"To get the source code you write it."
~Mr. Miyagi
I haven't actually started learning any hacking yet, still learning C++, but my approach was going to be to try and do small stuff with games that are popular (acitve) on the forum. Where people already found the offsets for games (because you're going to be reading and writing to memory, you need to know the pointer and the offset to do that) and post them frequently. So like combat arms, counter strike GO (because I play it), and possibly Bf3.
You can find source code for any game if you actually. Not saying that to be mean but it's true.... Had you googled "Bf3 hack source code" you could probably find 20 posts with aimbot, no recoil, and cham with source.
Example: No Recoil -- No Spread (Game: Combat Arms NA) (Status: Outdated)
Code:
//===================
#include <Windows.h>
//===================
//================================================================
void* g_pOriginalGetRecoil = NULL;
void* g_pOriginalGetDeviation = NULL;
void** g_pGetRecoilVTableAddress = (void**)0x020A3ACC; //adress
void** g_pGetDeviationVTableAddress = (void**)0x020A3AC8; //adress
//================================================================
//================================================================
void __declspec(naked) hkGetRecoil(void) //GetRecoil
{
__asm
{
xor eax, eax
mov[ecx + 0x164], eax
mov[ecx + 0x16C], eax
jmp dword ptr[g_pOriginalGetRecoil]
}
}
void __declspec(naked) hkGetDeviation(void) //GetDeviation
{
__asm
{
xor eax, eax
mov[ecx + 0x140], eax
mov[ecx + 0x13C], eax
jmp dword ptr[g_pOriginalGetDeviation]
}
}
unsigned long __stdcall HookThread(void* param) //Hooking
{
unsigned long flOldProtection;
if ((int)param == 1) //Enable Hook
{
if (!g_pOriginalGetDeviation)
g_pOriginalGetDeviation = *g_pGetDeviationVTableAddress; //Backing up Original Functions
if (!g_pOriginalGetRecoil)
g_pOriginalGetRecoil = *g_pGetRecoilVTableAddress;
if (VirtualProtect(g_pGetDeviationVTableAddress, 8, PAGE_READWRITE, &flOldProtection)) //Removing memory protection
{
*g_pGetDeviationVTableAddress = hkGetDeviation; //Swapping VTable Pointers
*g_pGetRecoilVTableAddress = hkGetRecoil;
return VirtualProtect(g_pGetDeviationVTableAddress, 8, flOldProtection, &flOldProtection); //Readding normal memory protection
}
else
{
return 0;
}
}
else //Disable Hook
{
if (VirtualProtect(g_pGetDeviationVTableAddress, 8, PAGE_READWRITE, &flOldProtection)) //Removing memory protection
{
*g_pGetDeviationVTableAddress = g_pOriginalGetDeviation; //Setting VTable pointers back to original ones
*g_pGetRecoilVTableAddress = g_pOriginalGetRecoil;
return VirtualProtect(g_pGetDeviationVTableAddress, 8, flOldProtection, &flOldProtection); //Readding normal memory protection
}
else
{
return 0;
}
}
return 1;
}
unsigned long __stdcall DllMain(HMODULE hModule, unsigned long ulReason, void* param)
{
if (ulReason == DLL_PROCESS_ATTACH)
{
CloseHandle(CreateThread(NULL, 0, &HookThread, (void*)1, 0, NULL)); //Enable hook
}
else if (ulReason == DLL_PROCESS_DETACH)
{
CloseHandle(CreateThread(NULL, 0, &HookThread, NULL, 0, NULL)); //Disable hook
}
return 1;
}
//==================================================================================================================