Перейти к содержанию

Программирование трейнеров на C/C++/VC++


Рекомендуемые сообщения

Пока простейший пример (остальные примеры в этой теме)

 

Скрытый текст

#include "stdafx.h"
#include <iostream>
#include <windows.h>
using namespace std;
int main(){
HWND hWnd;    
DWORD dwID;    
HANDLE hProcess;    
hWnd = FindWindow(NULL, "Test");
GetWindowThreadProcessId(hWnd, &dwID);
hProcess = OpenProcess(PROCESS_ALL_ACCESS, NULL, dwID);
int value = 1000000;
WriteProcessMemory(hProcess, (void*)0x0045B5A4, &value, sizeof(&value),NULL);
return 0;
}


 

Некоторые тонкости.

Скрытый текст

Оптимизация выходного файла в Microsoft Visual C++.

Параметры линкера для уменьшения размера:
- объединение секций

- можно еще снизить выравнивание, например, задать 512 байт или 32 байта

или

соответственно.
- смена точки входа

или

для консольного и виндового приложения соответственно. Уменьшает размер, т.к. тогда линкер не пихает в экзешник код стартовой функции mainCRTStartup (WinMainCRTStartup). Только надо помнить, что параметры main (WinMain) в этом случае не будут нести никакого смысла, аргументы командной строки придется получать явно через API GetCommandLine().
- еще можно убрать нафиг CRT или линковать ее динамически:
 

С учетом всех рекомендаций:
 

Результат - имеет хелловорлд размером 1к, состоящим из заголовка экзешника и одной секции.
Дизассемблерный листинг точки входа не содержит ни одного лишнего байта:
 

UPD: Можно снизить выравнивание до 16-и байт, притворившись, что мы собираем драйвер:

это нужно вписать в настройки проекта, в #pragma comment(linker) это не прокатит

Источник Античат

/MERGE:.data=.text /MERGE:.rdata=.text
/ALIGN:32
/ALIGN:512
/ENTRY:main
/ENTRY:WinMain
/NODEFAULTLIB msvcrt.lib
#include <windows.h>
#pragma comment(linker, "/NODEFAULTLIB /MERGE:.data=.text /MERGE:.rdata=.text /ALIGN:512 /ENTRY:WinMain")
int WINAPI WinMain(HINSTANCE,HINSTANCE,LPSTR,int)
{
MessageBox(0, "Hello, World!", "Tiny application", MB_ICONINFORMATION);
return 0;
}
00400230 >/$   55                      PUSH EBP
00400231  |.   8BEC                    MOV EBP,ESP
00400233  |.   6A 40                   PUSH 40                                      ; /Style = MB_OK|MB_ICONASTERISK|MB_APPLMODAL
00400235  |.   68 08024000             PUSH tiny.00400208                           ; |Title = "Tiny application"
0040023A  |.   68 1C024000             PUSH tiny.0040021C                           ; |Text = "Hello, World!"
0040023F  |.   6A 00                   PUSH 0                                       ; |hOwner = NULL
00400241  |.   FF15 00024000           CALL DWORD PTR DS:[<&USER32.MessageBoxA>>    ; \MessageBoxA
00400247  |.   33C0                    XOR EAX,EAX
00400249  |.   5D                      POP EBP
0040024A  \.   C2 1000                 RETN 10
/ALIGN:16 /DRIVER
  • Плюс 1
Ссылка на комментарий
Поделиться на другие сайты

Пример простого трейнера на С++:

Инструкция:

- Скопируйте данный код в блокнот и сохраните как trainer.cpp или как вам угодно

- Для компиляции вам понадобится компилятор для C++, такие как MS Visual C++ 6 или выше

#include <windows.h>
#include <conio.h>
#include <dos.h>
#include <tlhelp32.h>
#include <stdio.h>


int stamina;    // will store the stamina value

bool dostamina = false;        // determines if user activated stamina freezing

LPVOID stamina_addr =    (void*) 0x007F1110;        // memory address of the stamina value in the WarRock process

void screen()    // output
{
    system("cls");    // clear the screen
    printf("Hello World! This is my first WarRock trainer!  nn");
    
    if(dostamina) printf("[1] - freeze stamina [ENABLED]n");    // if user enabled stamina freeze, let him know!
    else printf("[1] - freeze stamina [disabled]n");            // same if it's disabled
}

int main(int argc, char* argv[])
{    
    HANDLE hProcessSnap;    // will store a snapshot of all processes
    HANDLE hProcess = NULL;    // we will use this one for the WarRock process
    PROCESSENTRY32 pe32;    // stores basic info of a process, using this one to read the ProcessID from
    
    hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 );    // make process snapshot

    pe32.dwSize = sizeof( PROCESSENTRY32 );        // correct size

    Process32First(hProcessSnap, &pe32);    // read info about the first process into pe32

    do    // loop to find the WarRock process
    {        
        if(strcmp(pe32.szExeFile, "WarRock.exe") == 0)    // if WarRock was found
        {
            hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID);    // open it, assigning to the hProcess handle
            break;    // break the loop
        }
    }
    while(Process32Next(hProcessSnap, &pe32));    // loop continued until Process32Next deliver NULL or its interrupted with the "break" above

    CloseHandle( hProcessSnap );    // close the handle (just fuckin do it)

    if(hProcess == NULL)    // self explanatory tbh
    {
        printf("WarRock not foundnn");
        getch();    // wait for a key press. otherwise the app will just close so fast when the process is not found, you wont know wtf happened.
    }
    else
    {
        screen();    // print the display
        
        char key = ' ';    // make a key variable to store pressed keys
        
        while(key != VK_ESCAPE)    // loop until user presses Escape
        {
            
            if(kbhit())        // if a key was pressed
            {
                key = getch();    // it is saved into "key"

                switch(key)        // here the commands are handled depending on the key that was pressed
                {                // case '1': ... break;  case '2': ... break; and so on
                case '1':
                    dostamina = !dostamina;        // flip the dostamina value true<->false to enable/disable it
                    ReadProcessMemory(hProcess, stamina_addr, &stamina, 4, NULL);    // read the stamina value from the memory into the "stamina" variable
                    break;            
                }

                screen();    // print the display after each key press

            }

            if(dostamina)    // if stamina freeze is activated
                WriteProcessMemory(hProcess, stamina_addr, &stamina, 4, NULL);    // write the stamina value that was saved before with the key press into memory
        }

        CloseHandle(hProcess);    // close the handle
        
    }

    return 0;    // THE END
}

Источник: d3scene.com

Ссылка на комментарий
Поделиться на другие сайты

Вот ещё один пример трейнера для игры WarRock:

DLL:

functions.cpp

#include "stdafx.h"
#include "functions.h"

DWORD dfgiddfg;
HANDLE dfgdsgdsg;

void OpenMemory()
{
HWND frgss = FindWindow(0, "WarRock");
GetWindowThreadProcessId(frgss, &dfgiddfg);
dfgdsgdsg = OpenProcess(PROCESS_ALL_ACCESS|PROCESS_VM_OPERATION|PROCESS_VM_READ|PROCESS_VM_WRITE|PROCESS_QUERY_INFORMATION, FALSE, dfgiddfg);
}


void Stamina()
{
int t=1120403456;
OpenMemory();
WriteProcessMemory(dfgdsgdsg,(LPVOID*)(DWORD)0x8B9B04, &t , 4,NULL);
}

void Teleport(float x, float y, float z)
{
long raddyx, raddyy, raddyz; // Real address of coordinates
long readxyz; // Read base address

ReadProcessMemory(dfgdsgdsg,(LPVOID*)(DWORD)0x1279280, &readxyz, 4,NULL);

raddyx = readxyz + 0x174;
raddyy = readxyz + 0x17C;
raddyz = readxyz + 0x178;

WriteProcessMemory(dfgdsgdsg,(LPVOID*)(DWORD)raddyx, &x , 4,NULL);
WriteProcessMemory(dfgdsgdsg,(LPVOID*)(DWORD)raddyy, &y , 4,NULL);
WriteProcessMemory(dfgdsgdsg,(LPVOID*)(DWORD)raddyz, &z , 4,NULL);
}

functions.h

#pragma once

void Stamina();
void Teleport(float x, float y, float z);

LH1337DLL.def

LIBRARY LH1337DLL

EXPORTS
Stamina
Teleport

EXE:

LH1337EXEDlg.cpp

HINSTANCE hDLL = NULL;


// 1) Teleport
typedef void (*STAMINA)();
STAMINA Stamina;


// 2) Teleport
typedef void (*TELEPORT)(float x, float y, float z);
TELEPORT Teleport;

OnInitDialog()

hDLL = AfxLoadLibrary("LH1337DLL");

if( hDLL == NULL )
{
MessageBox("Could not load LH1337DLL.dll");
}
else
{
Stamina = (STAMINA)GetProcAddress(hDLL, "Stamina");
Teleport = (TELEPORT)GetProcAddress(hDLL, "Teleport");
}

BN_CLICKED Stamina

Stamina();

BN_CLICKED Teleport

UpdateData(1);
Teleport(m_cox, m_coy, m_coz);

Источник: mpgh.net

Ссылка на комментарий
Поделиться на другие сайты

  • 9 месяцев спустя...

Статья Oboema про создание трейнера (2008 г.)

"How To Create A Game Trainer Using C/C++"

Дата статьи: Oct 4 2008

Chapters.... 

1) Introduction... Programs needed... objective...

2) Api calls we will be using

3) header file of CProcess

4) methods of CProcess

5) An example: Mortal Kombat 4 trainer

6) the end

CHAPTER 1: Introduction... Programs needed... objective...

***************************************************

While answering questions on the gamehacking webboard, I noticed a lot 

people out there want to develop trainers themselves instead of using

standard kits. Although you can use just about any programming language

for the job, I figure the best option is C/C++. The main advantages of

C/C++ is that its fast enough and that it produces neat, small executables.

You need a C/C++ compiler (duh). What also needs to be included is: a

windows resource editor, text editor and access to Windows API. If you must

know, I use Microsoft Visual C++ for the job.

The objective of this tutorial is to create a small, working trainer

of course, but in school I also learned how to develop reusable code.

Since we all want to release a trainer more than once, I developed a C++

class which just about does it all. The usage of this class looks

something like this (in pseudo-code):


{
Find the process
if (process is loaded)
if (key is pressed)
Read/Write memory
}
void timer_or_thread_function () 

 

I won't teach you how the project should be created, how windows messages work,

how C++ classes work or what data types are available... there are plenty of

resources on that available on the net.

Also note that the method of gamehacking presented here is *a* method; not

*the* method

Lets get into some code...

CHAPTER 2: API calls we will be using

***************************************

First, lets list all the Windows APIS we're gonna need to develop the CProcess class. 

---------------------------------------------------------------------

 


LPCTSTR lpClassName, // pointer to class name
LPCTSTR lpWindowName // pointer to window name
);
HWND FindWindow( 

details All programs started in windows have a window <duh>

This API call finds the window handle for a running process.

---------------------------------------------------------------------


HWND hWnd, // handle to window
LPDWORD lpdwProcessId // address of variable for process identifier
);
DWORD GetWindowThreadProcessId( 

 

details We can't do much with only the Window handle, we need to have

the process id to be able to get the process handle.

---------------------------------------------------------------------

 

 


DWORD dwDesiredAccess, // access flag
BOOL bInheritHandle, // handle inheritance flag
DWORD dwProcessId // process identifier
);
HANDLE OpenProcess( 

details And you guessed, this one gets the process handle based on

the process ID.

---------------------------------------------------------------------


HWND hwnd, // handle of window for timer messages
UINT idTimer, // timer identifier
UINT uTimeout, // time-out value
TIMERPROC tmprc // address of timer procedure
);
UINT SetTimer( 

 

details This API is used to generate a timer message at a certain interval.

We'll use it to check whether or not keys have been pressed and

if so to read or write values to the game's memory.

---------------------------------------------------------------------


int vKey // virtual-key code
);
SHORT GetAsyncKeyState( 

details This API checks to see if a key has been pressed since last call to

the API. We need to call this one over and over again (see SetTimer)

---------------------------------------------------------------------



HANDLE hProcess, // handle of process whose memory is written to
LPVOID lpBaseAddress, // address to start writing to
LPVOID lpBuffer, // address of buffer to write data to
DWORD cbWrite, // number of bytes to write
LPDWORD lpNumberOfBytesWritten // actual number of bytes written
);
BOOL WriteProcessMemory( 

 

details I'm not religious, but we really have to thank God to have Billy-boy

include this API into Windows. This is the heart of every trainer.

It can write values to memory.

---------------------------------------------------------------------

 



HANDLE hProcess, // handle of process whose memory is read
LPVOID lpBaseAddress, // address to start reading
LPVOID lpBuffer, // address of buffer to read data to
DWORD cbRead, // number of bytes to read
LPDWORD lpNumberOfBytesWritten // actual number of bytes read
);
BOOL ReadProcessMemory( 

details And of course, this is WriteProcessMemory's twin. It can read

values from memory.

--------------------------------------------------------------------


UINT uExitCode // exit code for all threads
);
VOID ExitProcess( 

details Windows closes all handles and cleans just about everything, but

its a good programming practise to close it yourself. This one

closes a process.

-------------------------------------------------------------------

Ok... take a second look at the all APIs. Notice all the ugly parameter datatypes like HWND,

UINT, LPVOID, HANDLE and HPROCESS. Personally I hate to use these types, so what I'll do is

put all these APIS and variables in the C++ class, so I won't be bothered with them while

programming the trainer.

( Thanx to RECLAIM for the explaination of the APIs )

CHAPTER 3: Header file of CProcess

************************************

The header file of our CProcess class is relatively easy... here it is: 


{
public:
CProcess();
virtual ~CProcess();

bool IsRunning(); // checks if process was found already
bool FindProcess(char *p_WindowTitle); // finds a process
BYTE ReadByte(DWORD p_Address); // reads 1 byte from memory
bool WriteByte(DWORD p_Address, BYTE p_Value); // writes 1 byte to memory
bool IsKeyPressed(int p_iKey); // checks for a key-press
bool IsSpyRunning(char *p_WindowTitle); // checks for trainer spy


private:
HANDLE OpenProcess(char *p_ClassName, char *p_WindowTitle);

HANDLE m_hProcess;
bool m_bGameRunning;
};
class CProcess 

CHAPTER 4: Methods of CProcess

********************************

Lets develop each method one by one... here goes. 

Constructor/Destructor

Every C++ class has a constructor and a destructor. These methods are used for

initializing resp. deinitializing of local variables. Since we only have 2 local

variables these methods are straightforward:


{
m_hProcess = NULL;
m_bGameRunning = false;
}

CProcess::~CProcess()
{
if (m_bGameRunning)
CloseHandle(m_hProcess);
}
CProcess::CProcess() 

Note the m_hProcess will contain the handle of the process and m_bGameRunning

is a flag to see if we opened the process already.

Private method: OpenProcess

This method will find and open a process.


{
HWND hWindow;
DWORD pid;

hWindow = FindWindow(p_ClassName, p_WindowTitle);
if (hWindow) {
GetWindowThreadProcessId(hWindow, &pid);
return ::OpenProcess(PROCESS_ALL_ACCESS, false, pid);
}
return NULL;
}
HANDLE CProcess::OpenProcess(char *p_ClassName, char *p_WindowTitle) 

Notice that this method is private, which means it can only be used by other members

of the CProcess class. What it does... it looks for the window handle (FindWindow)

based on the window title of the game (the p_Classname parameter should be NULL!).

Then it retrieves the Process ID (GetWindowThreadProcessId), opens the process

(OpenProcess) and returns the handle of that process.

If the game isn't loaded or if the window title isn't correct(!), it will return NULL

indicating failure.

This method is used by FindProcess() and IsTrainerSpyRunning().

Public method: FindProcess

This method will find and open a process and on top of that it'll store everything

in the class' private members.


{
if (m_hProcess == NULL) {
m_hProcess = this->OpenProcess(NULL, p_WindowTitle);
if (m_hProcess)
m_bGameRunning = true;
return m_bGameRunning;
}
else
return false;
}
bool CProcess::FindProcess(char *p_WindowTitle) 

The trainer program will call this method to find and open the process of the game.

This method tries to open the process and store the handle in the class' private

member. It also sets a flag to indicate success or failure.

Public method: WriteByte


//This method will write 1 byte to the specified memory addy.
bool CProcess::WriteByte(DWORD p_Address, BYTE p_Value)
{
DWORD bytes;

if (m_bGameRunning)
return (WriteProcessMemory(m_hProcess, (void*)p_Address,
(void *)&p_Value, 1, &bytes) != 0);
return false;
}

 

The method returns true if and only if writing the byte to the mem addy was

successful. False indicates the game isn't running (call FindProcess first!)

or writing the value simply failed.

Public method: ReadByte


{
DWORD bytes;
BYTE tmpValue;

if (m_bGameRunning) {
if (ReadProcessMemory(m_hProcess, (void*)p_Address,
(void *)&tmpValue, 1, &bytes) == 0)
return 0;
else
return tmpValue;
}
return 0;
}
BYTE CProcess::ReadByte(DWORD p_Address) 

 

The method returns the byte value that has been read for the game's memory.

Public method: IsRunning

We need a method to expose the m_bGameRunning variable, so the trainer can tell

whether or not the process was already found and opened successfully.


{
return m_bGameRunning;
}

No further explaination needed, I figure


Public method: IsKeyPressed
This function detects a key press.

bool CProcess::IsKeyPressed(int iKey)
{
return ((GetAsyncKeyState(iKey) & 1) == 1);
}
bool CProcess::IsRunning() 

This might look strange to you. It just so happens GetAsynchKeyState sets the

least significant bit of the returned value to indicate the key has been pressed.

True or False would have worked fine for me, by the way

Public method: IsTrainerSpyRunning

Don't you just hate it when people are trying to rip off your mem addy?


{
HANDLE hTmp = this->OpenProcess(NULL, "TRAINER SPY");
if (hTmp) {
CloseHandle(hTmp);
return true;
}
return false;
}
bool CProcess::IsSpyRunning(char *p_WindowTitle) 

 

This method tries to open the Trainer Spy process. If it can be opened the

handle of trainer spy (trainer spy will keep on running!) is closed and the method

returns true indicating trainer spy is running and something needs to be done

about it!

Thats it... those are all the methods we need.

CHAPTER 5: An example: Mortal Kombat 4 +3 trainer

***************************************************

Lets develop a trainer for Mortal Kombat 4. 

With GameHack I found these mem addies:

Health player 1 0x00534A9D 1 byte

Health player 2 0x005322ED 1 byte

timer 0x00534AD8 1 byte

Ohw, before we start.. I'm not gonna explain how to use the resource editor

to develop the actual window of the trainer since its different for every

development tool.


// Include all header files for the VC++ project
//
#include <stdio.h>
#include "stdafx.h"
#include "Process.h"

/* ------------------------------------------ */
/* -- Identification for dialog, controls, -- */
/* -- timers & such -- */
/* ------------------------------------------ */
#define DLG_MAIN 200 // ID for dialog
#define DLG_ICON 30000 // IDs for icons
#define DLG_ICON_S 30000
#define IDC_QUIT 1011 // ID for "quit"-button
#define IDC_INFO 2000 // ID for "info"-button
#define ID_TIMER 1 // ID for timer
#define IDC_STATIC -1 // ID for all labels
#define TIMER_INTERRUPT 500 // timer msg interval in msec

/* ---------------------------------------- */
/* -- The mem addies found with GameHack -- */
/* ---------------------------------------- */
#define HEALTH_PL1_ADDRESS 0x00534A9D
#define HEALTH_PL2_ADDRESS 0x005322ED
#define TIMER_ADDRESS 0x00534AD8


/* ------------------------------------------ */
/* -- Global variables... oh well... -- */
/* ------------------------------------------ */
HINSTANCE TheInstance = 0; // instance handle of this trainer
CProcess gameProcess; // instance of the CProcess class


/* ------------------------------------------------------------- */


//
// Windows passes messages to application windows to indicate "something"
// needs to be done
//
BOOL CALLBACK DialogProc (HWND hwnd, UINT message, WPARAM wParam, LPARAM lParam)
{
switch (message) {
case WM_INITDIALOG:
//
// set the time to generate a timer message (WM_TIMER)
// at a small interval
//
SetTimer(hwnd, ID_TIMER, TIMER_INTERRUPT, NULL);
return TRUE;

case WM_TIMER:
//
// a timer msg was received so call our main function!
//
WriteMem(hwnd);
return TRUE;

case WM_COMMAND:
switch (LOWORD(wParam)) {
case IDC_INFO:
//
// the info button on the window was pressed
//
MessageBox(hwnd, "<show some info>", "Mortal Kombat 4 +3 trainer", MB_OK);
return TRUE;
case IDC_QUIT:
//
// the quit button on the window was pressed
//
PostQuitMessage(0);
return TRUE;
}
return TRUE;

case WM_DESTROY:
//
// this app is about to be closed so kill the timer
//
KillTimer(hwnd, ID_TIMER);
PostQuitMessage(0);
return TRUE;

case WM_CLOSE:
//
// destroy the window
//
DestroyWindow (hwnd);
return TRUE;

case WM_PAINT:
//
// paint msg so we can show a bmp on the screen (or something else)
//
PaintIt(hwnd);
return TRUE;
}
return FALSE;
}


//
// the main function.. this one was generated by Visual C++ (talk about ugly code!
//
int WINAPI WinMain
(HINSTANCE hInst, HINSTANCE hPrevInst, char * cmdParam, int cmdShow)
{
TheInstance = hInst;
HWND hDialog = 0;

hDialog = CreateDialog (hInst, MAKEINTRESOURCE (DLG_MAIN), 0, (DLGPROC)DialogProc);
if (!hDialog)
{
char buf [100];
wsprintf (buf, "Error x%x", GetLastError ());
MessageBox (0, buf, "CreateDialog", MB_ICONEXCLAMATION | MB_OK);
return 1;
}

HICON hIcon = LoadIcon (TheInstance, MAKEINTRESOURCE (DLG_ICON));
SendMessage (hDialog, WM_SETICON, WPARAM (TRUE), LPARAM (hIcon));
hIcon = LoadIcon (TheInstance, MAKEINTRESOURCE (DLG_ICON_S));
SendMessage (hDialog, WM_SETICON, WPARAM (FALSE), LPARAM (hIcon));


MSG msg;
int status;
while ((status = GetMessage (&msg, 0, 0, 0)) != 0)
{
if (status == -1)
return -1;
if (!IsDialogMessage (hDialog, &msg))
{
TranslateMessage ( &msg );
DispatchMessage ( &msg );
}
}

return msg.wParam;
}


//
// This is our main function that does the job! Remember this function
// is called every time the timer msg is received.
//
void WriteMem(HWND hwnd)
{
//
// find out if we already found the game before
//
bool bOk = gameProcess.IsRunning();

//
// if not then try to find it
//
if (!bOk)
bOk = gameProcess.FindProcess("Mortal Kombat 4");

//
// if and only if game is running -> write mem
//
if (bOk) {
if (gameProcess.IsSpyRunning("TRAINER SPY"))
//
// someone is trying to rip us off! Close this trainer
//
PostQuitMessage(0);

//
// if F10 was pressed, max the timer!
//
if (gameProcess.IsKeyPressed(VK_F10))
if (!gameProcess.WriteByte(TIMER_ADDRESS, 100))
PostQuitMessage(0);

//
// if F11 was pressed, max player 1's health!
//
if (gameProcess.IsKeyPressed(VK_F11))
if (!gameProcess.WriteByte(HEALTH_PL1_ADDRESS, 0xFF))
PostQuitMessage(0);
//
// if F12 was pressed, max player 2's health!
//
if (gameProcess.IsKeyPressed(VK_F12))
if (!gameProcess.WriteByte(HEALTH_PL2_ADDRESS, 0xFF))
PostQuitMessage(0);

}
}


void PaintIt(HWND hwnd)
{
//
// To do (or not to do
// = show a neat pic on your trainer's window
//
}
// 

CHAPTER 6: The End

*********************

You can use the CProcess class or the main program code in any way you want. 

If you experience any problems with it, don't hesitate to contact me.

You can also ask for me to send you the complete MS Visual C++ project.

Happy Hunting,

Oboema

Ссылка на комментарий
Поделиться на другие сайты

  • 2 месяца спустя...

Хороший пример хакинга через внедренную dll, а также с примером хука на directXDraw функции начала сцены, функции конца сцены, функции reset...

Посмотрите на интересный вариант описания реализации класса Hacks из Hacks.h:



#include "Hacks.h"

int Hack::Count = 0;

Hack::Hack(char* name, LPVOID destination, BYTE* oldValue, BYTE* newValue, DWORD len)
{
this->Count++;
this->name=name;
this->bEnabled=false;
this->destination=destination;
this->oldValue=oldValue;
this->newValue=newValue;
this->len=len;
}

Hack::~Hack()
{
this->Count--;
}

bool Hack::Setup()
{
DWORD oldProt = NULL;
if(!VirtualProtect(destination,len,PAGE_READWRITE,&oldProt))
return false;
RtlMoveMemory(destination,(void*)newValue,len);
if(!VirtualProtect(destination,len,oldProt,&oldProt))
return false;

bEnabled=true;
return true;
}

bool Hack::Remove()
{
DWORD oldProt = NULL;
if(!VirtualProtect(destination,len,PAGE_READWRITE,&oldProt))
return false;
RtlMoveMemory(destination,oldValue,len);
if(!VirtualProtect(destination,len,oldProt,&oldProt))
return false;

bEnabled=false;

return true;
}

Hack hackAmmo("Infinite Ammo, %X",(LPVOID)0x005BFCB9,(PBYTE)"\x89\x84\x8F\x34\x03\x00\x00",(PBYTE)"\x90\x90\x90\x90\x90\x90\x90",7);
Hack hackRecoil("No recoil, %X",(LPVOID)0x00434629,(PBYTE)"\xE8\x22\xE7\x18\x00",(PBYTE)"\x90\x90\x90\x90\x90",5);

Hack hacks[]={hackAmmo,hackRecoil};

hacks[] будет массивом указателей объектов hackAmmo и hackRecoil. Активировать их судя по коду можно так:


void AllActivated()
{
for (BYTE i, i<1, i++)
hacks[i].Setup();
}

Деактивировать:


void AllDeactivated()
{
for (BYTE i, i<1, i++)
hacks[i].Remove();
}

Источник.Там же найдете исходники.

Ссылка на комментарий
Поделиться на другие сайты

  • 1 год спустя...

Попытался компильнуть в MV C++ 2010 первые 2 примера. На оба примера компиллятор выругался. В первом случае подчеркнул

ProcessWriteMem(HANDLE hProcess, DWORD Address, void* p_value, BYTE size) и hWnd = FindWindow(NULL, "3D Pinball for Windows - Space Cadet");

, а во втором

if(strcmp(pe32.szExeFile, "WarRock.exe") == 0)

error C2664: 'strcmp' : cannot convert parameter 1 from 'WCHAR [260]' to 'const char *'

Ссылка на комментарий
Поделиться на другие сайты

Нашел в нете немного другой код первого примера, но там все равно ругается компилятор на название игры

#include <iostream>
#include <windows.h>

using namespace std;

int main()
{
HWND hWnd;
DWORD dwID;
HANDLE hProcess;

hWnd = FindWindow(NULL, "3D Pinball for Windows - Space Cadet");

GetWindowThreadProcessId(hWnd, &dwID);

hProcess = OpenProcess(PROCESS_ALL_ACCESS, NULL, dwID);

int value = 1000000;

WriteProcessMemory(hProcess, (LPVOID) 0x00C20C62, (LPVOID) &value, sizeof(&value), NULL);

return 0;
}

Дело в самом компиляторе или что я делаю неправильно?

Ссылка на комментарий
Поделиться на другие сайты

Это из-за Юникода. Дописывай префикс "L" или отключи Юникод в свойствах проекта

L"3D Pinball for Windows - Space Cadet"

Также предвижу ошибку об отсутствии предкомпилированного заголовка. Также отключается в свойствах проекта. Иначе придётся писать этот предкомпилированный заголовок вручную.

Ссылка на комментарий
Поделиться на другие сайты

Это из-за Юникода. Дописывай префикс "L" или отключи Юникод в свойствах проекта
Спасибо, отключение юникода помогло, а префикс нет. В нете нарыл, что нужно ставить А - с ним ошибки не было.

Сорри за офтоп.

Ссылка на комментарий
Поделиться на другие сайты

×
×
  • Создать...

Важная информация

Находясь на нашем сайте, Вы автоматически соглашаетесь соблюдать наши Условия использования.