Solved AAPG - Internal Hack with SDK

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Hi All,

I am trying to make a hack for Americas Army Proving Grounds. I was able to get an SDK via a generator posted on another forum.

AAPG is based on Unreal Engine 3. My question is more of a general question based on this engine.

Most of the hacks I have seen made for the Unreal Engine appear to use Hooks on things like Process Event etc. Is it possible with an internal hack to make a Hookless ESP, aimbot etc? and if it is, how should I approach this?
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,298
37,938
269
It is, but why would you want to?

For the ESP, either create your own d3d9 device and figure out a way to get it rendering on the screen, or go into windowed mode and create an overlay.

for aimbot and the like, just have an infinite loop for those functions.
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
Well the issue I have at current is that I'm trying to hook the process event function.

From what I have so far, nothing is happening. I tried to build my code so that when it see's ProcessEvent called. My detour function spits out a MessageBox, then Free's my DLL from the game. See below for my code:

C++:
void OnAttach()
{
	pProcessEvent = (tProcessEvent)DetourFunction((PBYTE)UObject_ProcessEvent, (PBYTE)hkProcessEvent);
	CreateThread(NULL, 0, HackThread, hDllHandle, 0, NULL);
}

void hkProcessEvent(UFunction* pFunction, void* pParms, void* pResult)
{
	_asm pushad;

	_asm mov pCallObject, ecx;

	if (pFunction)
	{
		//strcpy_s(FunctionName, pFunction->getFullName());

		if (!strcmp(FunctionName, "Function AAGame.AAHUD_Base.PostRender"))
		{
			pAHUD = (AHUD*)pCallObject;
			MessageBox(NULL, "PING", "GAME", MB_OK);
			Settings::CanExit = true;
		}
	}

	_asm popad;

	pProcessEvent(pFunction, pParms, pResult);
}

DWORD WINAPI HackThread(LPVOID lpParam)
{
	while (!Settings::CanExit || GetAsyncKeyState(VK_ESCAPE))
	{
		Sleep(50);
	}
	FreeLibraryAndExitThread((HMODULE)lpParam, 0);
}
OnAttach() is called when the DLL is injected. It creates the HackThread and Hooks the Process Event Function.
Settings::CanExit is my way of passing information from ProcessEvent to the HackThread to tell it to unload the DLL.

I had expected the DLL to Ping out my MessageBox just after Injection, However nothing happens.

I am not sure if this is becuase i am hooking incorrectly, or if my offsets are wrong? How can I debug this? Or how could I do the same thing without hooking?
 

Tarolion

Newbie
Full Member
Nobleman
Mar 12, 2015
42
258
1
I can't debug with Visual studio. Everytime I attach the debugger AAPG crashes instantly.

Is there anyother way I can do this?
 

GAFO666

Hacker
Meme Tier VIP
Aug 19, 2012
520
3,188
23
PE is not like the one shown in the sdk while hooking, you want to hook the native func (at least thats what i did) [hint: original __thiscall, hooked __fastcall) -
you can find it by finding the function string for the function struct & get the pointer from the named struct (by sdk)
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods