• Amused
  • Angry
  • Annoyed
  • Awesome
  • Bemused
  • Cocky
  • Cool
  • Crazy
  • Crying
  • Down
  • Drunk
  • Embarrased
  • Enraged
  • Friendly
  • Geeky
  • Godly
  • Happy
  • Hateful
  • Hungry
  • Innocent
  • Meh
  • Piratey
  • Poorly
  • Sad
  • Secret
  • Shy
  • Sneaky
  • Tired
  • Wtf
  • At Work
  • CodenzHub
  • Coding
  • Deejaying
  • Donating
  • Drinking
  • Eating
  • Editing
  • Hacking
  • Hate Mailing
  • Jamin'
  • Lagging
  • Live Streaming
  • Lurking
  • No Status
  • Pawning
  • PC Gaming
  • PS Gaming
  • Raging
  • Reversing
  • Sleeping
  • Steam Gaming
  • Trolling
  • TwitchStreamer
  • Vodka!
  • Watching TV/Movie
  • Xbox Gaming
  • Youtuber
  • Zombies
  • Page 1 of 2 12 LastLast
    Results 1 to 10 of 18
    1. #1
      The Angel Of Verdun
      Always More To Code!
       
      Lurking
       
      Nether's Avatar
      Join Date
      Dec 2013
      Location
      England, SW
      Posts
      299
      Thanks (-->)
      54
      Thanks (<--)
      186

      C++ Console Universal Trainer / Source Code

      John Kittz
      Hey Guys,

      I've been studying like crazy today I want to give out my unfinished console and source so maybe can get a few tips on it - Honestly I know this thing is pointless but its helping me to learn.

      I tried several times to have user input for the process but i kept running into snags, it would work but there would be an error somewhere else - so for now its pre-built for Solitaire.exe - Please re-compile the source
      and edit the Source.cpp at the very top where you input process name.

      Features:
      Basic Read Memory
      Basic Write Value To Memory

      _
      The DLL Injection/Code Injection Is what I want to work on later on

      Memory Class:
      Get Base Module Address
      Read & Write All Data Types
      Read & Write Pointers (Works - Just Code Consuming)

      Uses: Declares

      ProcMem mem("Solitaire.exe"); // Create Object Above Main + Use Own Process
      DWORD* Base = mem.base; // Base Module (Solitaire.exe+0)


      //READING
      mem.read<int>(0x8EC3620);
      mem.read<float>(0x56571DC);
      mem.read<double>(0x5653A3C);


      //WRITING

      mem.write<int>(0x8EC3620, 12);
      mem.write<float>(0x56571DC, 16.32);
      mem.write<double>(0x5653A3C, 1337.7331);
      //CODE INJECTION
      mem.write<BYTE*>((DWORD)Base + 0x34CC5, (BYTE*)(0x90, 0x90, 0x90)); // NOP
      mem.write<BYTE*>((DWORD)Base + 0x34CC5, (BYTE*)(0xC0, 0xB7, 0xE1, 0x00, 0x89, 0x45, 0xE0)); // Increase Score instead of decrease (Not Real Bytes - Example)


      //POINTERS
      DWORD Ptr = mem.read<int>((DWORD)Base + 0xBAFA8); // Solitaire.exe+BAFA8 {Pointer Base = Score)
      DWORD Ptr1 = mem.read<int>((DWORD)Ptr + 0x50); // 1st Level
      DWORD Ptr2 = mem.read<int>((DWORD)Ptr1 + 0x14); // 2nd Level

      mem.write<int>(Ptr1 + 0x14, 52);


      The Code Is Kind Of Messy and have several different versions (progress) - while im learning im trying to put together the ultimate console memory class,
      once its ready and bug free I would be so happy to release it here - If any of you can mull over the code in the class and give some feedback that would be great,
      I do intend to make a better getPID function to work alongside the constructor - just so tired atm cant read MSDN properly :P but i know I will do it, probably by tomorrow.

      I have included both 32/64 bit release version with the source code (currently you can only read 64bit processes if your CPU is 64, and the same with 32bit,
      I will figure out a way to make it ( logically ofc since 32bit cant run 64bit processes ) so you can access module information from 32bit processes on a 64bit cpu.


      Check Back For Updates As Tomorrow I will Clean The Code and Comment as much as possible.

      Virus Scan 1 - 1 False Positive (If you would Prefer I can just post Source)
      Virus Scan 2

      NOTE: DONT! Try and use pointers with the console menu, if you want to use the memory class do it seperatley, there is a bug that causes the console to spazz out if you try read/write a pointer.

      if you guys think it is worth making this more advanced say with specific options for pointers and freezing values and saving addresses etc for a universal trainer let me know
      as building this was just to re-cap all the basics and some of the new things I learnt - although alot of it is still trial and error
      Attached Files Attached Files
      Last edited by Nether; 12-16-2013 at 06:23 AM.

    2. Thanks Syperus, Fleep thanked for this post
    3. #2
      Hacker
      ^.^
       
      Eating
       
      NTvalk's Avatar
      Join Date
      Jul 2013
      Location
      Your RAM
      Posts
      512
      Thanks (-->)
      176
      Thanks (<--)
      145
      Nice, If you need help with the injector feel free to ask.

    4. Thanks Nether thanked for this post
    5. #3
      The Angel Of Verdun
      Always More To Code!
       
      Lurking
       
      Nether's Avatar
      Join Date
      Dec 2013
      Location
      England, SW
      Posts
      299
      Thanks (-->)
      54
      Thanks (<--)
      186
      Quote Originally Posted by NTvalk View Post
      Nice, If you need help with the injector feel free to ask.
      Thanks man, I think Ill use Load Library and Manual Mapping first and then look for some more stealthier methods although I know once you get past those 2 its sometimes difficult to inject, but still want to practise basics for awhile longer and improve greatly on what ive done so far

    6. Thanks NTvalk thanked for this post
    7. #4
      Hacker
      ^.^
       
      Eating
       
      NTvalk's Avatar
      Join Date
      Jul 2013
      Location
      Your RAM
      Posts
      512
      Thanks (-->)
      176
      Thanks (<--)
      145
      Quote Originally Posted by Nether View Post
      Thanks man, I think Ill use Load Library and Manual Mapping first and then look for some more stealthier methods although I know once you get past those 2 its sometimes difficult to inject, but still want to practise basics for awhile longer and improve greatly on what ive done so far
      Ye sure take your time to learn more first. But about the manual mapping thing, I wouldn't start with that, it is one of the most advanced ways of dll injection I would start with the CreateRemoteThread method which is the easiest but most easy to detect. (With manual mapping you don't use loadlibrary you actually do what loadlibrary does but manually I think)
      Last edited by NTvalk; 12-15-2013 at 12:23 PM.

    8. Thanks Nether thanked for this post
    9. #5
      The Angel Of Verdun
      Always More To Code!
       
      Lurking
       
      Nether's Avatar
      Join Date
      Dec 2013
      Location
      England, SW
      Posts
      299
      Thanks (-->)
      54
      Thanks (<--)
      186
      Quote Originally Posted by NTvalk View Post
      Ye sure take your time to learn more first. But about the manual mapping thing, I wouldn't start with that, it is one of the most advanced ways of dll injection I would start with the CreateRemoteThread method which is the easiest but most easy to detect. (With manual mapping you don't use loadlibrary you actually do what loadlibrary does but manually I think)
      hehe I created a pretty advanced injector in VB using a class made in C# i understand the conecpts behind it and an idea where to start but ofc i will start at the bottom - not gonig to jump the gun :P I really am loving this language / i still infact have the class so i think once im confident i can try adapt it to C++, but thank you for your support i dont mean to sound like a dick - i do apreciate your help <3
      Last edited by Nether; 12-15-2013 at 02:31 PM.

    10. Thanks NTvalk thanked for this post
    11. #6
      The Angel Of Verdun
      Always More To Code!
       
      Lurking
       
      Nether's Avatar
      Join Date
      Dec 2013
      Location
      England, SW
      Posts
      299
      Thanks (-->)
      54
      Thanks (<--)
      186

      Update

      Hey Guys,

      Recently I have been creating an AOB Scanner, was lots of trial and error but its all part of the learning curve:

      UPDATES:

      Code Injection
      AOB Scanner - the scanner wont accept wildcards in the console (have to be pre-set)
      Use Base Address Option - means if you want to use game.exe+1234 you just need base+123 {if you select it in the app its applied for you}

      Once ive accomplished the above i will then start working on saving user data/making profiles so you can save and use aob scan results and save hacks you've done with it
      (still need to learn working with files and saving user data etc so it will be good to learn)
      How To:

      //Code Injection
      mem.write<BYTE*>((DWORD)Base + 0x34CC5, (BYTE*)(0xC0, 0xB7, 0xE1, 0x00, 0x89, 0x45, 0xE0));

      //AOB Scan
      DWORD tArray[3] = {'?', 0x45, 0xDC}; //using wildcard ?
      mem.AOBscan((DWORD)Base + 0x34CAF, (DWORD)Base + 0x34CDF, 3, tArray); //returns address


      To Come:
      -Updated Memory/reader/writer for use of pointers
      -console functionality with wildcards (?)
      -DLL injection


      I have uploaded my source with this (no EXE or .bat files so no need for scan i presume - im pretty sure i got all .exe/bat out of the folder - let me know if im wrong as in a rush )

      credits: @NTvalk - gave me some ideas but in the end i strayed and did my own thing, maybe you could help improve the code if you fancy taking a look at it

      the code inside main may be messy i will clean up soon and re-post when ive added some new features
      Attached Files Attached Files
      Last edited by Nether; 12-21-2013 at 06:04 PM.

    12. #7
      Hacker
      Learning to hack games!
       
      Pawning
       
      Fleep's Avatar
      Join Date
      May 2012
      Posts
      626
      Thanks (-->)
      208
      Thanks (<--)
      727
      Great work, look forward to testing this.

      Although in future any files that aren't images need 2 virus scans.

      Either way well done, its always nice to see new approaches.

      Fleep

    13. Thanks Nether thanked for this post
    14. #8
      Hacker
      ^.^
       
      Eating
       
      NTvalk's Avatar
      Join Date
      Jul 2013
      Location
      Your RAM
      Posts
      512
      Thanks (-->)
      176
      Thanks (<--)
      145
      I took a quick look at the source and it looks neat good job. (the global variables could be removed tho)

    15. Thanks Nether thanked for this post
    16. #9
      The Angel Of Verdun
      Always More To Code!
       
      Lurking
       
      Nether's Avatar
      Join Date
      Dec 2013
      Location
      England, SW
      Posts
      299
      Thanks (-->)
      54
      Thanks (<--)
      186
      Quote Originally Posted by NTvalk View Post
      I took a quick look at the source and it looks neat good job. (the global variables could be removed tho)
      Thanks man, means a lot <3 - Some of the global vas im re-using a lot mainly the address DWORD - but as i go through my code (cleaning) im sure ill be able to reduce the Size of the globals thanks again for your feedback

      also i just noticed my code injection function is not correct - it seems to write 0x00 a few times to the next address/instruction ( i know whats wrong after making AOB - ill fix it now )
      Last edited by Nether; 12-21-2013 at 03:31 PM.

    17. #10
      The Angel Of Verdun
      Always More To Code!
       
      Lurking
       
      Nether's Avatar
      Join Date
      Dec 2013
      Location
      England, SW
      Posts
      299
      Thanks (-->)
      54
      Thanks (<--)
      186
      Cheats'n'Trainers
      well i cant seem to figure out right now why the code injection overwrites the next few bytes with 00 - it may be due to not using enough bytes me thinks, anhoo instead of another upload here is code snippet for better Byte Writing(injecting) Function - you just need to prototype it in the header.

      Still works nopping addresses etc but in bigger games and more intensive it might be upset by the overwriting 00 (pretty sure im just using wrong size to write as i know there is something about writing 5 bytes or less)

      void ProcMem::Inject(DWORD Address, int BytesToWrite, DWORD Bytes[]){
      for(int i = 0; i <= BytesToWrite; Address++){
      i++;
      write<DWORD>((DWORD)Address, Bytes[i]);
      }
      }


      UPDATE ON CODE:

      has been cleaned ALOT there was so much junk that wasnt needed or being re-used when possible, cleaned up aprox 100 lines of code
      More To Come
      Last edited by Nether; 12-21-2013 at 06:46 PM.

    Page 1 of 2 12 LastLast

    Similar Game Hacker Threads

    1. Replies: 8
      Last Post: 10-28-2016, 01:35 PM
    2. [Help] C++ ESP AIMBOT SOURCE CODE GDI Drawing Source Code Help Please
      By PimpinRice in forum GH Tutorials Help
      Replies: 10
      Last Post: 10-25-2014, 04:14 PM
    3. BL2 console Trainer (TriggerBot & Money/Eridium edit)
      By BeesKnees in forum Other Game Hacks
      Replies: 3
      Last Post: 03-21-2014, 11:04 PM
    4. [Help] a few q's about console trainer
      By IDA in forum GH Tutorials Help
      Replies: 1
      Last Post: 01-26-2014, 06:06 PM
    5. [Trainer+Source]Bioshock Infinite +17 Trainer
      By Syperus in forum Other Game Hacks
      Replies: 14
      Last Post: 05-26-2013, 09:45 PM

    Tags for this Thread