Web-Hax

C++

[C++] Creating your own “DLL Hack” [By Espan/NoC]

by pH on Oct.30, 2009, under Articles by pH, C++, Computer Programming / Scripting, Tutorials

If you’re not familiar with C/C++ and pointers don’t even bother reading this.
Alright, on this tutorial you will learn how to make your own DLL hack, you know, the DLLs you inject into games.

Create a new DLL project on your favourite IDE and add a .cpp file for our code, name it whatever you like best.
OK, now we need to add the DllMain function that will be called when the dll is injected, we’ll also add a if to check if the DLL was attached.

Code:
BOOL APIENTRY DllMain(HINSTANCE hDll, DWORD Reason, LPVOID lpReserved)
{
	if(Reason == DLL_PROCESS_ATTACH) {

	}
	return TRUE;
}

That doesn’t really do anything, but we’ll get back to it in a bit.
So we have our DllMain, now lets include windows.h so we can use CreateThread, Sleep, etc.
OK, now we need a function for the hack. Since we don’t really need it to return anything we can declare it as a void.

Your code should look like this:

Code:
#include <windows.h>

void myhackfunc()
{

}

BOOL APIENTRY DllMain(HINSTANCE hDll, DWORD Reason, LPVOID lpReserved) {
	if(Reason == DLL_PROCESS_ATTACH) {

	}
	return TRUE;
}

Ok, now we need to create a thread for our hack.
We need a global variable for the thread id:

Code:
DWORD ThreadID;

And we need to create the actual thread when the DLL is attached:

Code:
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&myhackfunc, 0, 0, &ThreadID);

So, at this point your code should look like this:

Code:
#include <windows.h>

DWORD ThreadID;

void myhackfunc()
{

}

BOOL APIENTRY DllMain(HINSTANCE hDll, DWORD Reason, LPVOID lpReserved) {
	if(Reason == DLL_PROCESS_ATTACH) {
		CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&myhackfunc, 0, 0, &ThreadID);
	}
	return TRUE;
}

The basic structure is done, now we need to add the actual hack code.
This is where the C pointers come into play.
Since we are running the code inside the game process, we don’t need to use the WriteProcessMemory API, we can simply create a pointer to the memory address we want to modify.

The neatest way of doing this is declaring variables that point to that memory address, something like this:

Code:
int *hack1 = (int*)0xaddress;
int *hack2 = (int*)0xaddress;
//...

So let’s say I wanted a scope hack and the address for it is B72076, I’d declare it like this:

Code:
int *scope = (int*)0xB72076;

OK, I’ll use the scope as an example here, imagine that I wanted that everytime someone presses the right mouse button the scope value is changed to 1 so it zooms in.

First, we need an endless loop on our hack function, which we called “myhackfunc” on this tutorial.

Code:
while(1)
{
//hack code will go here
}

So now we want to check whether the right mouse button is being pressed or not.
We’ll use the GetAsyncKeyState API.
So, if the right mouse button is being pressed (The virtual key code for it is VK_RBUTTON or 0×02) we want our hack to change the value of scope to 1:

Code:
if (GetAsyncKeyState(VK_RBUTTON))
{
	*scope = 1;
}

Now we add a Sleep to our loop so it doesn’t use all of your CPU, 20ms will do:

Code:
Sleep(20);

That’s it.
Your code should look like this:

Code:
#include <windows.h>

DWORD ThreadID;

int *scope = (int*)0xB72076;

void myhackfunc()
{
	while(1)
	{
		if (GetAsyncKeyState(VK_RBUTTON))
		{
			*scope = 1;
		}
		Sleep(20);
	}
}

BOOL APIENTRY DllMain(HINSTANCE hDll, DWORD Reason, LPVOID lpReserved) {
	if(Reason == DLL_PROCESS_ATTACH) {
		CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&myhackfunc, 0, 0, &ThreadID);
	}
	return TRUE;
}

I’ve attached winject so you can test your dll when you’re done.

Have fun,
Espan

Leave a Comment more...

[C++]Grant Process All privilidges

by pH on Oct.30, 2009, under Articles by pH, C++, Computer Programming / Scripting, Tutorials

Code:
//Function to grant access.
BOOL EnablePriv(LPCSTR lpszPriv) // (thanks http://www.rohitab.com)
{
  HANDLE hToken;
  LUID luid;
  TOKEN_PRIVILEGES tkprivs;
  ZeroMemory(&tkprivs, sizeof(tkprivs));

  if(!OpenProcessToken(GetCurrentProcess(), (TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY), &hToken))
    return FALSE;

  if(!LookupPrivilegeValue(NULL, lpszPriv, &luid)){
    CloseHandle(hToken); return FALSE;
  }

  tkprivs.PrivilegeCount = 1;
  tkprivs.Privileges[0].Luid = luid;
  tkprivs.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;

  BOOL bRet = AdjustTokenPrivileges(hToken, FALSE, &tkprivs, sizeof(tkprivs), NULL, NULL);
  CloseHandle(hToken);
  return bRet;
}

One way to use this is to to do the following:

Code:
EnablePriv(SE_DEBUG_NAME);

Which will tell C++ that you want to call the function EnablePriv for the process name “SE_DEBUG_NAME” which in turn means the name of the process you compile.

Have fun!

Leave a Comment more...

[C++]Structures

by pH on Oct.30, 2009, under Articles by pH, C++, Computer Programming / Scripting, Tutorials

Here I will show you how to use those handy things called structures!

Code:
//include header for use of its functions
#include <iostream>

//include the standard library.
using namespace std;

//creates a new structure called people
struct people

{
//declares that the structure contains an integer called isafaggot and a string called realname
    int isafaggot;
    string realname;

};

//Declares that main returns an integer
int main()
{
//Creates a new variable called brian inside the structure of people
  people brian;
//assigns a value to the isafaggot variable of the variable brian
  brian.isafaggot = 1;
//assigns a string to the string realname inside the variable brian
  brian.realname = "dickhead";
  //the rest is pretty self explanitory from here:
  if (brian.isafaggot = 1) {
            cout <<"Brian is a faggot! \n";
            }else{
               cout <<"Brian isn't a faggot! \n";
               }
               cout <<"And a " <<"\n";
               cout<<brian.realname<<"\n";
               cin.ignore();

}

your program should output the following:
brian is a faggot!
and a
dickhead

Leave a Comment more...

[C++] Messagebox tutorial

by pH on Oct.30, 2009, under Articles by pH, C++, Computer Programming / Scripting, Tutorials

This is an example code, say you already have a button on your project, inside your form (if the button is called button1)

Code:
void InitializeComponent(void)
    {
      this->button1 = new System::Windows::Forms::Button();
      this->SuspendLayout();
      //
      // button1
      //
      this->button1->Location = System::Drawing::Point(112, 104);
      this->button1->Name = S"button1";
      this->button1->TabIndex = 0;
      this->button1->Text = S"button1";
      this->button1->Click += new System::EventHandler(this, button1_Click);
      //
      // Form1
      //
      this->AutoScaleBaseSize = System::Drawing::Size(5, 13);
      this->ClientSize = System::Drawing::Size(292, 266);
      this->Controls->Add(this->button1);
      this->Name = S"Form1";
      this->Text = S"Form1";
      this->Load += new System::EventHandler(this, Form1_Load);
      this->ResumeLayout(false);

    }
  private: System::Void button1_Click(System::Object * sender, System::EventArgs * e)
       {
         MessageBox(NULL,"sup","lol",NULL);
       }

Or just use this function:

Code:
private: System::Void button1_Click(System::Object * sender, System::EventArgs * e)
       {
         MessageBox(NULL,"sup","lol",NULL);
       }
Leave a Comment more...

Get Adobe Flash playerPlugin by wpburn.com wordpress themes

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Check out these handy links!

Some of our tools, some of our friends, and some cool stuff on the web

Archives

All entries, chronologically...