Client API

[Darakath]

No, I meant everybody to use the same client mod, and play with it. (For instance: everybody play with 1st person camera)

It's been a long time since the last post I've made, so here is the first version :
https:// ******. com/ Spl3en/ LoLClientAPI (without spaces ofc, I'm not allowed to post links on this account)

For information, everything is not perfect, but there are already few things that works correctly, everything is open source and should be readable.
There are a lot of APIs broken (for instance chat APIs), I suggest you to open an issue on ****** for each API that doesn't work.
I'm not working on maintaining this API anymore currently, but I might fix it if people request it.

Please follow the "installation" steps on the ****** at the bottom of the page if you want to install the environnement for making it work.

As I posted before, there is already a API made (L#), which has all of what you have, but more.
If you want to help develop it, ask joduskame@gmail.com.

[Visit0r]

As I posted before, there is already a API made (L#), which has all of what you have, but more.

So ... where is the source code of L#? I'm not interested in helping a closed-source project.
Whenever you have this "more" feature, I'll contribute.
Meanwhile, I prefer working on a project where everybody can learn about how it is done, including Riot if they want to protect their game.

btw may i just ask u how did u read the health and the summoner name etc..
readmemory functions with cheat engine?

A DLL is injected into the LoL process and read the structures that I've retrieved with IDA.
The DLL in the LoL process opens and listens to a socket and communicate with the Client API through this socket.

http ://puu .sh/gQmiB/d7b0253436.jpg

[FoXxD]

A DLL is injected into the LoL process and read the structures that I've retrieved with IDA.

Visit0r, I wonder what is the minimum knowledge to do that... I want to know how to do that, but, by the time I dot know where to start.

[Visit0r]

Visit0r, I wonder what is the minimum knowledge to do that... I want to know how to do that, but, by the time I dot know where to start.

That's very simple, really. You need at least to know programming, from there you can do things and learn-by-doing.

For your first tests, you might want to use a software to inject a DLL in any process for you, so you can focus on developping your DLL.
I would recommand Winject for that : (Download link) *********/12ee59

It is so easy to use, just select the process you want to inject, the DLL you want to inject, and press Inject.
Screenshot of injecting "minime.dll" in explorer.exe : puu.sh/gQHeL/c58f9afbfd.png

Now, you want to code a DLL. The easiest way to do that is to take your favorite compiler (let's say, MSVC), create a new DLL project in Visual Studio, and start coding whatever you want!

The most simple example I can think of is to make a MessageBox appear : MessageBox(NULL, "Im in the process!", "Hello", 0);

Don't forget to create a thread when you inject the DLL if you want to keep your DLL active when the process is running. If you're not sure how to do it, you might want a simple source code, I have a few of them on my ******. For instance :
(LoLClientAPI) : https: //******. com/Spl3en/LoLClientAPI/blob/master/mainServer.c#L62
(BSHack) : https: //******. com/Spl3en/BSHack/blob/master/main.c#L216
Or you can inject your DLL, hook few functions, and leave the process :
(RPC Fuzzing) : https: //******. com/Spl3en/RPCFuzzing/blob/master/RPCFuzzing/main.cpp#L35

I suggest you to copy the DllMain function and code your own things in startInjection function.

If you don't code in C, that's basically the same thing for the other langages. Just look for "DLL coding in <whatever langage>" on google.

Once you have your MessageBox working, you can start trying to find values in CheatEngine, and try to modify them with you DLL : *(0xwhateverAddress) = value;
Your DLL will be in the same address space than the process, so you can do (almost) whatever you want


Once you have this working, just tell me, we will see what you want to do next.

[itapi]

That's very simple, really. You need at least to know programming, from there you can do things and learn-by-doing.

For your first tests, you might want to use a software to inject a DLL in any process for you, so you can focus on developping your DLL.
I would recommand Winject for that : (Download link) *********/12ee59

It is so easy to use, just select the process you want to inject, the DLL you want to inject, and press Inject.
Screenshot of injecting "minime.dll" in explorer.exe : puu.sh/gQHeL/c58f9afbfd.png

Now, you want to code a DLL. The easiest way to do that is to take your favorite compiler (let's say, MSVC), create a new DLL project in Visual Studio, and start coding whatever you want!

The most simple example I can think of is to make a MessageBox appear : MessageBox(NULL, "Im in the process!", "Hello", 0);

Don't forget to create a thread when you inject the DLL if you want to keep your DLL active when the process is running. If you're not sure how to do it, you might want a simple source code, I have a few of them on my ******. For instance :
(LoLClientAPI) : https: //******. com/Spl3en/LoLClientAPI/blob/master/mainServer.c#L62
(BSHack) : https: //******. com/Spl3en/BSHack/blob/master/main.c#L216
Or you can inject your DLL, hook few functions, and leave the process :
(RPC Fuzzing) : https: //******. com/Spl3en/RPCFuzzing/blob/master/RPCFuzzing/main.cpp#L35

I suggest you to copy the DllMain function and code your own things in startInjection function.

If you don't code in C, that's basically the same thing for the other langages. Just look for "DLL coding in <whatever langage>" on google.

Once you have your MessageBox working, you can start trying to find values in CheatEngine, and try to modify them with you DLL : *(0xwhateverAddress) = value;
Your DLL will be in the same address space than the process, so you can do (almost) whatever you want


Once you have this working, just tell me, we will see what you want to do next.

Dude but event though you read a Static pointer (i belive) it's updating every game patch.... so you have to update your pointers and find then again every time riot launch a new version. ...no?

[Arcticly]

Hmm.. thats Quite Intresting, i cant wait to see What is Made with this api.

[FoXxD]

That's very simple, really. You need at least to know programming, from there you can do things and learn-by-doing.

For your first tests, you might want to use a software to inject a DLL in any process for you, so you can focus on developping your DLL.
I would recommand Winject for that : (Download link) *********/12ee59

It is so easy to use, just select the process you want to inject, the DLL you want to inject, and press Inject.
Screenshot of injecting "minime.dll" in explorer.exe : puu.sh/gQHeL/c58f9afbfd.png

Now, you want to code a DLL. The easiest way to do that is to take your favorite compiler (let's say, MSVC), create a new DLL project in Visual Studio, and start coding whatever you want!

The most simple example I can think of is to make a MessageBox appear : MessageBox(NULL, "Im in the process!", "Hello", 0);

Don't forget to create a thread when you inject the DLL if you want to keep your DLL active when the process is running. If you're not sure how to do it, you might want a simple source code, I have a few of them on my ******. For instance :
(LoLClientAPI) : https: //******. com/Spl3en/LoLClientAPI/blob/master/mainServer.c#L62
(BSHack) : https: //******. com/Spl3en/BSHack/blob/master/main.c#L216
Or you can inject your DLL, hook few functions, and leave the process :
(RPC Fuzzing) : https: //******. com/Spl3en/RPCFuzzing/blob/master/RPCFuzzing/main.cpp#L35

I suggest you to copy the DllMain function and code your own things in startInjection function.

If you don't code in C, that's basically the same thing for the other langages. Just look for "DLL coding in <whatever langage>" on google.

Once you have your MessageBox working, you can start trying to find values in CheatEngine, and try to modify them with you DLL : *(0xwhateverAddress) = value;
Your DLL will be in the same address space than the process, so you can do (almost) whatever you want


Once you have this working, just tell me, we will see what you want to do next.

Thanks for answering...
I know how to code and how to find simple stuff using Cheat Engine, but I'd like to know how to find functions addresses and what I have to do to call those functions from my app.

[Visit0r]

Dude but event though you read a Static pointer (i belive) it's updating every game patch.... so you have to update your pointers and find then again every time riot launch a new version. ...no?

Indeed, that's the most difficult part. However, there are some constant in their code ! Let's say they have a debugging function that calls :
printf ("Game started ! Pointer = %x", global_gamePointer);
If you are able to locate where the string is in the memory and locate where it is used, you can retrieve global_gamePointer dynamically.
It works correctly until they change or remove their debug string.
I use this exact same strategy for locating the HudManager in LoLClientAPI :
Locate the string adress : https: //******. com/Spl3en/LoLClientAPI/blob/master/LoLMemory/HudManager/HudManager.c#L50
Find some important code that isn't likely to change that uses the string address : https: //******. com/Spl3en/LoLClientAPI/blob/master/LoLMemory/HudManager/HudManager.c#L71

Thanks for answering...
I know how to code and how to find simple stuff using Cheat Engine, but I'd like to know how to find functions addresses and what I have to do to call those functions from my app.

You'll need IDA with HexRays plugin, it will help a lot.
http: //dl.rutracker. org/forum/dl.php?t=4915238&guest=1

From there, you'll be able to retrieve the prototype of the function.
Let's say you open calc.exe (x86) on Windows 7 without the debugging symbols, and you find a function sub_10488EF that you want to call from your DLL :
http: //puu.sh/gTgwt/8a6977e8e6.png

Retrieve the prototype of this function :
int __cdecl sub_10488EF(DWORD *a1)

Copy / paste it in your DLL, and modify it to create a function pointer from this address :
int (__cdecl *sub_10488EF)(DWORD *a1) = (void *) 0x10488EF;
Also, declare your global variable :
DWORD dword_1055AF8 = 0x1055AF8;

Then you can call it as if it was your function (your DLL is in the same memory space than the target process) :
sub_10488EF(&dword_1055AF8);


How to find interesting functions ? Use cheatengine, and use "Find out what accesses to this address" or "Find out what writes to this address" when you want to watch where a variable is modified. Once you've got the address of the instruction that modify your value, copy this address and paste it in IDA. From there, static analysis the function and reconstruct the structures.