Code:
#include <iostream>
#include <windows.h>
#include <string>
#include <tlhelp32.h>
#include <tchar.h>
#pragma comment(lib, "User32.lib")
#define pointer 0xFA1500
//Code
using namespace std;
DWORD dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
DWORD dwModuleBaseAddress = 0;
if(hSnapshot != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 ModuleEntry32 = {0};
ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
if(Module32First(hSnapshot, &ModuleEntry32))
{
do
{
if(_tcscmp(ModuleEntry32.szModule, lpszModuleName) == 0)
{
dwModuleBaseAddress = (DWORD)ModuleEntry32.modBaseAddr;
break;
}
}
while(Module32Next(hSnapshot, &ModuleEntry32));
}
CloseHandle(hSnapshot);
}
return dwModuleBaseAddress;
}
int main()
{
SetConsoleTitleA("Nickname Changer");
clog << "Made by [D]opeDog" << endl;
HANDLE hConsole = GetStdHandle(STD_OUTPUT_HANDLE);
SetConsoleTextAttribute(hConsole, FOREGROUND_GREEN | FOREGROUND_BLUE | FOREGROUND_INTENSITY | COMMON_LVB_UNDERSCORE);
HWND hWnd = FindWindow(0, _T("Alliance of Valiant Arms"));
if(hWnd == 0)
{
cerr << "Unable to find the window" << endl;
}
else{
clog << "Found Window" << endl;
DWORD dwPId = 0;
DWORD dwprocessID = GetWindowThreadProcessId(hWnd, &dwPId);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPId);
if (!hProcess){
cerr << "Unable to Open Process" << endl;
}
else{
clog << "Opened Process" << endl;
wchar_t newvalue[255];
DWORD dwPointed;
DWORD dwGameOffset = dwGetModuleBaseAddress(dwPId, _T("AVA.exe"));
ReadProcessMemory(hProcess, (LPCVOID)(dwGameOffset+pointer), &dwPointed, sizeof(wchar_t*), NULL);
dwPointed+=0x90;
ReadProcessMemory(hProcess, (LPCVOID)dwPointed, &dwPointed, sizeof(wchar_t*), NULL);
dwPointed+=0x24;
clog << "Enter the new nickname: ";
wcin >> newvalue;
if(WriteProcessMemory(hProcess, (LPVOID)dwPointed, &newvalue, sizeof(wchar_t*), NULL)){
clog << "Process Memory Written" << endl;
CloseHandle(hProcess);
}else{
clog << "Couldn't write process memory." << endl;
}
}
}
char cls;
cout << "Wanna change the Nickname again? (y) or (n)" << endl;
cin >> cls;
while(cls){
switch(cls){
case 'y':
system("CLS");
return main();
break;
case 'n':
return 0;
break;
case 'Y':
system("CLS");
return main();
break;
case 'N':
return 0;
default:
return 0;
break;
}
}
system("PAUSE");
return main();
}
------------------
I will explain it now:
Code:
DWORD dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName)
{
HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier);
DWORD dwModuleBaseAddress = 0;
if(hSnapshot != INVALID_HANDLE_VALUE)
{
MODULEENTRY32 ModuleEntry32 = {0};
ModuleEntry32.dwSize = sizeof(MODULEENTRY32);
if(Module32First(hSnapshot, &ModuleEntry32))
{
do
{
if(_tcscmp(ModuleEntry32.szModule, lpszModuleName) == 0)
{
dwModuleBaseAddress = (DWORD)ModuleEntry32.modBaseAddr;
break;
}
}
while(Module32Next(hSnapshot, &ModuleEntry32));
}
CloseHandle(hSnapshot);
}
return dwModuleBaseAddress;
}
This function is used to find the base address , but as usually AVA's base address is 0x400000 , If you're using it in another game this might be different so this is useful in it.
--------------------
Code:
HWND hWnd = FindWindow(0, _T("Alliance of Valiant Arms"));
In this code we find AVA window so we check if AVA is opened , If it is ; we will get its process id.
-------------------------
Code:
DWORD dwPId = 0;
DWORD dwprocessID = GetWindowThreadProcessId(hWnd, &dwPId);
HANDLE hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPId);
dwPid is the process Id variable which we will store the process id for AVA in it.
GetWindowThreadProcessId is getting the pid from the AVA window and store it in the variable dwPId.
OpenProcess is going to open AVA's memory so we get access to the memory to read/write.
-------------------------------
Code:
ReadProcessMemory(hProcess, (LPCVOID)(dwGameOffset+pointer), &dwPointed, sizeof(wchar_t*), NULL);
dwPointed+=0x90;
ReadProcessMemory(hProcess, (LPCVOID)dwPointed, &dwPointed, sizeof(wchar_t*), NULL);
dwPointed+=0x24;
ReadProcessMemory is reading the pointer/address from AVA's memory which we opened in hProcess , then It read it ...
Q:Why do we read it , why is it useful? If we have a pointer , a pointer points to a point and the point+offset points to another point ... so how could the ReadProcessMemory get all of this?
We do that , first we read the pointer to get the point it points to , then we calculate the point to the offset to get the another point ... depends on how many offsets you have .. in this pointer I have 2 offsets , so I will read the pointer 2 times to get each point and add it to the offset .
So , If you didn't understand it , I will give you an example:
We have a pointer with offsets , it will look like this : Pointer->(Point+Offset)->(Point+Offset2) , and so on... depends on how many offsets you have.
so the steps on this ReadProcessMemory is :
Code:
ReadProcessMemory(hProcess, (LPCVOID)(dwGameOffset+pointer), &dwPointed, sizeof(wchar_t*), NULL);
dwPointed+=0x90;
hProcess : give us access to memory and we can read/write in it.
(LPCVOID)(dwGameOffset+pointer) : (LPCVOID) is not good to know what is it now but It is a must in ReadProcessMemory , (dwGameOffset+pointer) here we calculate the game offset which is 0x400000 and the pointer which we defined to give us the pointer .
&dwPointed : in this case we store the pointer which we've got in dwPointed .
sizeof(wchar_t*) : the size of it 4 bytes for 4 bytes pointers and wchar_t for unicode strings .
NULL = 0 .
dwPointed+=0x90;
we stored the pointer in the first read of the pointer , so we add the offset to the pointer which we've stored and so on ... so If you have 4 offsets you have to use ReadProcessMemory 4 times .
Code:
if(WriteProcessMemory(hProcess, (LPVOID)dwPointed, &newvalue, sizeof(wchar_t*), NULL)){
clog << "Process Memory Written" << endl;
CloseHandle(hProcess);
we used if in writeprocessmemory function because It is a bool , If succeed return non-zero , If it failed return zero , same with readprocessmemory.
CloseHandle(hProcess);
Now we have no access or no opened memory in the program ..
---------------------------
Now If you have any problem tell me .