Hacking Tutorial [How to build a hack]

[rabir007]

So, i see too many "How to make hacks", " Please help me" so, i decided to make a tutorial for newbies how to make their hack;

Requirements to start making hacks:
---Programming Knowledge...
---Brain.exe...
---Visual Studio / a good C++ compiler...
---Optional is a C#/VB Compiler but you will need a CLR Injector...
---Math Knowledge...

you MUST:
-Already know how to make a DLL in C++
-have C++ knowledge

So lets Start
░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒ ▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█ ▓▒░
CShell (short)
CShell.Dll is the Main module that actually handles the Game Engine...
Everything (Weapons, Player Data, etc) is stored by the CShell.dll in the operative memory, so the required pointers are inside CShell.dll, also points into that module...

So, if you use a pointer like the Weapon Manager Pointer (WeaponMgr / WeaponPtr) you must use this formula:

Code:

C++:
DWORD CShell = GetModuleHandle("CShell.dll");
CShell + WeaponPtr;

C#:
uint CShell = GetModuleHandle("CShell.dll");
CShell + WeaponPtr;

1; Weapon Hacks

What is this?
Weapon hacks where you modify the weapon table, so you can edit each weapon's properties, like Damage, Range, Recoil, Reload....
Keep in mind, that some properties are server sided like: Ammo count i nthe mag, and all ammo...
Also some of them is patched like WeaponRange...
---------------------------------------
To start making Weapon hacks, you MUST know, how crossfire handles weapons...
The weapons are stored in array, but you have to find where it is in the memory...
You could hear that "WeaponPtr" or "WeaponMgr"... That is the start address of the Pointer table, which pont to each weapon in the memory...
How it looks like ?


Each 4 bytes colored to the same color represents 1 number, which is a Memory Address...
Our weapon is stored on that Memory Address...

So, to edit the weapons, you must use this table to find them...
The easiest way to do it, you need a loop...

Code:

for (int i = 0; i < 1000; i++)
{
     CurrentWeapon = *(DWORD*)(CShell + WeaponPtr + (i * 4)); //i * 4 because each DWORD is 4 byte length...
     if (CurrentWeapon) //Check if this is a real pointer... If it equals with "0" it means an invalid pointer...
     {
      //Hacking
     }
}

But how it works ?
if you read out a DWORD from (CShell + WeaponPtr + (4 * i)) you will gain a number...
This number is a start location (in the memory) for the weapon...
That means:

Code:

Weapon1 = *(DWORD*)(CShell + WeaponPtr + 0); //the first 4 bytes since DWORD is 4 byte length (0,1,2,3)
Weapon2 = *(DWORD*)(CShell + WeaponPtr + 4); //the second 4 bytes for the second DWORD (4,5,6,7)

Weapon 1 will be (example) 54;
Weapon 2 is (example) 90;

54 and 90 are also start addresses for a "struct"...
From this point we use "Offsets" each offset represent the location of each item(value) INSIDE the struct...
like:

Code:

(Address) + (Offset)
54 + 4 is the Ammo...
54 + 10 is the Damage...

Since they are also inside the CShell you must use:
*([data type]*)(CShell + Address + Offset);

each value has their own data type... The most used is the "float" but you can find some "int", "byte" or even a string...

So... If you has enough Brain.exe at this point you should understand how crossfire handles the weapons...
So here is a full source (short) to explain this:

Code:

DWORD WeaponPtr = 0x424243;
int Damage = 0x456;
DWORD CShell = GetModuleHandle("CShell.dll");

for (int i = 0; i < 1000; i++)
{
    DWORD ActualWeapon = *(DWORD*)(CShell + WeaponPtr + (4 * i));
    if (CurrentWeapon)
    {
         *(float*)(ActualWeapon + Damage) = 1000;
    }
}

with the logic, you can make another weapon type hacks too...

BasicPlayerInfo
Basic plyer info contains data about the Characters, but global datas, like Crounch Speed, Walk Speed, and visibility as ghost...

It is just a simple struct, don't require hard logic, as you learnt from the previous pahargraph:
CShell + BasicPlayerInfo + [Offset];
like

Code:

DWORD VasicPlayerInfo = 0x424243;
int CharacterHiddenAlpha = 0x456; //Visibility as ghost
DWORD CShell = GetModuleHandle("CShell.dll");

DWORD BasicPlayerInfoPtr = CShell + BasicPlayerInfo;
if (BasicPlayerInfoPtr) //if valid
{
     *(float*)(BasicPlayerInfoPtr + CharacterHiddenAlpha) = 1;
}

BasicPlayerInfo
This is a bit tricky part...
PlayerPtr contains the data about the current game session...
But remember: PlayerPtr is always "0" when you are NOT In-game (in menu, inventory, store, etc...)
To reference for PlayerPtr you must use the "CShellPtr" or "ClientShell" we use several names for it...
with the "PlayerPtr" offset, addy logs often contains them...
so:

Code:

DWORD ClientShell = 0x42423432;
int PlayerPtr = 0x30;
int Gravity = 0x50;

DWORD pPlayerPtr = *(DWORD*)(CShell + ClientShell + PlayerPtr);
if (pPlayerPtr) //If not null = if you are in-game session
{
    *(float*)(pPlayerPtr + Gravity) = 0;
}

Hack Logic:
When you inject a hack, it will hold the main thread of crossfire, that means you must create a new thread, and then do your nasty things inside your own thread...
That requires your own knowledge, how to start a new thread...
Well that should be enough to start making your hacks...
░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒ ▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█▓▒░▒▓█ ▓▒░

[mamo007]

EGYPTIANS DON'T, AND AGAIN: DON'T COMMENT WITH YOUR RETARDNESS "I C+P-ED WHAT ARE THOSE ERRORS" "IT DOESN'T WORK" "HOW TO PASTE IT" "HOW TO USE THE CODES"
Respect for exceptions...

Fix me if i made a mistake please...

Well, Nice TUT ?

[rabir007]

Well, Nice TUT ?

thats why i put:
"Respect for exceptions..."
I agree that there are pretty good codes from Egy, but a lot of retard also...

[I2espect]

so playerptr must be in while (1) anyway thx i like that tut
but the egy part no....
Sry4bad english.

btw could u make an explain for find pattern function ?

[zikox]

good job

[rabir007]

so why you insult me now ?!

Not you... The stupid egyptians, not all of you...

[I2espect]

can u answer me about the find pattern ?? @rabir007

[mamo007]

can u answer me about the find pattern ?? @rabir007

https://www.mpgh.net/forum/242-crossf...-patterns.html
Google is your friend ^^

[Biesi]

Why is The "CrossFire Hacks" Section Have In Every 5 Hacks 3 are made from Egyptians ?

Because they c+p codes and get help from other egys ofc..

[steveroseik]

Because they c+p codes and get help from other egys ofc..

So Does @mamo007 and @ramo C+P Codes ??

[Biesi]

So Does @mamo007 and @ramo C+P Codes ??

No but they are spoonfeeding the others.

[olwayy]

No but they are spoonfeeding the others.

%100000 right

[I2espect]

No but they are spoonfeeding the others.

not all egy are leeching from others !!! -_-
ps : @mamo007 i already searched and fount that one ..
My q. Is about the result of find pattern is it the offset 0x?? Or the full address : cshell+etc... ?
Got it

[6ixth]

Very nice..

[rabir007]

can u answer me about the find pattern ?? @rabir007

Maybe i'll make another tut fr that...