Well This was really Helpful Seeing as I only learn from Sources with notes, So thank you.
I have a problem though. Maybe I forgot something thats probably it. Here is my current Code Could you tell me whats wrong with it because I make solution inject and try to load CA but it fails.
Plz Help And thanks
Code:
//includes all nessecary files to this source
#include <windows.h>
//End of includes
//This is what you call globals.
int HackOn = 0;
//Define HackOn as a number, and that numebr is zero.
int HackMax = 2;
//Define HackMax as a number, and that number is ten.
bool test = false;
//Define test as a true/false. "Boolean"
#define ADDR_SBULLLETS 0x37413976
#define ADDR_RAPIDFIRE 0x37419A0E
//The definition of ADDR_SBULLETS
//End of Globals
void WINAPIV PTC( const char* cmd )
{
_asm
{
PUSH cmd ;This will push the command onto the stack, and thus becomes the parameter for the function called in the third instruction, due to its cdecl calling convention
MOV EAX, 0x00485FA0 ; Stores the address of the RCC function into the 32-bit Extended Accumulator Register
CALL EAX ; Calls the RCC function with the parameter of cmd (because it was PUSHed onto the stack above)
ADD ESP, 0x4 ; Clears 4 bytes from the stack, (1 param at 4 bytes on stack) which was not cleared automatically due to the cdecl calling convention
}
}
void Main (void)
{
while(1)
//Makes an infinite loop. One that doesn't end.
{
if(GetAsyncKeyState(VK_NUMPAD1)&1)
//When Numpad1 Gets Pressed
{
HackOn ++;
//Adds +1 to the variable, "HackOn"
if(HackOn == HackMax) HackOn = 0;
//When Hackon Reaches the number HackMax, it resets HackOn to 0
}
if(test)
//if test is true
{
memcpy( (PBYTE)ADDR_RAPIDFIRE, (PBYTE)"\x33\xC0\x90", 3 );
}else{
//if test is not true
memcpy( (PBYTE)ADDR_RAPIDFIRE, (PBYTE)"\x80\xBE\xE0\x00\x00\x00", 6 );
test = (!test);
//if test = false, turn to true and vice versa
}
if(GetAsyncKeyState(VK_NUMPAD2)&1)
//When Numpad2 Gets Pressed.
{
HackOn ++;
//Adds +1 to the variable, "HackOn"
if(HackOn == HackMax) HackOn = 0;
//When Hackon Reaches the number HackMax, it resets HackOn to 0
}
if(test)
//if test is true
{
memcpy( (PBYTE)ADDR_SBULLLETS, (PBYTE)"\x33\xC0\x90", 3 );
//look in globals for the definition of ADDR_SBULLETS
//Basically, it edits the bytes of the memory to "\x33\xC0\x90".
//The number at the end, tells you how many bytes you are editing.
//The first part, ADDR_SBULLETS Shows the code which part of the memory we are editing.
}else{
//if test is not true
memcpy( (PBYTE)ADDR_SBULLLETS, (PBYTE)"\x0F\x94\xC0", 3 );
//look in globals for the definition of ADDR_SBULLETS
//Basically, it edits the bytes of the memory to "\x0F\x94\xC0".
//The number at the end, tells you how many bytes you are editing.
//The first part, ADDR_SBULLETS Shows the code which part of the memory we are editing.
}
if(GetAsyncKeyState(VK_NUMPAD3)&1)
{
HackOn ++;
if(HackOn == HackMax) HackOn = 0;
}
if(test)
{
PTC( "SkelModelStencil 1" );
}else{
PTC("SkelModelStencil 0" );
}
if(GetAsyncKeyState(VK_NUMPAD4)&1)
{
HackOn ++;
if(HackOn == HackMax) HackOn = 0;
}
if(test)
{
PTC( "FogEnable 0" );
}else{
PTC("FogEnable 1" );
}
if(GetAsyncKeyState(VK_NUMPAD5)&1)
{
HackOn ++;
if(HackOn == HackMax) HackOn = 0;
}
if(test)
{
PTC( "ModelDebug_DrawSkeleton 1" );
}else{
PTC("ModelDebug_DrawSkeleton 0" );
}
if(GetAsyncKeyState(VK_NUMPAD6)&1)
{
HackOn ++;
if(HackOn == HackMax) HackOn = 0;
}
if(test)
{
PTC( "PlayerGravity -800" );
}else{
PTC("PlayerGravity 0" ); //Need to find default
}
if(GetAsyncKeyState(VK_NUMPAD7)&1)
{
HackOn ++;
if(HackOn == HackMax) HackOn = 0;
}
if(test)
{
PTC( "WeaponSway 0.000000" );
}else{
PTC("WeaponSway 50.000000" ); //Need to find default
}
if(GetAsyncKeyState(VK_NUMPAD8)&1)
{
HackOn ++;
if(HackOn == HackMax) HackOn = 0;
}
if(test)
{
PTC( "ShowFps 1" );
}else{
PTC("ShowFps 0" );
}
}
}
DWORD WINAPI Lesson (LPVOID)
// This is just a dummy function that will be the code activate the main thread
{
Main();
//Call the thread called Main
return 1;
//Finish of the thread.
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
// DllMain is an optional function for you to declare.
// It serves as the entry point for any DLL
{
DisableThreadLibraryCalls(hDll);
// Make a call to DisableThreadLibraryCalls with the hModule variable
// as its argument; Doing this is an optimization trick to prevent
// needless thread attach/detach messages from triggering further calls
// to our DllMain function.
if ( dwReason == DLL_PROCESS_ATTACH )
{
//When this dll is injected into the process. this is what the dll is supposed to do.
// Null, in C Plus Plus, nothing. It is defined as 0
CreateThread(NULL, NULL, Lesson, NULL, NULL, NULL);
//It creates the thread called "Lesson" which is defined a few lines up. DWORD WINAPI Lesson (LPVOID)
}
return TRUE;
// Although the return value doesn't actually matter. You return the value TRUE or FALSE indicatinng success or failure.
}