Source Code Assault Cube internal DLL skeleton

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,108
78,998
2,386
How long you been coding/hacking?
4 Years
Coding Language
C++
Ok super basic code just to get you guys started making injected dll hack:

start a dll project and paste this in:

Updated OP with best code by broihon:
C++:
#include <Windows.h>

DWORD __stdcall Thread(void* pParam)
{
    DWORD dwBase = 0x50F4F4;
    DWORD ofHealth        = 0xF8;
    DWORD ofPistolAmmo    = 0x13C;
    DWORD ofRifleAmmo    = 0x150;

    bool bHealth        = true;
    bool bPistolAmmo    = true;
    bool bRifleAmmo        = true;

    while (true)
    {
        if (GetAsyncKeyState(VK_F1) & 1)
            bHealth = !bHealth;

        if (GetAsyncKeyState(VK_F2) & 1)
            bPistolAmmo = !bPistolAmmo;
       
        if (GetAsyncKeyState(VK_F3) & 1)
            bRifleAmmo = !bRifleAmmo;

        DWORD dwBuffer = *(DWORD*)dwBase;
        if (dwBuffer)
        {
            if(bHealth)
                *(DWORD*)(dwBuffer + ofHealth) = 1337;

            if(bPistolAmmo)
                *(DWORD*)(dwBuffer + ofPistolAmmo) = 1337;

            if (bRifleAmmo)
                *(DWORD*)(dwBuffer + ofRifleAmmo) = 1337;
        }
    }
}

BOOL __stdcall DllMain(HINSTANCE hDll, DWORD dwReason, void* pReserved)
{
    if (dwReason == DLL_PROCESS_ATTACH)
    {
        CreateThread(nullptr, 0, Thread, nullptr, 0, nullptr);
    }
    return TRUE;
}
Now in this module, DllMain will get called upon injection and CreateThread named Thread. Thread will then get executed you typecast some pointers and dereference them and inside the while loop it will set your health to 1337.

We are not hooking anything here, that while loop is going to eat up your CPU cycles and this isn't the best way to do this but this was just a proof of concept. I'll write a sexier tutorial in the future. I suggest Guided Hacking DLL Injector
 
Last edited:

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
Fixed:
C++:
#include <Windows.h>

DWORD __stdcall hackthread(LPVOID param) //it's no WINAPI. just an __stdcall
{
    DWORD* localPlayerAddress = reinterpret_cast<DWORD*>(0x509B74); //It's 2015. Use c++ casts -.-
    int *health = reinterpret_cast<int*>(*localPlayerAddress + 0xF8); //c++ casts, still unsafe
 
    while (1)
    {
        *health = 1337;
        Sleep(10); //We don't wanna wreck performance, do we?
    }
 
    return 0; //NULL is nab
}
 
BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved)
{
    switch (dwReason)
    {
    case DLL_PROCESS_ATTACH:
        CreateThread(nullptr, 0, hackthread, nullptr, 0, nullptr); //pointers arent 0
        DisableThreadLibraryCalls(hModule); //pass the actual module
        break;

    default: //use default -.- and screw DLL_PROCESS_DETACH in this case
        break;
    }
    return TRUE;
}
 
Last edited:
  • Like
Reactions: Elitiok

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
I know, I know, the grave digging is intense here, but just a few nice things to add:

C++:
#include <Windows.h>
 
DWORD WINAPI hackthread(LPVOID param)
{
    DWORD* localPlayerAddress = (DWORD*)(0x50F4F4);
    int * health = (int*)(*localPlayerAddress + 0xF8);
 
    while (true)
    {
        *health = 1337;
        
        // So we can break from the infinite loop
        if (GetAsyncKeyState(VK_ESCAPE) & 1) break;
        
        Sleep(10);
    }
    
    // Free the DLL
    FreeLibraryAndExitThread((HMODULE)param, NULL);
 
    return NULL;
}
 
BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved)
{
    switch (dwReason)
    {
    case DLL_PROCESS_ATTACH:
        CreateThread(0, 0, hackthread, hModule, 0, 0); // Added hModule to be passed to hackthread
        // DisableThreadLibraryCalls(0); <-- Not needed tbh
        break;
 
    case DLL_PROCESS_DETACH:
        break;
    }
    return TRUE;
}
Now you can inject, unload the dll, make changes to source and recompile, then reinject without having to close the game and reload it.
 

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,108
78,998
2,386
Thanks to Solaire and broihon for their additions
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
C++:
#include <Windows.h>

DWORD __stdcall Thread(void* pParam)
{
	DWORD dwBase = 0x50F4F4;
	DWORD ofHealth		= 0xF8;
	DWORD ofPistolAmmo	= 0x13C;
	DWORD ofRifleAmmo	= 0x150;

	bool bHealth		= true;
	bool bPistolAmmo	= true;
	bool bRifleAmmo		= true;

	while (true)
	{
		if (GetAsyncKeyState(VK_F1) & 1)
			bHealth = !bHealth;

		if (GetAsyncKeyState(VK_F2) & 1)
			bPistolAmmo = !bPistolAmmo;
		
		if (GetAsyncKeyState(VK_F3) & 1)
			bRifleAmmo = !bRifleAmmo;

		DWORD dwBuffer = *(DWORD*)dwBase;
		if (dwBuffer)
		{
			if(bHealth)
				*(DWORD*)(dwBuffer + ofHealth) = 1337;

			if(bPistolAmmo)
				*(DWORD*)(dwBuffer + ofPistolAmmo) = 1337;

			if (bRifleAmmo)
				*(DWORD*)(dwBuffer + ofRifleAmmo) = 1337;
		}
	}
}

BOOL __stdcall DllMain(HINSTANCE hDll, DWORD dwReason, void* pReserved)
{
	if (dwReason == DLL_PROCESS_ATTACH)
	{
		CreateThread(nullptr, 0, Thread, nullptr, 0, nullptr);
	}
	return TRUE;
}
 

PwndDepot

I has a status
Dank Tier VIP
Trump Tier Donator
Dank Tier Donator
Nov 5, 2014
239
7,748
19
What's the difference in using c++ casts as compared to the C style. What makes them more reliable? (Or are they even more reliable?)
 

Broihon

edgy 12 y/o
Escobar Tier VIP
Fleep Tier Donator
Dec 22, 2013
1,745
40,528
316
What's the difference in using c++ casts as compared to the C style. What makes them more reliable? (Or are they even more reliable?)
c-casts can do a lot of dangerous/impossible conversion without the compiler noticing it while the different c++-casts all have their own operation (eg. const-cast is just for removing the const of a var).
mainly that stuff is important just for the compiler. eg. when casting an integer into a char and you use (char)YouIntegerHere the compiler will do a lot stuff you don't know about. if you just use const_cast<char>(YouInt) the compiler only does the necessary stuff to convert one signed 4-byte enumeration type into another signed 1-byte type (https://msdn.microsoft.com/en-gb/library/c36yw7x9.aspx).
tldr c++ casts are much cooler and the dank stuff cool kids use

edit: in my previous code i didnt use c++-casts since i wanted to keep the code as easy as possible so i just went for teh *(DataType*) reading/writing which is simply bad style.

and to answer your second question: if you dont know what you're doing it doesnt really matter. if you have a fcked up nullptr it doesnt matter if you access it with *(DataType*)nullptr or *reinterpret_cast<DataType*>(nullptr). c++-casts are only important for the compiler (and the result of the compiler). they arent like safety checks at runtime.
 
Last edited:

T59y9

Newbie
Full Member
Jul 6, 2017
24
218
0
whats the error here?
C++:
#include <Windows.h>
#include <math.h>

//Player Base : "ac_client.exe" + 0x109B74 / 0x509B74
//Player Health : 0xF8
//Player Primary : 0x128
//Player Primary Clip : 0x150
//Player Secondary : 0x114
//Player SecondaryClip : 0x13C
//Player Grenade Ammo : 0x158
//Player Armor : 0xFC
//Player Position XY : 0x4
//Player Position XY : 0x8
//Player Position Z : 0xC
//Player View Angle Verticle : 0x44
//Player View Angle Horizontal : 0x40
//Time Between Knifes : 0x160
//Pistol Timer : 0x164
//Primary Timer : 0x178
//Grenade Timer(? ) : 0x180
//Mouse Button Down : 0x224
//Entity Base : "ac_client.exe" + 0x110D90 / 0x510D90
//TeamOffset1 : 0x204
//TeamOffset2 : 0x32C

DWORD WINAPI HackThread(LPVOID param)
{
	DWORD* base = (DWORD*)(0x509B74);
	int * health = (int*)(*base + 0xf8);
	int * armor = (int*)(*base + 0xfc);
	int * ps = (int*)(*base + 0x164);
	int * kn = (int*)(*base + 0x160);
	int * gr = (int*)(*base + 0x158);
	int * hz = (int*)(*base + 0x40);

	while (1)
	{
		if (GetAsyncKeyState(VK_F1))
		{
			*health = 9999;
			Sleep(10);
		}
		if (GetAsyncKeyState(VK_F2))
		{
			*armor = 9999;
			Sleep(10);
		}
		if (GetAsyncKeyState(VK_F3))
		{
			*ps = 0;
			Sleep(10);
		}
		if (GetAsyncKeyState(VK_F4))
		{
			*kn = 0;
			Sleep(10);
		}
		if (GetAsyncKeyState(VK_F5))
		{
			*gr = 9999;
			Sleep(10);
		}
		if (GetAsyncKeyState(VK_F6))
		{
			*hz = 50;
			Sleep(10);
		}
		return 0;
	}
}

BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved)
{
	switch (dwReason)
	{
	case DLL_PROCESS_ATTACH:
		CreateThread(0, 0, HackThread, hModule, 0, 0);// Added hModule to be passed to hackthread		break;

	case DLL_PROCESS_DETACH:
		break;
	}
	return TRUE;
}
 
Last edited by a moderator:

Rake

Cesspool Admin
Administrator
Jan 21, 2014
12,108
78,998
2,386
T59y9 remove that return 0 in your loop and make your GAKS calls like this:
(GetAsyncKeyState(VK_F1) &1)
and you can remove your sleeps in the GAKS if statements
 

T59y9

Newbie
Full Member
Jul 6, 2017
24
218
0
Rake;50431 said:
T59y9 remove that return 0 in your loop and make your GAKS calls like this:
(GetAsyncKeyState(VK_F1) &1)
and you can remove your sleeps in the GAKS if statements
Thanks bro i like your coding and your hacks im your student
 

T59y9

Newbie
Full Member
Jul 6, 2017
24
218
0
sorry bro but what the error here
C++:
#include <Windows.h>
#include <iostream>



DWORD WINAPI Hack(LPVOID param)
{
	DWORD* Base = (DWORD*)(0x509B74);
	int * health = (int*)(Base + 0xF8);
	float * Y = (float*)(Base + 0x34);
	float * X = (float*)(Base + 0x38);
	float * Z = (float*)(Base + 0x3C);
	
	while (1)
	{
		if (GetAsyncKeyState(VK_F1) & 1)
		{
			*health = 1023;
		}
		if (GetAsyncKeyState(VK_F2) & 1)
		{
			*Y = 20.0;
		}
		if (GetAsyncKeyState(VK_F3) & 1)
		{
			*X = 20.0;
		}
		if (GetAsyncKeyState(VK_F4) & 1)
		{
			*Z = 20.0;
		}
		if (*health = 1023)
		{
			*health = 1023;
		}
		if (*health != 1023)
		{
			*health = 1023;
		}
	}
}

BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved)
{
	switch (dwReason)
	{
	case DLL_PROCESS_ATTACH:
		CreateThread(nullptr, 0, Hack, nullptr, 0, nullptr);
		DisableThreadLibraryCalls(hModule);
		break;

	default:
		break;
	}
	return TRUE;
}
 
Last edited:

Teuvin

now I am become Death
Dank Tier VIP
Trump Tier Donator
Dec 8, 2016
403
10,388
65
sorry bro but what the error here

#include <Windows.h>
#include <iostream>



DWORD WINAPI Hack(LPVOID param)
{
DWORD* Base = (DWORD*)(0x509B74);
int * health = (int*)(Base + 0xF8);
float * Y = (float*)(Base + 0x34);
float * X = (float*)(Base + 0x38);
float * Z = (float*)(Base + 0x3C);

while (1)
{
if (GetAsyncKeyState(VK_F1) & 1)
{
*health = 1023;
}
if (GetAsyncKeyState(VK_F2) & 1)
{
*Y = 20.0;
}
if (GetAsyncKeyState(VK_F3) & 1)
{
*X = 20.0;
}
if (GetAsyncKeyState(VK_F4) & 1)
{
*Z = 20.0;
}
if (*health = 1023)
{
*health = 1023;
}
if (*health != 1023)
{
*health = 1023;
}
}
}

BOOL WINAPI DllMain(HINSTANCE hModule, DWORD dwReason, LPVOID lpReserved)
{
switch (dwReason)
{
case DLL_PROCESS_ATTACH:
CreateThread(nullptr, 0, Hack, nullptr, 0, nullptr);
DisableThreadLibraryCalls(hModule);
break;

default:
break;
}
return TRUE;
}
Please wrap your code with
C++:
.
What isnt working on the code? Whats the problem? Does the game crash? Please specify.

C++:
if (*health = 1023)
{
*health = 1023;
}
is your error, how to fix it is up to you.
 

T59y9

Newbie
Full Member
Jul 6, 2017
24
218
0
Please wrap your code with
C++:
.
What isnt working on the code? Whats the problem? Does the game crash? Please specify.

C++:
if (*health = 1023)
{
*health = 1023;
}
is your error, how to fix it is up to you.
if i press F1 or F2 nothing work
 

Teuvin

now I am become Death
Dank Tier VIP
Trump Tier Donator
Dec 8, 2016
403
10,388
65
if i press F1 or F2 nothing work
You forgot to derefence base
C++:
DWORD* Base = (DWORD*)(0x509B74);
    int * health = (int*)(*Base + 0xF8);
    float * Y = (float*)(*Base + 0x34);
    float * X = (float*)(*Base + 0x38);
    float * Z = (float*)(*Base + 0x3C);
and you should go and add this line of code
C++:
if (GetAsyncKeyState(VK_F5))
		{
			MessageBox(NULL,(LPCWSTR)L"Exited with success",(LPCWSTR)L"Exited",MB_OK);
			FreeLibraryAndExitThread((HINSTANCE)param, 1);
		}
so you can press F5 and "quit" the dll so then you can compile again without having trouble with writing to the .dll
 
Last edited:

T59y9

Newbie
Full Member
Jul 6, 2017
24
218
0
You forgot to derefence base
C++:
DWORD* Base = (DWORD*)(0x509B74);
    int * health = (int*)(*Base + 0xF8);
    float * Y = (float*)(*Base + 0x34);
    float * X = (float*)(*Base + 0x38);
    float * Z = (float*)(*Base + 0x3C);
and you should go and add this line of code
C++:
if (GetAsyncKeyState(VK_F5))
		{
			MessageBox(NULL,(LPCWSTR)L"Exited with success",(LPCWSTR)L"Exited",MB_OK);
			FreeLibraryAndExitThread((HINSTANCE)param, 1);
		}
so you can press F5 and "quit" the dll so then you can compile again without having trouble with writing to the .dll
ok thank you
 

T59y9

Newbie
Full Member
Jul 6, 2017
24
218
0
You forgot to derefence base
C++:
DWORD* Base = (DWORD*)(0x509B74);
    int * health = (int*)(*Base + 0xF8);
    float * Y = (float*)(*Base + 0x34);
    float * X = (float*)(*Base + 0x38);
    float * Z = (float*)(*Base + 0x3C);
and you should go and add this line of code
C++:
if (GetAsyncKeyState(VK_F5))
		{
			MessageBox(NULL,(LPCWSTR)L"Exited with success",(LPCWSTR)L"Exited",MB_OK);
			FreeLibraryAndExitThread((HINSTANCE)param, 1);
		}
so you can press F5 and "quit" the dll so then you can compile again without having trouble with writing to the .dll
do you know how to add console window in my dll?
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods