Solved Lot of questions :)

Hexui Undetected CSGO Cheats Sinkicheat PUBG Cheat

maxibaby

Newbie
Full Member
Oct 23, 2015
48
383
1
Hello guys, Im new to this community and to hacking, and I have some questions, hoping some of you could help me.

1) Whats the real advantage between injecting a hack (DLL) and just being external?
From what I've seeing from external you can WriteProcessMemory and from DLL you can just memcpy.

2) Is there any difference on reading variables when you inject DLL?
I injected a DLL but now I want to read some variables, of course i could GetCurrentProcess() and just do ReadProcessMemory, but I guess that's the point of injecting, not having to do that?
Whats the short-path for reading a memory direction?
Would something like this be valid?

C++:
int health = *(0x50034030)
Where ofcourse, 0x50034030 would be the adress of the player health.

3) I'm currently learning, with AssaultCube (Thanks to Fleep and also Rake on their tutorials)
Currently I have a hack, that basically is a Flee Hack + Rake flying hack.
Now I want to add an aimbot / ESP to my hack.

I have no idea how to write on screen, but what I have seen is that you do it with OpenGL or DX, is there any difference on how you do it?
Does it depend on the engine used by the game?
Also, I was looking for all the enemies on the multiplayer game, of course I found some awesome help:
AnomanderRake's aimbot, and Spock tutorial: https://guidedhacking.com/showthread.php?3111-Assault-Cube-Enemy-Positions-amp-More
Adress were updated so I had to get them by myself.

Got the Enemy Health, Searched for the Enemy object, and searched that enemy object to see where is in memory.
BANG, got a bunch of results, like 20.
To get to the real list of players had to loop through it with Dissect data structure.

Is this the way? Is there any better way?

Thanks you guys,
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,294
37,938
269
Now i get to play devils advocate!

Question 1: While DLL's are great and all ( and actually my preferred method of writing cheats ) externals have their own benefits too, for example when debugging something and you crash, only the external will crash and not the actual game ( because you aren't in their address space ) , which is pretty great when you don't want to restart all the time.

And as you get more complex and if you ever decide to write a driver, protecting externals is "easier" than protecting memory within an application. For example i wrote a little POC that simply switches the token of the process that i'm trying to protect with that of the SYSTEM process to basically get higher privileges than X game.

Also for externals if you decide to stream then you can do so freely with your ESP, provided you dont capture your entire stream, this isn't an external-only thing, but most internal cheats simply hook D3D/Engine drawing and draw like that, therefore making it happen within the actual game, therefore showing up on streams.

That was long!

Question 2.
you can read data from a memory location like so : int data = *(int*)(address);
Or you can get a pointer from memory like so int * data = (int*)(address);

Question 3.
I'm not entirely sure what you're asking
Going to just assume you only mean drawing, hooking d3d is basically the same across games, provided they have the same d3d version (d3d9, d3d11, whatever) , find a vtable, hook the function you want ( most people use EndScene ), draw in that.

I can't speak about openGL as i've never used it
 

TastyHorror

Coder
Dank Tier Donator
Nobleman
Oct 11, 2012
179
2,268
8
Question 1

Let's read a little about dll injection and hooking....

https://security.stackexchange.com/...ference-between-dll-hooking-and-dll-injection
https://stackoverflow.com/questions/3819739/dll-injection-what-is-possible-with-it

Direct memory access, easier for hooking memory, other small benefits but downside is injection is becoming a popular method online...so think what you will.

Question 2

Umm reading memory is reading memory but you can do different/same things to do that...and stuff... so I'll go ahead and say ...yes?....you might think that reading vars would be the same...but you can do different things like call funcs to get data...anyways... if you need a technical answer wait until someone who's willing to spoon you to post.

Question 3

You need to find a player list. This is in like 96% of the FPS games out there. This list contains player info (which includes you because you're a player too right?)... you see where I'm going with this? You can loop it to gather relevant data and compare...

Baby steps okay? Don't look to reinvent the wheel yet. Just work with what you have and then go from there.
 
Last edited:

NTvalk

Hacker
Meme Tier VIP
Jul 6, 2013
499
3,108
8
Is this the way? Is there any better way?

Thanks you guys,
There are more ways, one of them is reversing the program with OllyDbg or IDA and the SDK of that game/engine.
To write on the screen, the most safe way is something external like GDI, but they have big disadvantages.
The best way is probably hooking the function that gets calle every frame on that engine.
The most common way is probably internal hooking on DirectX/OGL.
 

Xcalibur

Newbie
Oct 22, 2015
4
334
0
1. Coding an internal cheat you have direct access to the memory; the code runs faster; you have basically full control of the game because your hack become part of the game.
But it all depends of what you want to achieve and how the anti-cheat works, so there's situations that external maybe will be a better choice.

2. Yes. The point of going internal is that you don't need to call any API (like Write/ReadProcessMemory) to manipulate and read the memory.
You can access directly using pointers (such as you would be doing if it was an program written by you).


C++:
int* dwHealth = (int*)(dwHealthAddress); //Not this pointer holds the address to health and his respective value
std::cout << *dwHealth << std::endl; //Now you can print, for example, his value by dereferencing the pointer (using *)

3. Since I'm not familiar with graphic stuff I can't help you here.
But since OpenGL and DirectX are different APIs, you probably can't expect that they will work the same way (prob they have similarities such as math used to draw on screen and etc).
 

Solaire

Respected Hacker
Dank Tier VIP
Dec 15, 2013
1,051
16,353
62
Just to do some more answering on OpenGL and DirectX.

With DirectX9, you can use the device to get a VTable that contains pointers to all of the drawing functions that you'd likely want to hook. I have no experience with any other DirectX versions.

With OpenGL it's as simple as this:

C++:
HMODULE hMod = GetModuleHandle("opengl32.dll");
DWORD wglSwapBuffersAddy = (DWORD)GetProcAddress(hMod, "wglSwapBuffers");
// Place hooks at address
Nothing too hard for either. AssaultCube uses OpenGL, so if you plan on making an ESP for it internally, it might be good to learn the basics of immediate mode OpenGL (Or if you really want to understand modern OpenGL since immediate mode is depreciated, visit www.learnopengl.com/. A great resource for DirectX is https://www.directxtutorial.com/).
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,294
37,938
269
To append to that, DirectX11 doesn't have EndScene IIRC and some other functions people normally use, so you'd have to use stuff like DrawIndexedPrimitive(UP?) and make your vertices and all that to draw lines/boxes, all that fun stuff
 

maxibaby

Newbie
Full Member
Oct 23, 2015
48
383
1
Thanks you all guys, as I said in other post, I love this community . :psychotic:

Basically with with dll injection as I become part of the program itself I could theoretically call any game function as i'm part of it, so if I knew a way to know the program functions / params, I would be able to call them my self, as I understood, am I right?
On the other way, for example, if I didn't want to read 4 bytes

C++:
int* dwHealth = (int*)(dwHealthAddress);
But Instead if I wanted to read a whole array could I ?

C++:
int dwPlayersHealth[10] = * (int*)dwHealthFirstPlayer
C++:
ReadProcessMemory(hProcHandle, (LPCVOID)Hack.playerArrayAddress, &playerAddr, 124, NULL);
I'm willing to do my first aimbot / esp, I think I would do it Internally, should I?
 

Liduen

Hacker
Dank Tier VIP
May 19, 2013
702
8,478
33
Thanks you all guys, as I said in other post, I love this community . :psychotic:

Basically with with dll injection as I become part of the program itself I could theoretically call any game function as i'm part of it, so if I knew a way to know the program functions / params, I would be able to call them my self, as I understood, am I right?
On the other way, for example, if I didn't want to read 4 bytes

C++:
int* dwHealth = (int*)(dwHealthAddress);
But Instead if I wanted to read a whole array could I ?

C++:
int dwPlayersHealth[10] = * (int*)dwHealthFirstPlayer
C++:
ReadProcessMemory(hProcHandle, (LPCVOID)Hack.playerArrayAddress, &playerAddr, 124, NULL);
I'm willing to do my first aimbot / esp, I think I would do it Internally, should I?
That would still read an integer of 4 bytes and save it into specified indice of the array.
You can set a pointer/array to a memory location though, like:
C++:
int dwPlayersHealth[10];
dwPlayersHealth = (int*)dwHealthFirstPlayer
And then you could access it like:
C++:
dwPlayersHealth[0] = 1337;
dwPlayersHealth[1] = 0;
//etc. ...
 

maxibaby

Newbie
Full Member
Oct 23, 2015
48
383
1
Thanks you all for your help.

Why people write

C++:
GetAsyncKeyState(VK_MUAHAHAHA) & 1
instead of just

C++:
GetAsyncKeyState(VK_MUAHAHAHA)
 

mambda

headass
Escobar Tier VIP
Trump Tier Donator
Jun 25, 2014
2,294
37,938
269
the & 1 signifies that the button is being just pressed, whereas without it, it can be spammed in miliseconds , read the MSDN documentation, its stuff to do with the highest bit and stuff. < 0 = held, & 0x80000 = click or something like that
 
Attention! Before you post:

Read the How to Ask Questions Guide
99% of questions are answered in the Beginner's Guide, do it before asking a question.

No Hack Requests. Post in the correct section.  Search the forum first. Read the rules.

How to make a good post:

  • Fill out the form correctly
  • Tell us the game name & coding language
  • Post everything we need to know to help you
  • Ask specific questions, be descriptive
  • Post errors, line numbers & screenshots
  • Post code snippets using code tags
  • If it's a large project, zip it up and attach it

If you do not comply, your post may be deleted.  We want to help, please make a good post and we will do our best to help you.

Community Mods