You should scan for the pointer, find out what acces the adresses.
I belive 'Fleep' had a tutorial on pointer scanning.
how to write this pointer to C++
pls help
Last edited by cheaayanshaw; 08-18-2013 at 07:46 AM.
You should scan for the pointer, find out what acces the adresses.
I belive 'Fleep' had a tutorial on pointer scanning.
You should find the static pointer (one that remains the same everytime) then you could write to engine.dll + the pointer.
Credits to fleep for the video!
Hoop this helps somehow
my question is how to add "Engine.dll"+0008983 this address to :
Code:#include <windows.h> #include <stdio.h> /*================================ Antiwall ================================*/ #define Antiwall 0x12F5FC #define Antiwall2 0x2c0 #define Antiwall3 66269 /*================================ Antiwall OFF ================================*/ #define oAntiwall 0x12F5FC #define oAntiwall2 0x2c0 #define oAntiwall3 66279 /*================================================= =============================*/ DWORD XpsBlackHat = 0; LPTSTR COD = "MAT.exe"; void Patch(void *adr, void *ptr, int size) { DWORD NewProtection; VirtualProtect(adr,size,PAGE_EXECUTE_WRITECOPY, &NewProtection); memcpy(adr,ptr,size); VirtualProtect(adr,size,NewProtection, &NewProtection); } DWORD WINAPI LoopFunction(LPVOID param) { while (1) { if (GetAsyncKeyState(VK_PRIOR)&1) *(int*)((*(int*)Antiwall) + Antiwall2) = Antiwall3; Sleep(100); if (GetAsyncKeyState(VK_NEXT)&1) *(int*)((*(int*)oAntiwall) + oAntiwall2) = oAntiwall3; Sleep(10); } } BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved ) { DisableThreadLibraryCalls(hDll); if (dwReason == DLL_PROCESS_ATTACH) { MessageBox(0,"ON : Pageup / OFF PageDown","INFORMATION",MB_OK | MB_ICONINFORMATION); CreateThread(0, 0, LoopFunction, 0, 0, 0); } return TRUE; }
I am quite sure "GetCurrentProcess()" will return the process base address, I am no expert on the windows specific libraries though.
Last edited by eukaryote; 08-18-2013 at 10:45 AM.
GetModuleHandle("Engine.dll")
Ah we-a blaze the fyah, make it bun dem!
If you're injecting:
Code:DWORD Offset = (*(DWORD*)(*(DWORD*)((*(DWORD*)(DWORD)GetModuleHandleA("Engine.dll")) + 0x538)) + 0x530)) + 0x11D7;
A pointer is pretty much one address which has a value + an offset which point to another address.
In your case:
Code:( *(DWORD*) ( *(DWORD*) GetModuleHandle ( "Engine.dll" ) + offset ) + offset ) + offset;
If you're making external hack which means a console ones you will be using it as this :
If you're using it inside a dll:Code:DWORD dwGetModuleBaseAddress(DWORD dwProcessIdentifier, TCHAR *lpszModuleName) { HANDLE hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwProcessIdentifier); DWORD dwModuleBaseAddress = 0; if(hSnapshot != INVALID_HANDLE_VALUE) { MODULEENTRY32 ModuleEntry32 = {0}; ModuleEntry32.dwSize = sizeof(MODULEENTRY32); if(Module32First(hSnapshot, &ModuleEntry32)) { do { if(_tcscmp(ModuleEntry32.szModule, lpszModuleName) == 0) { dwModuleBaseAddress = (DWORD)ModuleEntry32.modBaseAddr; break; } } while(Module32Next(hSnapshot, &ModuleEntry32)); } CloseHandle(hSnapshot); } return dwModuleBaseAddress; } //to use it: int main() { DWORD baseAddr = dwGetModuleBaseAddress(PId, _T("Engine.dll")); DWORD staticOffset = 0x000000; //now read process memory like this after you open the process and find window , etc.. ReadProcessMemory(hProcess, (LPCVOID)(baseAddr+staticOffset), &pointed, 4, NULL); // Accesses TARGET process memory }
Code:DWORD dwModule = (DWORD)GetModuleHandle("Engine.dll"); DWORD staticOffset = 0x000000; DWORD dwAddress = *(DWORD*)(dwModuel + staticOffset);
Get Address and add offset , change vlaue
Code:#include <windows.h> #include <stdio.h> #define RPOINTER1 0x7D28AC4 #define RPOINTER4 0x77C4F04 #define RPOINTER7 0x20943C bool FuncName = false; void TheHacks() { while(1) { DWORD hModule = (DWORD)GetModuleHandle("vietguard.antihack"); DWORD dwPtr1 = *(DWORD*)(hModule + RPOINTER1); DWORD dwPtr4 = *(DWORD*)(hModule + RPOINTER4); DWORD dwPtr7 = *(DWORD*)(hModule + RPOINTER7); if (GetAsyncKeyState(VK_F5)&1) FuncName = !FuncName; if (FuncName) { if (dwPtr4) *(DWORD*)(dwPtr4 + 0x318) = 227972;//Delay Attack if (dwPtr4) *(DWORD*)(dwPtr4 + 0x24) = 0;//Death Kill if (dwPtr4) *(DWORD*)(dwPtr4 + 0xe) = 0;//Patch Kill if (dwPtr1) *(DWORD*)(dwPtr1 + 0x40) = 65535;//Fake Mana if (dwPtr4) *(DWORD*)(dwPtr4 + 0x208) = 7358;//Fake Wing if (dwPtr7) *(BYTE*)(dwPtr7 + 0x14) = 150;//Speed } Sleep(50); } } BOOL WINAPI DllMain(HINSTANCE module, DWORD dwReason, LPVOID lpvReserved) { if (dwReason == DLL_PROCESS_ATTACH) { CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)TheHacks, NULL, NULL, NULL); //create the new Thread } return TRUE; }