Creating your first C++ dll Tool

Publicado por luchin On lunes, 22 de noviembre de 2010 0 comentarios

Creating your first C++ dll Tool

This is a follow on to my tutorial of game Tool with Vb.net. All of the code here is mine and not copy/pasted. Credit will be given where due to people who helped me with things that i will now help you with.

Okay so here goes:

First, load up Visual Studio or whatever it is you use and create a new "Win32 Application", set Application type to "DLL" and tick "Empty project".

Now we are ready.

Create a new SOURCE file called "main.cpp" and inside that, type this at the very top:

Code:
#include 
#include 
#include 
#include 
#include 
#include 
#include 
using namespace std;
This will incude all your typical headers.

Now, since this is a DLL, we are going to want to have functions that we can turn on or off so we need to create some new threads.

First and foremost, you must type this just below your includes:

Code:
BOOL WINAPI DllMain (HINSTANCE hModule, DWORD dwAttached, LPVOID lpvReserved)
{
    if (dwAttached == DLL_PROCESS_ATTACH) {
        CreateThread(NULL,0,&LoopFunction,NULL,0,NULL);
    }
    return 1;
}
In simple terms, it says, upon the attachment of this DLL to a process, create a new thread called "LoopFunction"

simple right......

Now, the reason we have created this thread is becuase we need to continually loop around so we can detect when a certain key has been pressed. We will come onto this later.

So, you need this code above the code you just typed:

Code:
DWORD WINAPI LoopFunction( LPVOID lpParam  )
{
//some CPU relief
    Sleep(200);
}


}
return 0;
}
Now, for my example, i will be locking the X-hairs in the game BF2142

Here we go....

Underneath the line

Code:
DWORD WINAPI LoopFunction( LPVOID lpParam  ) {
copy this:

Code:
BYTE StandingON[] = {0x8B, 0x02, 0x90};
    BYTE CrouchingON[] = {0x8B, 0x11, 0x90};
    BYTE ProneON[] = {0x8B, 0x08, 0x90};
    BYTE StandingOFF[] = {0x8B, 0x42, 0x4C};
    BYTE CrouchingOFF[] = {0x8B, 0x51, 0x50};
    BYTE ProneOFF[] = {0x8B, 0x48, 0x54};
This is defining a phrase as an array of bytes thus making our writeprocessmemory tasks much easier.

Once you have done that, put this underneath:

Code:
bool CrosshairOn = false;
Here we are using a boolean to determine or set the status of our Tool. The reason we put it here is so that when we first attach our dll it sets the boolean to false, meaning out Tool is not active. We will later set it to true so that our Tool turns on.....

After that line, leave a few lines and paste:

Code:
HANDLE bf2142 = GetCurrentProcess();
Due to the fatc we are using a DLL we are already inside the process and therefore can get the pid and other things very easily using this line of code.

Once again leave a few more lines and paste this:

Code:
if (GetAsyncKeyState(VK_F1)&0x80000)
{
    if (CrosshairOn ==  true) {
        WriteProcessMemory(bf2142, (void*)(0x05E2C88), &StandingOFF, 3, 0);
        WriteProcessMemory(bf2142, (void*)(0x05E2C93), &CrouchingOFF, 3, 0);
        WriteProcessMemory(bf2142, (void*)(0x05E2C9E), &ProneOFF, 3, 0);
        CrosshairOn = false;

    }
    else if( CrosshairOn ==  false ) {
        WriteProcessMemory(bf2142, (void*)(0x05E2C88), &StandingON, 3, 0);
        WriteProcessMemory(bf2142, (void*)(0x05E2C93), &CrouchingON, 3, 0);
        WriteProcessMemory(bf2142, (void*)(0x05E2C9E), &ProneON, 3, 0);
        CrosshairOn ==  true
    }

}
Here we are using our boolean.
Basically what it is doing is:

If the bool CrosshairOn = false then it knows that the Tool is inactive and thus performs the writememoryprocesses using the correct array of bytes that will lock my X-Hair at all times. If it finds that the bool CrosshairOn = true, then it does the opposite and writes the original bytes back to the correct offsets, thus making my x-hair return to normal.

You can add other Tool by doing this:

Code:
if (GetAsyncKeyState(VK_F2)&0x80000)
{
   

}
your finished code will look something along the lines of:
Code:
#include 
#include 
#include 
#include 
#include 
#include 
#include 
using namespace std;

DWORD WINAPI LoopFunction( LPVOID lpParam )
{

    BYTE StandingON[] = {0x8B, 0x02, 0x90};
    BYTE CrouchingON[] = {0x8B, 0x11, 0x90};
    BYTE ProneON[] = {0x8B, 0x08, 0x90};
    BYTE StandingOFF[] = {0x8B, 0x42, 0x4C};
    BYTE CrouchingOFF[] = {0x8B, 0x51, 0x50};
    BYTE ProneOFF[] = {0x8B, 0x48, 0x54};

    bool Crosshair = false;

    HANDLE bf2142 = GetCurrentProcess();

    while(1) {
        if (GetAsyncKeyState(VK_F1)&0x80000) {
            if (Crosshair == true) {
                WriteProcessMemory(bf2142, (void*)(0x05E2C88), &StandingOFF, 3, 0);
                WriteProcessMemory(bf2142, (void*)(0x05E2C93), &CrouchingOFF, 3, 0);
                WriteProcessMemory(bf2142, (void*)(0x05E2C9E), &ProneOFF, 3, 0);
                Crosshair = false;

            }
            else if( Crosshair == false) {
                WriteProcessMemory(bf2142, (void*)(0x05E2C88), &StandingON, 3, 0);
                WriteProcessMemory(bf2142, (void*)(0x05E2C93), &CrouchingON, 3, 0);
                WriteProcessMemory(bf2142, (void*)(0x05E2C9E), &ProneON, 3, 0);
                Crosshair = true;
            }

        }
    }
//some CPU relief
    Sleep(200);
    return 0;
}

BOOL WINAPI DllMain (HINSTANCE hModule, DWORD dwAttached, LPVOID lpvReserved)
{
    if (dwAttached == DLL_PROCESS_ATTACH) {
        CreateThread(NULL,0,&LoopFunction,NULL,0,NULL);
    }
    return 1;
}
That covers the very basics of creating your first Tool in C++, just post any questions



Credits:
Zoomgod
raiders
ReUnioN

All of the above helped and are still helping me learn.

Publicado por luchin en 18:46

0 comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)
Twitter Delicious Facebook Digg Stumbleupon Favorites More