Writing your own C++ Trainer

[l0ngcat]

Here is a tutorial teaching your the very basics of making a trainer, namely how to find a process and write shit into it at the correct address. what it doesn't cover is making a GUI-based (graphic user interface) trainer with hotkey hooks that work when the program is in the background.

you need a C++ compiler, like MS Visual C++ or whatever, to compile the attached source code. copy it and save as OMFG_thanks_dude_for_this_tut.cpp or something.

Code:

/* --------- TUTORIAL: Making your first Trainer -------- */
/* --------- by Anonymous - posted on mpgh.net   -------- */

#include <windows.h>
#include <conio.h>
#include <dos.h>
#include <tlhelp32.h>
#include <stdio.h>


int stamina;	// will store the stamina value

bool dostamina = false;		// determines if user activated stamina freezing

LPVOID stamina_addr =	(void*) 0x007F1110;		// memory address of the stamina value in the WarRock process

void screen()	// output
{
	system("cls");	// clear the screen
	printf("Hello World! This is my first WarRock trainer!  \n\n");
	
	if(dostamina) printf("[1] - freeze stamina [ENABLED]\n");	// if user enabled stamina freeze, let him know!
	else printf("[1] - freeze stamina [disabled]\n");			// same if it's disabled
}

int main(int argc, char* argv[])
{	
	HANDLE hProcessSnap;	// will store a snapshot of all processes
	HANDLE hProcess = NULL;	// we will use this one for the WarRock process
	PROCESSENTRY32 pe32;	// stores basic info of a process, using this one to read the ProcessID from
	
	hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );	// make process snapshot

	pe32.dwSize = sizeof( PROCESSENTRY32 );		// correct size

	Process32First(hProcessSnap, &pe32);	// read info about the first process into pe32

	do	// loop to find the WarRock process
	{		
		if(strcmp(pe32.szExeFile, "WarRock.exe") == 0)	// if WarRock was found
		{
			hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);	// open it, assigning to the hProcess handle
			break;	// break the loop
		}
	}
	while(Process32Next(hProcessSnap, &pe32));	// loop continued until Process32Next deliver NULL or its interrupted with the "break" above

	CloseHandle( hProcessSnap );	// close the handle (just fuckin do it)

	if(hProcess == NULL)	// self explanatory tbh
	{
		printf("WarRock not found\n\n");
		getch();	// wait for a key press. otherwise the app will just close so fast when the process is not found, you wont know wtf happened.
	}
	else
	{
		screen();	// print the display
		
		char key = ' ';	// make a key variable to store pressed keys
		
		while(key != VK_ESCAPE)	// loop until user presses Escape
		{
			
			if(kbhit())		// if a key was pressed
			{
				key = getch();	// it is saved into "key"

				switch(key)		// here the commands are handled depending on the key that was pressed
				{				// case '1': ... break;  case '2': ... break; and so on
				case '1':
					dostamina = !dostamina;		// flip the dostamina value true<->false to enable/disable it
					ReadProcessMemory(hProcess, stamina_addr, &stamina, 4, NULL);	// read the stamina value from the memory into the "stamina" variable
					break;			
				}

				screen();	// print the display after each key press

			}

			if(dostamina)	// if stamina freeze is activated
				WriteProcessMemory(hProcess, stamina_addr, &stamina, 4, NULL);	// write the stamina value that was saved before with the key press into memory
		}

		CloseHandle(hProcess);	// close the handle
		
	}

	return 0;	// THE END
}