will want to make it undetected.
-------------------------------------------------------------------------------------
This guy provides you all the info! im just going to explain it to you in a bit of depth.
| Quote: | Createdevice->pointers to the functions
kinda like a class or a struct.
and GG scans createdevice right off the back |
Ok all your D3D hooks go through to be formed into the device. Once this is done and D3D is hooked you can release create device so that it wont be detected.
I do so in my base with this code in my CreateDevice Reclass
[code]
//your create device code
//the we move onto
//Device Unhooking
unsigned long ulProtect;
VirtualProtect(&D3D8_object[15], 4, PAGE_EXECUTE_READWRITE, &ulProtect);
*(unsigned long*)&D3D8_object[15] = (unsigned long)pCreateDevice;
VirtualProtect(&D3D8_object[15], 4, ulProtect, &ulProtect);
[/code]
Then you will need to initialise your device
[code]
YourDevice = *ppReturnedDeviceInterface; //Rename to your Device
[/code]
Its also a good idea to log this to see if it worked
to do that just say
else{ add_log("D3D create device error...\n"); }
Then return to your device.
Now lets look at another method
2)another way **** it hack GG.
4)code cave the hook int3->Jmp then in the code cave->Jmp(detour)d3d functions ->jmp back to original flow ;Hook hopin
Now i thought Number 2 looked hansom but then i thought that i could adapt that view point to number 4 which basicly bypasses GG.
now I am not going to go through ASM debugging to detour your d3d hook
but were not really going to be caving like 4) says. Due to the fact that were dropping the Cave early - we can just Jmp to a nice clean bit of space (0900001C) looks pretty nice place to settle.
Then in our C++ for this we __asm for the jmp. Now fatboy88 says to detour our d3d functions, thats all good fun but more univsersaly we could Jmp the GG check. Therefore placing more memory crazy hacks and also you would be bypassing a clean reg for debugger logging and looting.
stickleback from gzp ,
now i dont understand this part ?
| Quote: | [code]
//your create device code
//the we move onto
//Device Unhooking
unsigned long ulProtect;
VirtualProtect(&D3D8_object[15], 4, PAGE_EXECUTE_READWRITE, &ulProtect);
*(unsigned long*)&D3D8_object[15] = (unsigned long)pCreateDevice;
VirtualProtect(&D3D8_object[15], 4, ulProtect, &ulProtect);
[/code]
Then you will need to initialise your device
[code]
YourDevice = *ppReturnedDeviceInterface; //Rename to your Device
[/code]
Its also a good idea to log this to see if it worked
to do that just say
else{ add_log("D3D create device error...\n"); }
Then return to your device. |
|
|
| Back to top |
|
 |
AlbanainRetard
Master Cheater
 Reputation: 0
Joined: 02 Nov 2008
Posts: 494
Location: Canada eh?
|
| Posted: Sun Feb 15, 2009 1:08 pm Post subject: |
|
|
VirtualProtect:
Changes the protection on groups of memory.
Looks like he is allowing you to read&write mem.
_________________
|
|
| Back to top |
|
|
BanMe
Master Cheater
![]() Reputation: 0
Joined: 29 Nov 2005
Posts: 375
Location: Farmington NH, USA
|
| Posted: Sun Feb 15, 2009 1:22 pm Post subject: |
|
|
specifically it cahnges the Protection to ReadWrite to the VirtualFunction Table and substitutes in his own CreateDevice Function Call and then reprotects the Table :]
regards BanMe
_________________
don't +rep me..i do not wish to have "status" or "recognition" from you or anyone.. thank you. |
|
| Back to top |
|
|
bimi074
How do I cheat?
![]() Reputation: 0
Joined: 15 Feb 2009
Posts: 3
Location: Kosovo/Albania/Holland
|
| Posted: Sun Feb 15, 2009 7:59 pm Post subject: |
|
|
| ok thanks for the replys but what do i need to do ?
|
|
| Back to top |
|
|
devil_run
How do I cheat?
![]() Reputation: 0
Joined: 05 Jan 2008
Posts: 2
Location: THAILAND
|
| Posted: Tue Feb 17, 2009 1:34 am Post subject: |
|
|
ok thank
good idear
|
|
| Back to top |
|
|
bimi074
How do I cheat?
![]() Reputation: 0
Joined: 15 Feb 2009
Posts: 3
Location: Kosovo/Albania/Holland
|
| Posted: Thu Feb 19, 2009 7:30 pm Post subject: |
|
|
bumb
_________________
KOSOVA 1 VJET PAVARSIA ! |
|
| Back to top |
|
|
dnsi0
I post too much
![]() Reputation: 0
Joined: 04 Jan 2007
Posts: 2674
|
| Posted: Thu Feb 19, 2009 7:42 pm Post subject: |
|
|
What you want to do is this:
Edit the table so that the CreateDevice() function table(usually pointed to the CreateDevice in D3d8.dll) is pointing to your create device which does all the overlay creating.
Then returning the device so the game thinks that create device is actucally yours not the d3d8.dll createdevice. Does this make sense?
BTW. you need to disable protection cause those types are readonly.
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
