Download C++ Console Universal Trainer / Source Code

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
Hey Guys,

I've been studying like crazy today I want to give out my unfinished console and source so maybe can get a few tips on it - Honestly I know this thing is pointless but its helping me to learn.

I tried several times to have user input for the process but i kept running into snags, it would work but there would be an error somewhere else - so for now its pre-built for Solitaire.exe - Please re-compile the source
and edit the Source.cpp at the very top where you input process name.

Features:
Basic Read Memory
Basic Write Value To Memory

_
The DLL Injection/Code Injection Is what I want to work on later on

Memory Class:
Get Base Module Address
Read & Write All Data Types
Read & Write Pointers (Works - Just Code Consuming)

Uses: Declares

C++:
ProcMem mem("Solitaire.exe"); // Create Object Above Main + Use Own Process
DWORD* Base = mem.base; // Base Module (Solitaire.exe+0)
//READING
C++:
mem.read<int>(0x8EC3620);
mem.read<float>(0x56571DC);
mem.read<double>(0x5653A3C);

//WRITING

C++:
mem.write<int>(0x8EC3620, 12);
mem.write<float>(0x56571DC, 16.32);
mem.write<double>(0x5653A3C, 1337.7331);
//CODE INJECTION
mem.write<BYTE*>((DWORD)Base + 0x34CC5, (BYTE*)(0x90, 0x90, 0x90)); // NOP
mem.write<BYTE*>((DWORD)Base + 0x34CC5, (BYTE*)(0xC0, 0xB7, 0xE1, 0x00, 0x89, 0x45, 0xE0)); // Increase Score instead of decrease (Not Real Bytes - Example)
//POINTERS
C++:
DWORD Ptr = mem.read<int>((DWORD)Base + 0xBAFA8); // Solitaire.exe+BAFA8 {Pointer Base = Score)
DWORD Ptr1 = mem.read<int>((DWORD)Ptr + 0x50); // 1st Level
DWORD Ptr2 = mem.read<int>((DWORD)Ptr1 + 0x14); // 2nd Level

mem.write<int>(Ptr1 + 0x14, 52);
The Code Is Kind Of Messy and have several different versions (progress) - while im learning im trying to put together the ultimate console memory class,
once its ready and bug free I would be so happy to release it here :) - If any of you can mull over the code in the class and give some feedback that would be great,
I do intend to make a better getPID function to work alongside the constructor - just so tired atm cant read MSDN properly :p but i know I will do it, probably by tomorrow.

I have included both 32/64 bit release version with the source code (currently you can only read 64bit processes if your CPU is 64, and the same with 32bit,
I will figure out a way to make it ( logically ofc since 32bit cant run 64bit processes ) so you can access module information from 32bit processes on a 64bit cpu.


Check Back For Updates As Tomorrow I will Clean The Code and Comment as much as possible.

Virus Scan 1 - 1 False Positive (If you would Prefer I can just post Source)
Virus Scan 2

NOTE: DONT! Try and use pointers with the console menu, if you want to use the memory class do it seperatley, there is a bug that causes the console to spazz out if you try read/write a pointer.

if you guys think it is worth making this more advanced say with specific options for pointers and freezing values and saving addresses etc for a universal trainer let me know :)
as building this was just to re-cap all the basics and some of the new things I learnt - although alot of it is still trial and error
 

Attachments

Last edited:

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
Nice, If you need help with the injector feel free to ask.
Thanks man, I think Ill use Load Library and Manual Mapping first and then look for some more stealthier methods although I know once you get past those 2 its sometimes difficult to inject, but still want to practise basics for awhile longer and improve greatly on what ive done so far :D
 

NTvalk

Hacker
Meme Tier VIP
Jul 6, 2013
499
3,108
8
Thanks man, I think Ill use Load Library and Manual Mapping first and then look for some more stealthier methods although I know once you get past those 2 its sometimes difficult to inject, but still want to practise basics for awhile longer and improve greatly on what ive done so far :D
Ye sure take your time to learn more first. But about the manual mapping thing, I wouldn't start with that, it is one of the most advanced ways of dll injection :p I would start with the CreateRemoteThread method which is the easiest but most easy to detect. (With manual mapping you don't use loadlibrary you actually do what loadlibrary does but manually I think)
 
Last edited:

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
Ye sure take your time to learn more first. But about the manual mapping thing, I wouldn't start with that, it is one of the most advanced ways of dll injection :p I would start with the CreateRemoteThread method which is the easiest but most easy to detect. (With manual mapping you don't use loadlibrary you actually do what loadlibrary does but manually I think)
hehe I created a pretty advanced injector in VB using a class made in C# i understand the conecpts behind it and an idea where to start :D but ofc i will start at the bottom - not gonig to jump the gun :p I really am loving this language / i still infact have the class so i think once im confident i can try adapt it to C++, but thank you for your support i dont mean to sound like a dick - i do apreciate your help <3
 
Last edited:

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
Hey Guys,

Recently I have been creating an AOB Scanner, was lots of trial and error but its all part of the learning curve:

UPDATES:

Code Injection
AOB Scanner - the scanner wont accept wildcards in the console (have to be pre-set)
Use Base Address Option - means if you want to use game.exe+1234 you just need base+123 {if you select it in the app its applied for you}

Once ive accomplished the above i will then start working on saving user data/making profiles so you can save and use aob scan results and save hacks you've done with it
(still need to learn working with files and saving user data etc so it will be good to learn)
How To:
C++:
//Code Injection
mem.write<BYTE*>((DWORD)Base + 0x34CC5, (BYTE*)(0xC0, 0xB7, 0xE1, 0x00, 0x89, 0x45, 0xE0));

//AOB Scan
DWORD tArray[3] = {'?', 0x45, 0xDC}; //using wildcard ?
mem.AOBscan((DWORD)Base + 0x34CAF, (DWORD)Base + 0x34CDF, 3, tArray); //returns address
To Come:
-Updated Memory/reader/writer for use of pointers
-console functionality with wildcards (?)
-DLL injection


I have uploaded my source with this (no EXE or .bat files so no need for scan i presume - im pretty sure i got all .exe/bat out of the folder - let me know if im wrong as in a rush :) )

credits: NTvalk - gave me some ideas but in the end i strayed and did my own thing, maybe you could help improve the code if you fancy taking a look at it :)

the code inside main may be messy ;) i will clean up soon and re-post when ive added some new features
 

Attachments

Last edited:

Fleep

Founder
Meme Tier VIP
May 20, 2012
572
11,023
6
Great work, look forward to testing this.

Although in future any files that aren't images need 2 virus scans.

Either way well done, its always nice to see new approaches.

Fleep
 

NTvalk

Hacker
Meme Tier VIP
Jul 6, 2013
499
3,108
8
I took a quick look at the source and it looks neat good job. :smile: (the global variables could be removed tho)
 

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
I took a quick look at the source and it looks neat good job. :smile: (the global variables could be removed tho)
Thanks man, means a lot <3 - Some of the global vas im re-using a lot mainly the address DWORD - but as i go through my code (cleaning) im sure ill be able to reduce the Size of the globals :) thanks again for your feedback :D

also i just noticed my code injection function is not correct - it seems to write 0x00 a few times to the next address/instruction ( i know whats wrong after making AOB - ill fix it now )
 
Last edited:

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
well i cant seem to figure out right now why the code injection overwrites the next few bytes with 00 - it may be due to not using enough bytes me thinks, anhoo instead of another upload here is code snippet for better Byte Writing(injecting) Function - you just need to prototype it in the header.

Still works nopping addresses etc but in bigger games and more intensive it might be upset by the overwriting 00 (pretty sure im just using wrong size to write as i know there is something about writing 5 bytes or less)

C++:
void ProcMem::Inject(DWORD Address, int BytesToWrite, DWORD Bytes[]){
	for(int i = 0; i <= BytesToWrite; Address++){
		i++;
	    write<DWORD>((DWORD)Address, Bytes[i]);	
	}
}
UPDATE ON CODE:

has been cleaned ALOT there was so much junk that wasnt needed or being re-used when possible, cleaned up aprox 100 lines of code :)
More To Come
 
Last edited:

till0sch

Respected Hacker
Dank Tier VIP
Dank Tier Donator
Oct 14, 2012
1,104
12,593
51
well i cant seem to figure out right now why the code injection overwrites the next few bytes with 00 - it may be due to not using enough bytes me thinks, anhoo instead of another upload here is code snippet for better Byte Writing(injecting) Function - you just need to prototype it in the header.

Still works nopping addresses etc but in bigger games and more intensive it might be upset by the overwriting 00 (pretty sure im just using wrong size to write as i know there is something about writing 5 bytes or less)

C++:
void ProcMem::Inject(DWORD Address, int BytesToWrite, DWORD Bytes[]){
	for(int i = 0; i <= BytesToWrite; Address++){
		i++;
	    write<DWORD>((DWORD)Address, Bytes[i]);	
	}
}
e
Does this work now or not? Sorry for my missunderstanding..
 

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
Does this work now or not? Sorry for my missunderstanding..
yeah it does work, the code also in the source works just aswell i was just trying a few different things - it still needs work but im working on a pointer function today - ill release new source soon with more comments and more organized code, just FYI it will still write a few 0x00 about 3 addresses/bytes ahead but it will still do w/e you want to the bytes you have told it to.

UPDATE: i now have a working-ish dll injector using standard load library - i will play around with it abit more add another injection method then release new source :)
 
Last edited:

Syperus

RTFM
Meme Tier VIP
Dank Tier Donator
Oct 29, 2012
432
2,638
7
Nice tool you have here. Looking forward to checking it out. Kinda motivates me to continue to work on the tool i was working on before.
 

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
have managed to make a kind of easier way of reading multi-level pointers - I hope it helps you.

C++:
	//READ MEMORY - Pointer
	template <class cData>
	
	cData readP(DWORD Address, DWORD Offset[]){
      	
		cData ReadP;// Generic Varible to store Address | Value	  	  

		ReadP =	read<cData>((DWORD)Address);		

		for(int i = 0; i <=sizeof(Offset); i++){			
		    DWORD A = ReadP + Offset[i];     		
			ReadP =	read<cData>((DWORD)A);
	   }  
	     return ReadP;
	}

	//WRITE MEMORY - Pointer
	template <class cData>
	
	void writeP(DWORD Address, DWORD Offset[], cData Val, int Size){

      	DWORD A;
		cData ReadP;// Generic Varible to store Value	  	

		ReadP =	read<cData>((DWORD)Address);	

		for(int i = 0; i < Size; i++){					
		    A = ReadP + Offset[i];    
			ReadP =	read<cData>((DWORD)A);
		}
		write<cData>((DWORD)A, Val);
	}
much cleaner and with all the correct rights (protection) to read/write any address.

C++:
	DWORD Ary[2] = {0x50, 0xC};
	mem.writeP<int>((DWORD)Base+0xBAFA8, Ary, 1337, 2);
	cout << mem.readP<int>((DWORD)Base+0xBAFA8, Ary);
for some reason sizeof(Offset) wouldnt work and would return the wrong address in this function so you have to declare how many offsets to read - might be same error with reading but i havent seen it fail yet but if it does you can use same method from the writing function.

Also Here Is My AOB Scan Function With The Small Update - Im sure there is a way to reduce the size of this function, ill figure it out soon :).

C++:
DWORD ProcMem::AOBscan(DWORD StartAddress, DWORD EndAddress, DWORD Bytes[], int length){

	//VARIABLES
	int BytesToRead = 0; // int to count array items
	BYTE rBytes; //storage to hold bytes that are to be read

	//SCAN FUNCTION
	for(StartAddress; StartAddress < EndAddress; StartAddress++){

		rBytes = read<BYTE>((DWORD)StartAddress); // Read Address ++ (next address from first)

		//Wildcard Support - Check If First Array Element Is '?'
		while (Bytes[BytesToRead] == '?'){									
			BytesToRead++; // Increase Array Index Untill We See A Real Byte then stop increasing.					
		}

		if(rBytes == Bytes[BytesToRead]){
			do {
			StartAddress++; // Address + 1 (next byte)
			BytesToRead++; // Array Index Reader
			rBytes = read<BYTE>((DWORD)StartAddress); // Reads next byte

			//Wildcard Support - Check If Array Elements Include '?' and skip
			while (Bytes[BytesToRead] == '?'){ //Goto next Address See if it has wildcard to				
					StartAddress++; // Address + 1 (next byte)					
					BytesToRead++; // Array Index Reader increase				
					rBytes = read<BYTE>((DWORD)StartAddress); //read next byte		
			}

			}while(rBytes == Bytes[BytesToRead]); //Check rBytes(Read Memory Byte) against Array Index	

			if(BytesToRead == length){			
				return StartAddress - BytesToRead; // Return the address - the bytes you read (+)
			}	
		}		
	}			
	return 0xDEADBEEF;	//If It Fails
}
C++:
	DWORD Ary1[4] = {'?', 0x83, 0xC4, 0x28};
	cout << hex << "\n" << mem.AOBscan((DWORD)Base+0xA2125, (DWORD)Base+0xA213B, Ary1, 4); // Scans every byte from Start Address To End Address (Once it has found your byte pattern it stops and returns the address)
If I could use sizeof(Bytes) instead of having to declare its lenght could remove the parameters for length - any ideas?

UPDATE / TO COME:

more comments ( still commenting )
in process of adding a freeze value function using breakpoints
have almost nailed basic dll injection ( have sources for manual mapping to study sometime )
updating error handeling
adding support to work with threads for breakpointing
researching how to read process information(modules etc) from 32bit to 64bit so more compability
touching up the code of the menu and adding new features
soon i will code it so you can save addresses/hacks and have a list of several games you can save (like hack/game profiles)
decreased parameters for code injection (studying for complete remote injection as what im doing isnt correct i dont think even though it works in a sense)

UPDATED:
code is much cleaner now and more effective. - to be used with main class.

Adding AOB Scan Support With Pointers :)
 
Last edited:

Nether

The Angel Of Verdun
Meme Tier VIP
Dank Tier Donator
Dec 11, 2013
293
3,738
16
Well done!
Well done! Looks really great.
Thanks guys - Once I have finnished my Inject Function And Patch Function (just working on code caves atm and jumping), I plan to release a Video Tutorial With Audio On How I Did it all and with sources,
so you guys can create fun console trainers with advanced-ish functions.

Tutorial: Black Ops 1 ZOMBIES

AOB Scan - Level Hack (Round Changer)
Code Injection - Instant Kill
Breakpoint Freezing - Infinite Ammo
Read/Write Pointers - Some Misc Trivial Hacks

I may split the tutorials up into several videos explaining in depth how i made each function and using it, any feedback/ideas on this would be great.
 
Last edited:
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods