Code:
/*
Basic DLL
*/
#include <windows.h>
#include <stdio.h>
// Pointers
#define pointer 0x00000000
#define offset1 0x00000000
// Global variables
bool activated = false;
unsigned long ClientOffset;
//unsigned long ingame = 0x1B8B054;
bool* ingame;
HANDLE setting;
void set()
{
unsigned long address;
//unsigned long old_p;
while (true)
{
if (*ingame)
{
address = ClientOffset + pointer;
if (IsBadReadPtr((void*)address, 4) != NULL) continue;
address = *(unsigned long*)address + offset1;
// Set the address
if (IsBadWritePtr((void*)address, 4) == NULL)
*(int*)address = 0;
//VirtualProtect((void*)address, 4, PAGE_READONLY, &old_p);
}
Sleep(1000);// every death it resets, so it is OK
}
}
void reset()
{
unsigned long address = ClientOffset + pointer;
if (IsBadReadPtr((void*)address, 4) != NULL) return;// It is already disabled
address = *(unsigned long*)address + offset1;
if (IsBadWritePtr((void*)address, 4) != NULL) return;
// Here you reset the address
*(int*)address = 0;// int = 4 bytes
}
void is_activated()
{
while (true)
{
if (GetAsyncKeyState(VK_END) &0x8000)
{
if (*ingame)
{
if (!activated)
{
ResumeThread(setting);
activated = true;
Beep(1000, 100);
}
else
{
SuspendThread(setting);
reset();
activated = false;
Beep(750, 300);
}
}
Sleep(900);// If he pressed the key longer than 30ms then this will stop him from toggling it again, hopefully
}
else Sleep(30);//Not to overload the CPU. He can't press the key shorter than 15ms. 30ms on average
}
}
void main()
{
Beep(1000, 100);
// Could be injected earlier than expected
while (!(ClientOffset = (unsigned long)GetModuleHandle(NULL)))
Sleep(100);
ingame = (bool*)(ClientOffset + 0x1B8B054);
HANDLE checking;
try
{
if ((checking = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)is_activated, NULL, CREATE_SUSPENDED, NULL)) == NULL)
throw "Couldn't create a thread to execute within the virtual address space of the calling process.(2)";
if ((setting = CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)set, NULL, CREATE_SUSPENDED, NULL)) == NULL)
throw "Couldn't create a thread to execute within the virtual address space of the calling process.(3)";
}
catch ( LPCSTR error )
{
MessageBox(NULL, error, "Error", MB_OK | MB_ICONERROR);
return;
}
//if (SetThreadPriority(setting, THREAD_PRIORITY_BELOW_NORMAL) == NULL) // It can take resources so we need to protect the user from lags
// MessageBox(NULL, "Couldn't set thread priority.\nBut the program can still continue.", "Error", MB_OK | MB_ICONERROR);
bool in_progress = false;
while (true)
{
// Checks if he is in game
if (*ingame)
{
// Want the hack or not want the hack?
if (!in_progress)
{
ResumeThread(checking);
in_progress = true;
}
}
else if (in_progress)
{
SuspendThread(checking);// No need to check out of game
in_progress = false;//Checking ain't in progress
if (activated)
if (SuspendThread(setting) != -1)
activated = false;
}
Sleep(2000);//Not to overload the CPU
}
//char buf[255];
//sprintf_s(buf, "%d", address);
//MessageBox(NULL, buf, "ERROR", MB_OK | MB_ICONERROR);
}
bool WINAPI DllMain(HINSTANCE hDLLInst, DWORD fdwReason, LPVOID lpvReserved)
{
DisableThreadLibraryCalls(hDLLInst);
if (fdwReason == DLL_PROCESS_ATTACH)
{
if (CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)main, NULL, 0, NULL) == NULL) // Creating a new thread in the process "AVA"
{
MessageBox(NULL, "Couldn't create a thread to execute within the virtual address space of the calling process.", "Error", MB_OK | MB_ICONERROR);
return false;
}
}
else if (fdwReason == DLL_PROCESS_DETACH)
{
// No need for anything here
}
return true;
}
First, to use this code you must know C++.
But I'll explain here about some functions.
Code:
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)main, NULL, 0, NULL);
What "CreateThread" does is create a new thread in the process itself. The benefit of this is that the function you delivered to this function will be multitasked. Here some info from Wiki: Computer multitasking - Wikipedia, the free encyclopedia
Code:
SetThreadPriority(setting, THREAD_PRIORITY_BELOW_NORMAL);
Well this set the thread priority 1 below normal. If you have a loop who is refreshing in 1ms each time then maybe you will find this useful to not make the user experience lag in game.
Code:
char buf[255];
sprintf_s(buf, "%d", address);
MessageBox(NULL, buf, "ERROR", MB_OK | MB_ICONERROR);
This piece of code will let you print a number on the screen, as you can't do it by default with the function MessageBox.
Code:
IsBadReadPtr((void*)address, 4);
IsBadWritePtr((void*)address, 4);
This function "IsBadReadPtr" checks if the address is accesable and can be read, it is useful if your pointer in CE isn't always showing. Also if you use them correctly they can avoid crashes.
The other one does the same except it also checks if we can write to the address.
These functions return zero on success or nonzero on failure.
Code:
if (GetAsyncKeyState(VK_END) &0x8000)
This code checks if at the time that code run the user pressed the END key. You can change it to other keys.
See here for the list: Virtual-Key Codes
Code:
while (!(ClientOffset = (unsigned long)GetModuleHandle(NULL)))
Sleep(100);
This one will set ClientOffset to always 0x400000(In AVA case of course, don't know about different games). To use the address(or pointer) you found in CE you need to add this number to it. It is like an additional offset(The offset of the module).
You can change NULL in this code to "AVA.exe" it will be the same.
Code:
ResumeThread();
SuspendThread();
Beep();
I think that they are pretty self explained.
For anything else you use MSDN, or google. Don't PM me with questions. You can ask questions you didn't find on the web here in MPGH C++ forum.
Additional notes:
Now about the ingame pointer that I already put in this code: It is a native address(Meaninig it shows in a green color in CE) who shows 1 if the user is in game, otherwise 0.
Every time the game gets patched, the pointers will change. So you will have to update them.
To compile this you need Microsoft Visual Studio 2010, sure you can with others but I recommend this one only!
Troubleshooting:
Q: My game crash when I inject the DLL! How can I fix it?
A: Well either you didn't put the right pointer or you was reading it when it isn't currently readable or writeable.
Q: How can we read from an address or write to it that we found in CE?
A: I'll explain. For example, we found this native address(See photo):
We read it like this:
Code:
unsigned long address = 0x1B8B054 + ClientOffset;
int content = *(int*)address;
Write to it:
Code:
unsigned long address = 0x1B8B054 + ClientOffset;
*(int*)address = 12345;
Clientoffset I exlained already above what it is.
What if we have an offset to the address? Meaning a pointer?
If the offset is like this: A2B.
We do it like this:
Read -
Code:
unsigned long address = 0x1B8B054 + ClientOffset;
address = *(unsigned long*)address + 0xA2B;
int content = *(int*)address;
Write -
Code:
unsigned long address = 0x1B8B054 + ClientOffset;
address = *(unsigned long*)address + 0xA2B;
*(int*)address = 12345;
And I forgot to say, we put the 0x prefix to let the compiler know it is a hex number, it will convert it to int type.