How To Make You Own Hack

**durahij1** · 12-04-2010

First of all you need to include some files.
In they's fils stant the basic commands.

In iostream std::cout std::cin and more.

You also need windows.h in thise file stand more advanced commands.

You have lots of other file that you can include like time.h and more.
So we begin to include iostream and windows.h

Code:
#include <windows.h>
#include <iostream>
It is also smart to use this command:

Code:
using namespace std;
With this command you don't need to type any more std::.

We need to make a dll file so we start with dllmain. A dll file alway's starts at this point.

I don't going to explain the dll main more becouse I'm lazy:

Code:
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved ) {

}
Now we have a point where the dll starts. Fire you want to know if the DLL is attacht to the process.
But first we are going to DisableThreadLibraryCalls. As far as I know can thise reduce the size of the working set.

Code:
DisableThreadLibraryCalls(hDll);
If you think where does the hDll come frome, searth the syntacs of

in the dllmaim:
DllMain Callback Function (Windows)
And watch our dll main.

Now we cheack if the dll is attacht:

if ( dwReason == DLL_PROCESS_ATTACH ) {

}

For dwReason, watch the dll main.

Now you can let pop up a msg, do some more commands and more.
First of all we pop up a msg so you know that the dll is injected.

Code:
MessageBoxA(0, "Coded By yourname", "titel", 0);
You can go one in dllmain but the best what you can do is call an other Thread.
Then you have a mutch more cleaner code:

We are going to call the Thread hello

Code:
CreateThread(NULL, NULL, hello, NULL, NULL, NULL);
And then if the dll is not attacht, we let the dll close with out a error:

Code:
return TRUE;

If you put all together:

Code:
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll);
if ( dwReason == DLL_PROCESS_ATTACH )
{
MessageBoxA(0, "Coded By youname", "Injected", 0);
CreateThread(NULL, NULL,hello, NULL, NULL, NULL);
}
return TRUE;
}
This part of the code I never edit becouse it works perfect

_____________________

Cshell.dll look if it is loaded
________

Now we need to know if cshell.dll is loaded.
We can do that with GetModuleHandleA();

In the function hello we cheak that.

First we make the function

Code:
DWORD WINAPI hello(LPVOID) {

}
We cheack if cshell.dll is loaded:

Code:
GetModuleHandleA("CShell.dll")
We look if cshell is not loaded, and we put a Sleep command if it is not loaded (else it take a lot of our CPU )

Code:
while(GetModuleHandleA("CShell.dll") == NULL ) {
Sleep(100); //100ms
}
The while repaids till it is not true any more.
And then we can go one with commands.

Becouse this is only a loop, we don't make a other function.

___________________

Now we are going to make a loop that cheaks if the user inputs a button, and if he does. We can enable a hack.
But fist we start our loop.

While(1) or for(;

Both loops are good. I alway's use For so:

Code:
For(;

A while loop you can compair 2 "things" like 1 == 1 or 1 > 5 and more.
With a for loop you can do more.

Like this:
for(int a=0;a==10;a++) {

}

This loop loops 10 times.
This also can be don with a while loop but thise one takes less space.

In the for loop we put first our configuration.
And blood sais that you need to put __asm pushad; in the begin of the loop to bypass the securety.
And at the end: __asm popad;

Code:
for(;

{
__asm pushad;

__asm popad;
}
Then out configuration, so we know if the hack is enabled or nor:

Code:
bool boxes = true;
bool nosky = false;
bool worldframe = false;
bool playerframe = false;
bool nogun = false;
bool Skeleton = false;
bool FogEnable = false;
bool CursorCenter = false;
A bool can be true or false.
a int can be a number
...
.
.
.
.
.

Then we cheak if a button is pressed:

Code:
if(GetAsyncKeyState(VK_NUMPAD1)&1) {

}
Here you can see that numpad 1 is pressed.
And if he is pressed I want to enable or disable boxes:

Code:
if(GetAsyncKeyState(VK_NUMPAD1)&1) {
boxes = !boxes; //(if boxes is true then will it be false and false wil be true)
}
You put here all you hotkey's

Then we enable the hack if one is pressed:

Code:
if (CursorCenter) {
PushToConsole("CursorCenter 1");
} else {
PushToConsole("CursorCenter 0");
}
The PushToConsole function will come later.
For PushToConsole commands searth the forum.

Here you add all your hacks...

And to spare your cpu:
Sleep(100);

before
__asm popad

So it will look like:

Code:
While (GetModuleHandleA("CShell.dll") == NULL ) {
Sleep(100); //100ms
}

for(;

{
__asm pushad;
if(GetAsyncKeyState(VK_NUMPAD1)&1) {
boxes = !boxes;
}
if(GetAsyncKeyState(VK_NUMPAD2)&1) {
nosky = !nosky;
}
if(GetAsyncKeyState(VK_NUMPAD3)&1) {
worldframe = !worldframe;
}
if(GetAsyncKeyState(VK_NUMPAD4)&1) {
playerframe = !playerframe;
}
if(GetAsyncKeyState(VK_NUMPAD5)&1) {
nogun = !nogun;
}
if(GetAsyncKeyState(VK_NUMPAD6)&1) {
Skeleton = !Skeleton;
}
if(GetAsyncKeyState(VK_NUMPAD7)&1) {
FogEnable = !FogEnable;
}
if(GetAsyncKeyState(VK_NUMPAD8)&1) {
CursorCenter = !CursorCenter;
}

if (CursorCenter) {
PushToConsole("CursorCenter 1");
}
else {
PushToConsole("CursorCenter 0");
}

if (FogEnable) {
PushToConsole("FogEnable 1");
}
else {
PushToConsole("FogEnable 0");
}

if (Skeleton) {
PushToConsole("ModelDebug_DrawSkeleton 1");
}
else {
PushToConsole("ModelDebug_DrawSkeleton 0");
}

if (boxes) {
PushToConsole("ModelDebug_DrawBoxes 1");
}
else {
PushToConsole("ModelDebug_DrawBoxes 0");
}

if (nosky) {
PushToConsole("DrawSky 0");
}
else {
PushToConsole("DrawSky 1");
}

if (worldframe) {
PushToConsole("WireFrame 1");
}
else {
PushToConsole("WireFrame 0");
}

if (playerframe) {
PushToConsole("WireFrameModels 1");
}
else {
PushToConsole("WireFrameModels 0");
}

if (nogun) {
PushToConsole("DrawGuns 0");
}
else {
PushToConsole("DrawGuns 1");
}
Sleep(100);
__asm popad;
}

________________

The PTC I coppied from bloof and put the new LTClient in it.

Code:
void __cdecl PushToConsole(char* szVal ) {
DWORD dwCShell = (DWORD)GetModuleHandleA("CShell.dll");
if( dwCShell != NULL )
{
DWORD *LTClient = ( DWORD* )( (dwCShell + 0x299D40) );
void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x1F8 );
_asm
{
push szVal;
call CONoff;
add esp, 4;
}
}
}
If you think why, becouse it works fine

All together:

Code:
#include <windows.h>
#include <iostream>

using namespace std;

void __cdecl PushToConsole(char* szVal ) {
DWORD dwCShell = (DWORD)GetModuleHandleA("CShell.dll");
if( dwCShell != NULL )
{
DWORD *LTClient = ( DWORD* )( (dwCShell + 0x299D40) );
void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x1F8 );
_asm
{
push szVal;
call CONoff;
add esp, 4;
}
}
}

DWORD WINAPI hello(LPVOID) {
while(GetModuleHandleA("CShell.dll") == NULL ) {
Sleep(100); //100ms
}

bool boxes = true; //enable becouse in xp the hotkey's don't work
bool nosky = false;
bool worldframe = false;
bool playerframe = false;
bool nogun = false;
bool Skeleton = false;
bool FogEnable = false;
bool CursorCenter = false;

for(;

{
__asm pushad;
if(GetAsyncKeyState(VK_NUMPAD1)&1) {
boxes = !boxes;
}
if(GetAsyncKeyState(VK_NUMPAD2)&1) {
nosky = !nosky;
}
if(GetAsyncKeyState(VK_NUMPAD3)&1) {
worldframe = !worldframe;
}
if(GetAsyncKeyState(VK_NUMPAD4)&1) {
playerframe = !playerframe;
}
if(GetAsyncKeyState(VK_NUMPAD5)&1) {
nogun = !nogun;
}
if(GetAsyncKeyState(VK_NUMPAD6)&1) {
Skeleton = !Skeleton;
}
if(GetAsyncKeyState(VK_NUMPAD7)&1) {
FogEnable = !FogEnable;
}
if(GetAsyncKeyState(VK_NUMPAD8)&1) {
CursorCenter = !CursorCenter;
}

if (CursorCenter) {
PushToConsole("CursorCenter 1");
}
else {
PushToConsole("CursorCenter 0");
}

if (FogEnable) {
PushToConsole("FogEnable 1");
}
else {
PushToConsole("FogEnable 0");
}

if (Skeleton) {
PushToConsole("ModelDebug_DrawSkeleton 1");
}
else {
PushToConsole("ModelDebug_DrawSkeleton 0");
}

if (boxes) {
PushToConsole("ModelDebug_DrawBoxes 1");
}
else {
PushToConsole("ModelDebug_DrawBoxes 0");
}

if (nosky) {
PushToConsole("DrawSky 0");
}
else {
PushToConsole("DrawSky 1");
}

if (worldframe) {
PushToConsole("WireFrame 1");
}
else {
PushToConsole("WireFrame 0");
}

if (playerframe) {
PushToConsole("WireFrameModels 1");
}
else {
PushToConsole("WireFrameModels 0");
}

if (nogun) {
PushToConsole("DrawGuns 0");
}
else {
PushToConsole("DrawGuns 1");
}
Sleep(100);
__asm popad;
}
}

BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll);
if ( dwReason == DLL_PROCESS_ATTACH )
{
MessageBoxA(0, "Coded By youname", "Injected", 0);
CreateThread(NULL, NULL,hello, NULL, NULL, NULL);
}
return TRUE;
}

Put all function above the main function, else you need to say c++ that the functions are under the main function

Thax :
Me
If I Help Ples Pres Thax