| |||||||
| Check out our store for super cheap gaming deals. You will like it, especially the fast delivery and low price.
|
| Free Registration | Blogs | Downloads | D3Live! | FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read | TS2 |
| |  |
How-To Game Hacking, [Intermediate] (Tutorial + Source Code)
This is a discussion on How-To Game Hacking, [Intermediate] (Tutorial + Source Code) within the General Programming forum part of the Development category; I'll be teaching the basics of game hacking. The game I'll be using is Warcraft III; I suggest you download ...
Welcome on D3scene.com! Make sure to register - it's free and very quick! You have to register before you can post and participate in our discussions with 35000 other registered members. Downloads, user profiles and some forums can only be seen by registered members. After you create your free account you will be able to customize many options, you will have the full access to new hacks, latest cheats and last but not least will see no advertisements at all. We would love to see you around in our community! |
| | LinkBack | Thread Tools | Display Modes |
|
#1
09-04-2007, 01:13 AM
| ||||
| ||||
 How-To Game Hacking, [Intermediate] (Tutorial + Source Code) Have a look at our store I'll be teaching the basics of game hacking. The game I'll be using is Warcraft III; I suggest you download it and follow along. It's a fairly simple game to hack. Credits: high6, thanks for helping me with a lot of stuff, debugging, etc. Chaotic. He made a tutorial just like this, I read it, and re-made it. I'm not taking credit for this method. Tools needed: Memory Hacking Software OllyDbg Video without explanations: Code: Download: http://rapidshare.com/files/50910065/How-To_Game_Hacking__The_Basics.7z Password: www.ZomgStuff.net Code: Download: http://rapidshare.com/files/50892043/How-To_Game_Hack__The_Basics.7z Password: www.ZomgStuff.net Ok. So first you want to start Warcraft III in window mode, that way we aren't constantly tabbing out of full screen mode. To do this, right click on Warcraft III's icon, and click properties. http://ugly.zomgstuff.net/tut1/1.gif Add "-window" to the end of the target. http://ugly.zomgstuff.net/tut1/2.gif Ok. Now that Warcraft III is set to run in a window instead of full screen, go ahead and run Warcraft III. Go to Single Player, Create your profile, and go to "Custom Game". Choose a melee map. I'm using the map Booty Bay. For the second player, choose "Computer (Easy)" and set his handicap to 50%. Now start the game. We are doing this in single player because it automatically pauses the game when you minimize or lose focus of it's window. If you want to do this in Battle.net, create a custom game and follow along, the instructions are the same. http://ugly.zomgstuff.net/tut1/3.gif Now, run Memory Hacking Software and click File > Open Process, and choose war3.exe. http://ugly.zomgstuff.net/tut1/4.gif Ok. Right here is where it might get a bit confusing, but bear with me. I'm teaching you how to make other units and buildings visible to you. So, when another unit is visible, unit visible = true, right? When it isn't visible, unit visible = false, right? Now, if you know any bit of programming, you know, true = 1, false = 0. Keep that in mind as we are doing this. Now, in Warcraft III, you shouldn't be seeing any other units or buildings, except for yours. So that means enemy units visible = false. false = 0, so click Search > Data-Type Search. http://ugly.zomgstuff.net/tut1/5.gif Data type: byte, Evalution type: Exact value, Value to find: 0. http://ugly.zomgstuff.net/tut1/6.gif Click ok. You will probably get a ton of results. So, we have to narrow down the results to which offset contains a unit's visibility state. So, move one of your units near a creep, but don't get attacked, just make the creep visible. http://ugly.zomgstuff.net/tut1/7.gif Now, go back to MHS (memory hacking software) and go to Search > sub search, and search for 1, since the creep is visible. http://ugly.zomgstuff.net/tut1/8.gif http://ugly.zomgstuff.net/tut1/9.gif This should narrow your results down to about 50,000 results, which is still a lot. So, move your guy away from the creep, so it isn't visible anymore. http://ugly.zomgstuff.net/tut1/10.gif Now do another sub search but sub search for the value 0 (because it isn't visible, false = 0). This should eliminate a lot of results. So, repeat this process, move your guy near the creep, make the creep visible, sub search for 1, and back away, make the creep non-visible, and sub search for 0. Do this until you have ~15 results left. http://ugly.zomgstuff.net/tut1/11.gif Now, with your remaining results, highlight them all, right click one, and click add selected. http://ugly.zomgstuff.net/tut1/12.gif Now, highlight all the ones that you just added in the other pane, and click "modify selected". Change the value when locked to 1 (which is true), so when the value is locked, the unit is visible. http://ugly.zomgstuff.net/tut1/13.gif Ok. Now move your unit back to your base, and make sure no creeps are visible. Now you have to go down the list of offsets and lock each one until the unit is visible in warcraft 3. What this does is changes the offset from unit visible = false = 0, to unit visible = true = 1. By locking each one individually, you can find which offset stores the units visibility. When you find the offset, the creep should look like this: http://ugly.zomgstuff.net/tut1/14.gif Ok. I have found the offset which makes the unit visible. But, I don't want to have to memory edit to make all units visible, that would be a waste of time, do we are going to change the code in the game to make all units visible. http://ugly.zomgstuff.net/tut1/15.gif http://ugly.zomgstuff.net/tut1/14.gif Remember the offset you found, or copy it down somewhere. Now, open up OllyDbg and click File > Attach. http://ugly.zomgstuff.net/tut1/16.gif and attach war3.exe. http://ugly.zomgstuff.net/tut1/17.gif Some messages with pop up, click OK to all of them. Maximize the window. And click Debug > run (to unfreeze warcraft). http://ugly.zomgstuff.net/tut1/18.gif Right click in the dump area, and click Goto > Expression. http://ugly.zomgstuff.net/tut1/19.gif Remember that offset you found? Plug that in the textbox that comes up. and click ok. http://ugly.zomgstuff.net/tut1/20.gif Now, it will take you to the offset of the unit's visibility. http://ugly.zomgstuff.net/tut1/21.gif The area that is highlighted (01) means the unit is visible, when it is 00, it is not visible. So, go back to MHS and unlock/unfreeze the offset you found, so the unit is no longer visible. Now, back to OllyDbg, we typed in the offset to go to, and it brought us to the units visibility. Right click that byte (where it said 01, should say 00 now) and click breakpoint > memory, on access. http://ugly.zomgstuff.net/tut1/22.gif Now, it should have paused Warcraft III and highlighted a piece of code that looks like this (in the assembly area, above the dump area) Code: MOV DI,WORD PTR DS:[ECX+EAX*2] Now, remove the breakpoint by right clicking the area in the dump and clicking Breakpoint > Remove memory breakpoint. http://ugly.zomgstuff.net/tut1/23.gif Go back to the code that says Code: MOV DI,WORD PTR DS:[ECX+EAX*2] This sets the units visibility state. We need to change it so it always sets it to visible. So, double click the code, and a box that says "Assemble" should pop up. http://ugly.zomgstuff.net/tut1/25.gif Now, lets look at the code. Code: MOV DI,WORD PTR DS:[ECX+EAX*2] WORD PTR DS:[ECX+EAX*2] is what determines the units visibility to each player. We don't want it to check if the unit should be visible, we want it to just make the unit visible, so we change it to MOV DI,1. 1 is the player (player 1). If you want it to show no matter what player number you are, you would put 0xF (1-16 players). This is client side, so it won't show for other users or players, just you. So, change the code to Code: MOV DI,0xF http://ugly.zomgstuff.net/tut1/26.gif Then click assemble. Now, go back to Warcraft III (if you can't, go to OllyDbg, and click Debug > Run). All units should be visible now. So, how do you put this into a program? Code: #include <windows.h>
#include <iostream>
using namespace std;
int main()
{
//Allow access to war3.exe, credits to Chaotic for the following 10 lines of code
//it allows us to write into war3's memory
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken);
LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue);
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
AdjustTokenPrivileges(hToken, false, &tkp, sizeof tkp, NULL, NULL);
CloseHandle(hToken);
//
//the address found in ollydbg that contains MOV DI,WORD PTR DS:[ECX+EAX*2]
LONG address = 0x6F2A3B92;
//6F2A3B91 66:BF 0100 MOV DI,0x01, is what is in the debugger.
//We have to put the middle piece into a BYTE array, so it writes properly into the memory:
BYTE newvalue[] = {0xBF,0x01,0x00};
HWND hwnd;
HANDLE phandle;
DWORD pid;
//searches for warcraft 3's window
hwnd = FindWindow(NULL, "Warcraft III");
if (hwnd != 0) {
GetWindowThreadProcessId(hwnd, &pid);
phandle = OpenProcess(PROCESS_ALL_ACCESS, 0, pid);
} else {
//Can't find warcraft 3's window
cout << "Warcraft III is not running.";
cin.get();
return 0;
}
if (phandle != 0) {
//writes the code to make all units visible
WriteProcessMemory(phandle, (LPVOID)address, (LPVOID) &newvalue, 3, 0);
cout << "Units Visible!";
cin.get();
} else {
//can't open the process
cout << "Failed to open process";
cin.get();
}
}
Digg - How-to game hack, the basics Check out our store  |
| D3scene |
Welcome to D3scene - probably the best location for all Gamers. To participate in our friendly environment you have to register. After completing registration you will have full access to all threads and features. We care about members and try to make your stay as pleasant as possible. We are unique with the following feature for members - you will not see a single Advertisement! The best: registration is completely free. It will not cost you a single penny or harm you in any way. You will lose nothing except 1 minute of your time. So why not register? We would be happy to see you around! |
|
#5
09-12-2007, 06:26 AM
| ||||
| ||||
| exelent !! i used dev c++ to compile and mh worked ! xD i dont expect to use it .. TT .. was just for fun :=) thanks |
| D3scene |
|
Welcome to D3scene - probably the best location for all Gamers. To participate in our friendly environment you have to register. After completing registration you will have full access to all threads and features. We care about members and try to make your stay as pleasant as possible. We are unique with the following feature for members - you will not see a single Advertisement! The best: registration is completely free. It will not cost you a single penny or harm you in any way. You will lose nothing except 1 minute of your time. So why not register? We would be happy to see you around! |
|
| Thread Tools | |
| Display Modes | |
Linear Mode
|
|
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| How to make your own WoW server (TBC!) | Xirus | WoW Private Server Info & Help | 569 | 10-21-2008 11:23 PM |
| How-To Warcraft 3 Name Spoofing (Tutorial + Source Code) | UgLy-NeRd | General Programming | 2 | 09-04-2007 03:10 AM |
| How-To Game Hacking, [Beginner] (Tutorial + Source Code) | UgLy-NeRd | General Programming | 1 | 09-04-2007 02:59 AM |
| How do I backup and restore the accounts and their characters? | kingdutka | WoW Private Server Info & Help | 19 | 07-07-2007 12:00 AM |
| All times are GMT +1. The time now is 03:46 AM. |
