ASM DLL MapHack Example:
Source Code:
ASMMapHackExample_A.inc
Code:
.Data
mhToggle dd 0h
mhToggle2 dd 0h
mh1 db 0??h
mh2 db 0??h
.Data?
HndHook dd ?
.Code
HotKeys proc nCode:DWORD, wParam:DWORD, lParam:DWORD
.if nCode != HC_ACTION
jmp HotKeys_End
.endif
mov ebx, lParam
or ebx, 00FFFFFFh
.if ebx == 0C0FFFFFFh
jmp HotKeys_End
.endif
.if wParam == VK_F5
.if mhToggle == 0
mov mhToggle, 1
invoke WriteMem, RANDOMEOFFSETh, addr mh1, 1 ;ON
.else
mov mhToggle, 0
invoke WriteMem, RANDOMEOFFSETh, addr mh2, 1 ;OFF
.endif
.endif
.if wParam == VK_F6
;Quickly exit StarCraft II
invoke ExitProcess, 0
.endif
HotKeys_End:
invoke CallNextHookEx, HndHook, nCode, wParam, lParam
ret
HotKeys endp
DLLProc proc
invoke FindWindow, CTEXT ("StarCraft II"), 0
invoke GetWindowThreadProcessId, eax, 0
invoke SetWindowsHookEx, WH_KEYBOARD, addr HotKeys, NULL, eax
mov HndHook, eax
Events:
invoke Sleep, 2
jmp Events
DLLProc endp
ASMMapHackExample_B.inc
Code:
.Data
PPEB_LDR_DATA dd 0
.Data?
lgJmp db 5 dup(?)
.Code
WriteMem proc MemOffset:DWORD, DataPtr:DWORD, dataLen:DWORD
LOCAL OldProt:DWORD
pushad
invoke VirtualProtect, MemOffset, dataLen, PAGE_EXECUTE_READWRITE, addr OldProt
invoke RtlMoveMemory, MemOffset, DataPtr, dataLen
invoke VirtualProtect, MemOffset, dataLen, OldProt, addr OldProt
popad
ret
WriteMem endp
JmpPatch proc uses ecx ebx from:DWORD, to:DWORD
mov ebx, to
mov ecx, from
add ecx, 05h
sub ebx, ecx
lea ecx, lgJmp
mov byte ptr [ecx], 0E9h
mov dword ptr [ecx+1], ebx
invoke WriteMem, from, addr lgJmp, 5
ret
JmpPatch endp
CallPatch proc uses ecx ebx from:DWORD, to:DWORD
mov ebx, to
mov ecx, from
add ecx, 05h
sub ebx, ecx
lea ecx, lgJmp
mov byte ptr [ecx], 0E8h
mov dword ptr [ecx+1], ebx
invoke WriteMem, from, addr lgJmp, 5
ret
CallPatch endp
HideModule proc
pushad
assume fs:nothing
mov eax, fs:[30h]
mov eax, [eax+0Ch]
mov PPEB_LDR_DATA, eax
@InLoadOrderModuleList:
mov esi, [eax+0Ch]
mov edx, [eax+10h]
@LoopInLoadOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+18h]
cmp ecx, hModule
jne @f
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp @InMemoryOrderModuleList
@@:
cmp edx, esi
jne @LoopInLoadOrderModuleList
@InMemoryOrderModuleList:
mov eax, PPEB_LDR_DATA
mov esi, [eax+14h]
mov edx, [eax+18h]
@LoopInMemoryOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+10h]
cmp ecx, hModule
jne @f
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp @InInitializationOrderModuleList
@@:
cmp edx, esi
jne @LoopInMemoryOrderModuleList
@InInitializationOrderModuleList:
mov eax, PPEB_LDR_DATA
mov esi, [eax+1Ch]
mov edx, [eax+20h]
@LoopInInitializationOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+08h]
cmp ecx, hModule
jne @f
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp @Finished
@@:
cmp edx, esi
jne @LoopInInitializationOrderModuleList
@Finished:
popad
ret
HideModule endp
ASMMapHackExample.asm
Code:
.386
.Model Flat, StdCall
OPTION CASEMAP :NONE
include \masm32\include\windows.inc
include \masm32\include\masm32.inc
include \masm32\include\kernel32.inc
include \masm32\include\debug.inc
include \masm32\include\masm32rt.inc
includelib \masm32\lib\shell32.lib
includelib \masm32\lib\masm32.lib
includelib \masm32\lib\kernel32.lib
includelib \masm32\lib\debug.lib
include ASMMapHackExample_A.inc
include ASMMapHackExample_B.inc
.Data
JmpByte db 0EBh
.Data?
hThread dd ?
ThreadID dd ?
hModule dd ?
.code
DllEntryPoint proc hInstDLL:DWORD, reason:DWORD, unused:DWORD
mov eax,reason
.if eax == DLL_PROCESS_ATTACH
mov eax, hInstDLL
mov hModule, eax
invoke HideModule
invoke CreateThread, NULL, 0, addr DLLProc, 0, 0, addr ThreadID
call DLLStartup
mov hThread, eax
.endif
ret
DllEntryPoint endp
DLLStartup proc
ret
DLLStartup endp
End DllEntryPoint
ASM Source Code Explained:
Just replace RANDOMEOFFSETh with an offset in this format "00000000h". mh1 is the value for turning the hack on, mh2 is off.
Code:
invoke WriteMem, RANDOMEOFFSETh, addr mh1, 1 ;ON
invoke WriteMem, RANDOMEOFFSETh, addr mh2, 1 ;OFF
Here are the values to write to the appointed offsets. For turning the maphack on set mh1's value by replacing the ?? below, for example "mh1 db 03Dh" for ON & "mh2 db 03Ah" for OFF.
Code:
mh1 db 0??h
mh2 db 0??h
This is where you target the process you want to hack, which is "StarCraft II".
Code:
invoke FindWindow, CTEXT ("StarCraft II"), 0
To make more hotkeys just copy this selected code and rename "VK_F5" to any F key you want, then change the offsets and values accordingly.
Code:
.if wParam == VK_F?
.if mhToggle == 0
mov mhToggle, 1
invoke WriteMem, RANDOMEOFFSETh, addr mh1, 1
.else
mov mhToggle, 0
invoke WriteMem, RANDOMEOFFSETh, addr mh2, 1
.endif
.endif
When making new hacking functions you have to add the new value names & values to the .Data section of ASMMapHackExample_A.inc, so for example here are two appointed values for a new hacking function. Replace ?? with the value you would like to write to that offset.
Code:
NewhackValues_1 db 0??h
NewhackValues_2 db 0??h
The hide module function in this dll is a little out dated for an updated version google "PizzaPan Hide Module"
For my own personal maphack for StarCraft II & more on hacking this game you can visit us @ SC2HackDev