[How to] Create your own Warcraft III Maphack

This is a discussion on [How to] Create your own Warcraft III Maphack within the Warcraft 3 Hacks, bots and tools board part of the Warcraft 3 forum category; Just found it again: http://bhfiles.com/files/Dev.Toolkit...20Tutorial.htm Good ol' bhfiles...

Page 2 of 5 FirstFirst 1234 ... LastLast
Results 11 to 20 of 44
  1. #11
    Beaving's Avatar
    Beaving is offline Терпение, мой друг




    Array
    Join Date
    Dec 2008
    Location
    Russia
    Posts
    628
    Mentioned
    1 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    16
    Reputation
    1128
    Just found it again: http://bhfiles.com/files/Dev.Toolkit...20Tutorial.htm



    Good ol' bhfiles

  2. The Following 2 Users Say Thank You to Beaving For This Useful Post:


  3. #12
    Tracky's Avatar
    Tracky is offline Administrator

    Array
    Join Date
    Dec 2007
    Location
    Germany
    Posts
    9,965
    Mentioned
    176 Post(s)
    Tagged
    4 Thread(s)
    Rep Power
    44
    Reputation
    5675
    Quote Originally Posted by Beaving View Post
    Ah nice, didn't know DM was able to recover this.

  4. The Following User Says Thank You to Tracky For This Useful Post:


  5. #13
    Sennen is offline Newbie
    Array
    Join Date
    Oct 2012
    Posts
    5
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0

    s

    Quote Originally Posted by Tracky View Post
    Ohai,




    Do you remember Chaotic's maphack tutorial? It helped me a lot and is pretty much the best tutorial out there yet.
    I took myself the freedom to make a video on how to get the offsets, following Chaotic's guide. The guide itself will grant you a very basic idea on how Warcraft III memory performs.


    If you like the videos, post a comment, thumbs up and subscribe. If you have another idea for a tutorial, tell me about it and I will take care of it.
    All you need is:


    OllyDBG: Download
    CheatEngine: Cheat Engine
    Artmoney: Download ArtMoney
    DevC++: Bloodshed Software - Downloads
    Warcraft III :P



    Enjoy it
    Remember this will grant you detected offsets meaning you will have to search for a way to get either undetected offsets or make your hack undetected


    Best regards, Tracky
    Hey could you creat a drophack for wc3 TFT

  6. #14
    apellio is offline Newbie
    Array
    Join Date
    Sep 2011
    Posts
    1
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0

    Arrow

    Hello,Tracky,as for ideas for a tutorial,a tutorial for finding button offsets for all buttons on the control panel and making a hotkey from them would be AWESOME!
    I use auct hotkey,but it clicks them with the mouse,it is very annoying and broken with ROT and other similar skills.)

  7. #15
    ehsan...p is offline Addict
    Array
    Join Date
    Feb 2013
    Posts
    61
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    hi tracky, plz upload video in other site i dident see that video, plz upload in media fire.

  8. #16
    Tseno95's Avatar
    Tseno95 is offline Member
    Array
    Join Date
    May 2013
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    /6F2A08B1 66:BF 0100 MOV DI,0FF
    DWORD data=0xBF; <-- BF0100 ?
    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B2,& data,1,0);
    data=0x0F; <-- MOV DI,0FF ?
    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B3,& data,1,0);
    data=0x00; <-- where that from ?
    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B4,& data,1,0);

    How do you know that it's B2, B3, B4 (0x6F2A08B2, 0x6F2A08B3, 0x6F2A08B4)?

  9. #17
    DarkSupremo is offline Premium Member
    Array
    Join Date
    Feb 2008
    Posts
    790
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    15
    Reputation
    606
    Quote Originally Posted by Tseno95 View Post
    /6F2A08B1 66:BF 0100 MOV DI,0FF
    DWORD data=0xBF; <-- BF0100 ?
    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B2,& data,1,0);
    data=0x0F; <-- MOV DI,0FF ?
    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B3,& data,1,0);
    data=0x00; <-- where that from ?
    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B4,& data,1,0);

    How do you know that it's B2, B3, B4 (0x6F2A08B2, 0x6F2A08B3, 0x6F2A08B4)?
    That's the address, watch the video that you'll see how he found it...
    Garena Plus Hack - Garena Hack - Warcraft Map Hack - Auto Room Joiner - Exp Hack - Name Spoofer - Custom Kick - Lag Hack | Download: http://www.garenamaster.com

  10. #18
    Tseno95's Avatar
    Tseno95 is offline Member
    Array
    Join Date
    May 2013
    Posts
    31
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    I understand how the find the address, the problem comes once I find it.
    Here is an updated version of what I meant;

    /6F2A08B1 66:BF 0100 MOV DI,0FF
    As far as I understand the address is this: 6F2A08B1 which is : 0x6F2A08B1;

    DWORD data=0xBF; <-- BF0100 ? ::What I meant here is how do you know to put 0xBF in there, do you take it from here BF0100?

    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B2,& data,1,0);
    data=0x0F; <-- MOV DI,0FF ? ::Here what I meant is do you take 0x0F from here MOV DI, 0FF?

    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B3,& data,1,0);
    data=0x00; <-- And this thing, where do I get it from?

    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B4,& data,1,0);

    Also, B2, B3, B4 (aka
    0x6F2A08B2, 0x6F2A08B3, 0x6F2A08B4) how do you know to increment the addresses by one and what happens if the address ends with a letter? (Example: 0x6F2A08BA?)

    Sorry if these are dumb questions, but this is a tutorial thread anyways. I started learning assembly 2 days ago and I still have a lot to learn.

    UPDATE:
    Here is my code so you can take a look at it:

    Code:
    #include <iostream>#include <windows.h>
    
    
    using namespace std;
    
    
    int main()
    {
    	HWND handle_warcraft3 = ::FindWindow(NULL, "Warcraft III");
    	if (!handle_warcraft3)
    	{
    		return 0;
    	}
    	else if (handle_warcraft3)
    	{
    		cout << "wc3 proc found." << endl;
    	}
    
    
    	HANDLE handle_Current = GetCurrentProcess();
    	HANDLE handle_Token;
    	BOOL process = OpenProcessToken(handle_Current, 40, &handle_Token);
    	LUID luid;
    	process = LookupPrivilegeValue(NULL, "SeDebugPrivilege", &luid);
    	TOKEN_PRIVILEGES NewState, PreviousState;
    	DWORD ReturnLength;
    	NewState.PrivilegeCount = 1;
    	NewState.Privileges[0].Luid = luid;
    	NewState.Privileges[0].Attributes = 2;
    	process = AdjustTokenPrivileges(handle_Token, FALSE, &NewState, 28, &PreviousState, &ReturnLength);
    	DWORD PID, TID, JUMP;
    	TID = ::GetWindowThreadProcessId(handle_warcraft3, &PID);
    	HANDLE hopen = OpenProcess(PROCESS_ALL_ACCESS | PROCESS_TERMINATE | PROCESS_VM_OPERATION | PROCESS_VM_READ | PROCESS_VM_WRITE, FALSE, PID);
    
    
    	//Write memory
    	//024E20A3   66:B9 0F00       MOV CX,0F
    	//0x024E20A3 0x66 0xB9 0x0F 0x00
    
    
    
    
    	JUMP = 0x66;
    	process = WriteProcessMemory(hopen, (LPVOID)0x024E20A3, &JUMP, 1, 0);
    	JUMP = 0xB9;
    	process = WriteProcessMemory(hopen, (LPVOID)0x024E20A4, &JUMP, 1, 0);
    	JUMP = 0x0F;
    	process = WriteProcessMemory(hopen, (LPVOID)0x024E20A5, &JUMP, 1, 0);
    	JUMP = 0x00;
    	process = WriteProcessMemory(hopen, (LPVOID)0x024E20A6, &JUMP, 1, 0);
    
    
    	process = CloseHandle(hopen);
    	cin.get();
    	return 0;
    
    }


    Last edited by Tseno95; 04-28-2015 at 03:20 PM.

  11. #19
    Tracky's Avatar
    Tracky is offline Administrator

    Array
    Join Date
    Dec 2007
    Location
    Germany
    Posts
    9,965
    Mentioned
    176 Post(s)
    Tagged
    4 Thread(s)
    Rep Power
    44
    Reputation
    5675
    Quote Originally Posted by Tseno95 View Post
    I understand how the find the address, the problem comes once I find it.
    Here is an updated version of what I meant;

    /6F2A08B1 66:BF 0100 MOV DI,0FF
    As far as I understand the address is this: 6F2A08B1 which is : 0x6F2A08B1;

    DWORD data=0xBF; <-- BF0100 ? ::What I meant here is how do you know to put 0xBF in there, do you take it from here BF0100?

    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B2,& data,1,0);
    data=0x0F; <-- MOV DI,0FF ? ::Here what I meant is do you take 0x0F from here MOV DI, 0FF?

    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B3,& data,1,0);
    data=0x00; <-- And this thing, where do I get it from?

    bret=WriteProcessMemory(hopen,(LPVOID)0x6F2A08B4,& data,1,0);

    Also, B2, B3, B4 (aka
    0x6F2A08B2, 0x6F2A08B3, 0x6F2A08B4) how do you know to increment the addresses by one and what happens if the address ends with a letter? (Example: 0x6F2A08BA?)

    Sorry if these are dumb questions, but this is a tutorial thread anyways. I started learning assembly 2 days ago and I still have a lot to learn.
    Have a look at how hex-numbers work:
    Hexadecimal - Wikipedia, the free encyclopedia

    Now that you understand the system of hexadecimal, let's go further.

    Assume our address is (like in the video):

    0x1646F068
    - We add a breakpoint on access and jump into a function (video @ 5:45)


    The new address in question is now:
    0x6F3A1563
    What this line of code does is:

    MOV CX, WORD PTR DS:[ECX+EAX*2]

    We know: This command pretty much tells the game what player is allowed to see which unit (or something along these lines).
    To exploit this system we lie to the game and tell it to show all units/the whole map to all 16 players.

    0-15 ==> 16 players

    15(decimal)
    -> 0x0F (hexadecimal)

    To to this we change our line of code to:
    MOV CX, 0F

    After we changed it you can see the changes (marked in red - video @ 8:09).
    As you can see, the hex-representation of our code changed from '66:8B0C41' to '66:B90F00'.
    Assume we can modify exactly one byte at a time (66, 8b, 0c, 41 --> All of these values fill 1 Byte in memory).

    So, the red-marked code in memory is exactly 4 bytes long. Remember this.

    Now we had to do all this manually (changing the /code/ byte per byte). We are lazy and want to apply these changes manually each time.

    We do this with WriteProcessMemory.
    Alright. So what we do is, we change each byte one by one in our program (and finally come closer to your question).

    You may see that the line of code we changed STARTED at 0x6F3A1563.
    The next line of code starts over at 0x6F3A1567.
    (that is 4 bytes further)

    So, it's safe to say that our memory should look like this when we are finished.


    0x6F3A1563 --> 66
    0x6F3A1564 --> B9
    0x6F3A1565 --> 0F
    0x6F3A1566 --> 00

    So, afterall we learned:

    - Addresses of our memory go from 0x00000000, 0x00000001, 0x00000002, ... to 0xFFFFFFFF
    - The code at a certain address is shown as (one or many) bytes
    - We see what our code in memory at a certain address looked like before, and after, thus know what do change


    I hope that helped to clear your question a little.

  12. The Following User Says Thank You to Tracky For This Useful Post:


  13. #20
    panda7089916 is offline Newbie
    Array
    Join Date
    Apr 2016
    Posts
    3
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Rep Power
    0
    Reputation
    0
    dear Sosha sir,could you please add my skype ID:[email protected]? something questions want to discuss with you.
    waiting on line.......

Page 2 of 5 FirstFirst 1234 ... LastLast

Similar Threads

  1. how to create maphack ?.......
    By karaul0v11 in forum Warcraft 3 Hacks, bots and tools
    Replies: 2
    Last Post: 12-27-2012, 11:40 PM
  2. If any one can create an AT multiple Warcraft 3 bot
    By monopo in forum Warcraft 3 Hacks, bots and tools
    Replies: 0
    Last Post: 05-30-2012, 05:41 PM
  3. [Release] Warcraft 3 MapHack for 1.26
    By LAME4FUN in forum Warcraft 3 Hacks, bots and tools
    Replies: 20
    Last Post: 05-03-2011, 05:45 PM
  4. a method to create Undetectable maphack and a method to disable any maphack
    By thewisp in forum Warcraft 3 Hacks, bots and tools
    Replies: 19
    Last Post: 04-18-2010, 11:27 PM
  5. Noob Question: Warcraft 3 Maphack triggers off "World of Warcraft's Warden"?
    By xelaeon in forum Warcraft 3 Hacks, bots and tools
    Replies: 7
    Last Post: 03-15-2010, 06:06 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •