Making your own Wallhack

Discussion in 'C and C++' started by GenPhsyko, Aug 1, 2012.

  1. Hello guys, I would like to share a little something to everyone especially to those who want's to make their own Wallhack.

    By the way, making your own Wallhack is not that easy as you say. You must master C++ Programming Language first before you are able to make one.

    If you don't know how to code or haven't experienced or encountered them yet, then don't you dare to continue because you will be needing your own source to make a new or a latest Wallhack.

    If you do, then here's a Guide for you

    Guide Contents:
    • How to Compile a Wallhack
    • Making Hacks Undetected
    • Tutorial on DirectX (Must know C++)
    • C++ Language Tutorial
    • Where to learn ASM (also required to make wallhack)
    • How to make GG Bypass










    ------------How to Compile a Wallhack----------

    1. Download and Install Visual C++ here is a link Visual C++.
    2. Download Direct SDK DirectX SDK - (Summer 2004).
    3. Open Visual C++ 2008 Express Edition and Click Create Projects.
    4. In Project types Click on Win32 then on the Right side click Win32 Project then Name Your Project and Click Ok.
    5. Click Application Settings , Click on dll option and Click Finish.
    6. Copy the source and Paste it on your Blank page of your project name (.cpp)

    name.cpp
    Code:
    /*creds to me,Roverturbo,Azorbix,Frit0 ,unreal*/
     
     
    #include 
    #include 
    #include 
    #include 
    #include "log.h"
    #include 
    #include 
    #pragma comment(lib, "d3dx8.lib")
    #pragma comment(lib, "d3d8.lib")
    using namespace std;
    static DWORD dwBeginScene            = 0x6D9D9250;
    static DWORD dwEndScene                = 0x6d9d93a0;
    static DWORD dwDrawIndexedPrimitive = 0x6d9d73a0;
    static DWORD dwSetStreamSource        = 0x6d9d6760;
    static DWORD dwSetViewport            = 0x6d9d5b90    ;
     
     
    int m_Stride;
    int texnum;
    int nNumVertices;
    int nPrimitiveCount;
     
    LPDIRECT3DTEXTURE8  Red,Yellow,Green,Blue,Purple,Pink,Orange;
    bool Color = true;
    bool Logger = false;
    ofstream ofile;    
    char dlldir[320];
    float ScreenCenterX = 0.0f;
    float ScreenCenterY = 0.0f;
    bool xhair = false;
    bool WallHack = false; 
    bool WallHack2 = false;
    HANDLE hand1       =NULL;
    HANDLE hand2       =NULL;
     
    DWORD bytes;
     
    //Logger
    int texarray[1000]; 
    int arraycounter; 
    int delarray[500]; 
    int dcount; 
    unsigned int arrc;
    int i=0;
     
     
    D3DCOLOR redt = D3DCOLOR_XRGB( 255, 0, 0 );
     
     
    char *GetDirectoryFile(char *filename)
    {
        static char path[320];
        strcpy(path, dlldir);
        strcat(path, filename);
        return path;
    }
     
    void __cdecl add_log (const char *fmt, ...)
    {
        if(ofile != NULL)
        {
            if(!fmt) { return; }
     
            va_list va_alist;
            char logbuf[256] = {0};
     
            va_start (va_alist, fmt);
            _vsnprintf (logbuf+strlen(logbuf), sizeof(logbuf) - strlen(logbuf), fmt, va_alist);
            va_end (va_alist);
     
            ofile >28)&0xF)20)&0xF)12)&0xF)4)&0xF)UnlockRect(0);
     
        return S_OK;
    }
     
     
    //=================================EndScene_Start=================================================================================//
    typedef HRESULT ( WINAPI* oEndScene ) ( LPDIRECT3DDEVICE8 pDevice );
    oEndScene pEndScene;
     
    HRESULT WINAPI myEndScene(LPDIRECT3DDEVICE8 pDevice)
    {
    if(Color)
    { 
    GenerateTexture(pDevice, &Red,      D3DCOLOR_ARGB    (255   ,   255  ,     0      ,    0      ));
    GenerateTexture(pDevice, &Yellow,   D3DCOLOR_ARGB    (255   ,   255  ,     255    ,    0      ));
    GenerateTexture(pDevice, &Green,    D3DCOLOR_ARGB    (255   ,   0    ,     255    ,    0      ));
    GenerateTexture(pDevice, &Blue,     D3DCOLOR_ARGB    (255   ,   0    ,     0      ,    255    ));
    GenerateTexture(pDevice, &Purple,   D3DCOLOR_ARGB    (255   ,   102  ,     0      ,    153    ));
    GenerateTexture(pDevice, &Pink,     D3DCOLOR_ARGB    (255   ,   255  ,     20      ,   147    ));
    GenerateTexture(pDevice, &Orange,   D3DCOLOR_ARGB    (255   ,   255  ,     165      ,  0      ));
    Color=false; 
    }
     
    if(xhair)
    {
      D3DRECT rec2 = {ScreenCenterX-20, ScreenCenterY, ScreenCenterX+ 20, ScreenCenterY+2};
      D3DRECT rec3 = {ScreenCenterX, ScreenCenterY-20, ScreenCenterX+ 2,ScreenCenterY+20};
      pDevice->Clear(1, &rec2, D3DCLEAR_TARGET,redt, 0,  0);
      pDevice->Clear(1, &rec3, D3DCLEAR_TARGET,redt, 0,  0);
    }    
     
    //=============================================UnHooK_Start===================================================//
     
    if((GetAsyncKeyState(VK_F5)&1))        
    {    
    int end    =NULL;
    int dip    =NULL;
    int svp    =NULL;
    int sss    =NULL;
     
     
    BYTE Unhook[5] = {0x8B,0xFF,0x55,0x8B,0xEC};//Original Function Bytes.
    hand1 = GetCurrentProcess();
    DWORD dwmodualBase=(DWORD)GetModuleHandle("d3d8.dll");
    end = 0x6d9d93a0;
    dip = 0x6d9d73a0;
    svp = 0x6d9d5b90;
    sss = 0x6d9d6760;
     
    WriteProcessMemory(hand1, (void*) end, Unhook, 5, &bytes);
    WriteProcessMemory(hand1, (void*) dip, Unhook, 5, &bytes);
    WriteProcessMemory(hand1, (void*) svp ,Unhook, 5, &bytes);
    WriteProcessMemory(hand1, (void*) sss,Unhook, 5, &bytes);
    }    
    //=========================================UnHook_End=========================================================//
     
    if((GetAsyncKeyState(VK_F1)&1)){xhair=!xhair;}        
    if((GetAsyncKeyState(VK_F2)&1)){WallHack=!WallHack;}        
     
    return pEndScene(pDevice);
    }
    //====================================EndScene_End============================================================================//
     
     
     
     
    //=================================Dip_Start============================================================================================//
    typedef HRESULT ( WINAPI* oDrawIndexedPrimitive ) ( LPDIRECT3DDEVICE8 pDevice, D3DPRIMITIVETYPE pType, UINT nMinIndex, UINT nNumVertices, UINT nStartIndex, UINT nPrimitiveCount );
    oDrawIndexedPrimitive pDrawIndexedPrimitive;
     
    HRESULT WINAPI myDrawIndexedPrimitive(LPDIRECT3DDEVICE8 pDevice, D3DPRIMITIVETYPE pType, UINT nMinIndex, UINT nNumVertices, UINT nStartIndex, UINT nPrimitiveCount)
    {
     
     
     
     
    if(WallHack)
    {
    texnum = (nNumVertices*100000)+nPrimitiveCount; 
        if(m_Stride==40 && 
     
      (texnum==7500121 )||(texnum==8500105 )||(texnum==12400168)||(texnum==37000650)||
      (texnum==18000274)||(texnum==8800105 )||(texnum==36900650)||(texnum==19600314)||
      (texnum==21800306)||(texnum==7500121 )||(texnum==8500105 )||(texnum==12400168)||
      (texnum==21800306)||(texnum==36900650)||(texnum==7500121 )||(texnum==37000650)||
      (texnum==18000274)||(texnum==7500121 )||(texnum==8500105 )||(texnum==38000658)||
      (texnum==22100268)||(texnum==62400752)||(texnum==27900456)||(texnum==45700654)|| 
      (texnum==4800040 )||(texnum==83600752)||(texnum==33400477)||(texnum==38100666)|| 
      (texnum==2800036 )||(texnum==62400752)||(texnum==29700492)||(texnum==84900778)|| 
      (texnum==27500442)||(texnum==52100658)||(texnum==62400752)||(texnum==33600552)|| 
      (texnum==44100646)||(texnum==18000274)||(texnum==37200508)||(texnum==45700654)|| 
      (texnum==37200508)||(texnum==52100658)||(texnum==52100658) &&
     
     
     
         (nNumVertices == 100 && nPrimitiveCount == 121) || //Foot 
         (nNumVertices == 105 && nPrimitiveCount == 168) || //Right Arm 
         (nNumVertices == 132 && nPrimitiveCount == 180) || //Hand 
         (nNumVertices == 159 && nPrimitiveCount == 200) || //Left Arm 
         (nNumVertices == 338 && nPrimitiveCount == 534) || //Underbody    thanks japennese guy =)
         //(nNumVertices == 448 && nPrimitiveCount == 776) || //Head 
         (nNumVertices == 804 && nPrimitiveCount == 1016) || //Body //SRG Option item 
         (nNumVertices == 109 && nPrimitiveCount == 110) || //Bulletproof Vest 
         (nNumVertices == 336 && nPrimitiveCount == 532)) //Battle Pants
     
    {
    pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
    pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
    pDevice->SetTexture(0,Orange);
    //pDevice->SetRenderState(D3DRS_FILLMODE, D3DFILL_WIREFRAME );
     
    pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
     
    //pDevice->SetRenderState(D3DRS_FILLMODE, D3DFILL_SOLID );
    pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
    pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
    pDevice->SetTexture(0,Pink);
    }            
     
    if(m_Stride==40 && texnum== 21300174)    
    {
    pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
    pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
    pDevice->SetTexture(0,Green);//GreenNade
    pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
    pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
    pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
    pDevice->SetTexture(0,Purple);
    }       
     
     
    if(nNumVertices == 158 && nPrimitiveCount == 131)
    {
    pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
    pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
    pDevice->SetTexture(0,Red);//GreenNade
    pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
    pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
    pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
    pDevice->SetTexture(0,Yellow);
    }
     
    if (nNumVertices == 171 && nPrimitiveCount == 143)
    {
     
    pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
    pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_NEVER);
    pDevice->SetTexture(0,Red);//GreenNade
    pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
    pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE);
    pDevice->SetRenderState(D3DRS_ZFUNC,D3DCMP_LESSEQUAL);
    pDevice->SetTexture(0,Yellow);
    }
     
     
     
    if(m_Stride==40 &&//face,mask etc...
    (texnum==36700612) ||
    (texnum==9600172 ) ||
    (texnum==14200236) ||
    (texnum==37800552) ||
    (texnum==28100486) ||
    (texnum==35500568) ||
    (texnum==2200024 ) ||
    (texnum==16200243) ||
    (texnum==31900466) ||
    (texnum==19300342) ||
    (texnum==36200604) ||
    (texnum==21300290) ||
    (texnum==35700558) ||
    (texnum==22100396) ||
    (texnum==36100604) ||
    (texnum==27100464) ||
    (texnum==11400180) ||
    (texnum==34900580) ||
    (texnum==13200212) ||
    (texnum==34700538) ||
    (texnum==19500352)&&
    (nNumVertices == 448 && nPrimitiveCount == 776))
     
    {
    pDevice->SetTexture(0,Blue);
    }
     
     
    {
    pDevice->SetRenderState(D3DRS_FOGENABLE,false);
    }
     
    /*Logger
    if(m_Stride==40){
     
     
     while(GetAsyncKeyState(VK_NUMPAD1)&1) arrc--; //Used as manual index for adding textures to delarray
        while(GetAsyncKeyState(VK_NUMPAD3)&1) arrc++;
        bool alrdy=false;
        bool inarr=false;
     
            if(texarray[arrc]==texnum)
                if(delarray[i]==texarray[arrc])
                alrdy=true;
        for(int i=0;iSetTexture(0, NULL);
                pDevice->GetRenderState(D3DRS_ZENABLE, &dwOldZEnable); 
                pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);
                if(alrdy) //Different colors for selected models that are already being logged (For removal from array)
                    texCol=Blue;
                else
                    texCol=Red;
               pDevice->SetTexture(0, texCol);
                pDrawIndexedPrimitive(pDevice, pType, nMinIndex, nNumVertices, nStartIndex, nPrimitiveCount);
                pDevice->SetRenderState(D3DRS_ZENABLE, dwOldZEnable);
     
        }
    }
    if(GetAsyncKeyState(VK_F5)&1) add_log("Logged tesx: %i", texarray[arrc]); //F5 will print currently selected texnum to logfile
    if(GetAsyncKeyState(VK_F6)&1) { //For adding/removing textures to array
        bool inarr=true;
        for(int k=0;k 0; i--) { if(dlldir[i] == '\\') { dlldir[i+1] = 0; break; } }
            ofile.open(GetDirectoryFile("log.txt"), ios::app);    
            //=========Log=========================//
     
            pBeginScene = (oBeginScene)DetourFunction((PBYTE)dwBeginScene, (PBYTE)myBeginScene);
            pEndScene = (oEndScene)DetourFunction((PBYTE)dwEndScene, (PBYTE)myEndScene);
            pDrawIndexedPrimitive = (oDrawIndexedPrimitive)DetourFunction((PBYTE)dwDrawIndexedPrimitive, (PBYTE)myDrawIndexedPrimitive);
            pSetStreamSource = (oSetStreamSource)DetourFunction((PBYTE)dwSetStreamSource, (PBYTE)mySetStreamSource);
            pSetViewport=(oSetViewport)DetourFunction((PBYTE)dwSetViewport,(PBYTE)mySetViewport);
     
    }
    return TRUE;
    }
    7.Delete dllmain.cpp You don't Need it.
    8. Include stdafx.h should be on top of Other Includes.
    9. Click on Projects on top, Click Add New Item.
    10.Click on Header file (.h), Name it log and Click Add.
    11. Copy and Paste the source on the Header file you Created.

    log.h (a header file)
    Code:
    #define WIN32_LEAN_AND_MEAN
     
    #ifndef _MAIN_H
    #define _MAIN_H
     
    char *GetDirectoryFile(char *filename);
    void __cdecl add_log (const char * fmt, ...);
    #endif
    12. Go to tools>>option-projects and solution-VC++directories and add direct sdk Summer 2004 includes and library .
    13. Click on Project And then Click Properties.
    14. Click on Configuration Properties , On the Right side on Character set, Change "Use Unicode Character set" to "Use Multi-Byte Character set" and Click Ok.
    15. Download the files i attached in this thread and place the detours.h in your Include folder C:\Program Files\Microsoft Visual Studio 9.0\VC\include and Detours.lib in your Library folder C:\Program Files\Microsoft Visual Studio 9.0\VC\lib.
    16. Click Build and Build your Project.
    17. You will find your DLL file in C:\Documents and Settings\TheIFear\My Documents\Visual Studio 2008\Projects\(name of your dll)\Debug, and you will find your dll.










    ----------Making Hacks Undetected----------

    This one is D3D-sided codes

    Ok all your D3D hooks go through to be formed into the device. Once this is done and D3D is hooked you can release create device so that it wont be detected.
    I do so in my base with this code in my CreateDevice Reclass

    Code:
    //your create device code
    //the we move onto
    //Device Unhooking
    unsigned long ulProtect;
            VirtualProtect(&D3D8_object[15], 4, PAGE_EXECUTE_READWRITE, &ulProtect);
            *(unsigned long*)&D3D8_object[15] = (unsigned long)pCreateDevice;
            VirtualProtect(&D3D8_object[15], 4, ulProtect, &ulProtect);
    //

    Then you will need to initialise your device
    Code:
    YourDevice = *ppReturnedDeviceInterface; //Rename to your Device

    Its also a good idea to log this to see if it worked
    to do that just say
    else{ add_log("D3D create device error...\n"); }
    Then return to your device.

    Now lets look at another method
    2)another way **** it hack GG.
    4)code cave the hook int3->Jmp then in the code cave->Jmp(detour)d3d functions ->jmp back to original flow ;Hook hopin

    Now i thought Number 2 looked hansom but then i thought that i could adapt that view point to number 4 which basicly bypasses GG.
    now I am not going to go through ASM debugging to detour your d3d hook
    but were not really going to be caving like 4) says. Due to the fact that were dropping the Cave early - we can just Jmp to a nice clean bit of space (0900001C) looks pretty nice place to settle.
    Then in our C++ for this we __asm for the jmp. Now fatboy88 says to detour our d3d functions, thats all good fun but more univsersaly we could Jmp the GG check. Therefore placing more memory crazy hacks and also you would be bypassing a clean reg for debugger logging and looting.










    ----------Tutorial on DirectX and C++ Basics----------

    1. Download The latest Direct X SDK Which can be found here Microsoft DirectX Downloads
    2. Then Install - duh?!
    3. click START
    ALL programs
    Direct X SDK
    Then Click on
    Direct X sample browser.
    4. then you will see lots of TUTs

    then go down
    and you will see the "Create device" tut
    there is more stuff like pixel shredder, textures .etc
    5. then click on the documentation and READ.

    TO Understand this tut please learn C++

    THIS TUT IS FOR PEOPLE WHO KNOW C++ BUT WANNA LEARN DIRECT X

    Enjoy.










    ----------C++ Language Tutorial----------

    For those who has the guts to learn everything about the C++ from basics to professional coding structure, here's the link C++ Tutorial Complete










    ----------Where to learn ASM (also required to make wallhack)----------

    ASM stands for Automatic Storage Management

    is a feature provided by Oracle Corporation within the Oracle Database from release Oracle 10g (revision 1) onwards. ASM aims to simplify the management of database files. To do so, it provides tools to manage file systems and volumes directly inside the database, allowing database administrators (DBAs) to control volumes and disks with familiar SQL statements in standard Oracle environments. Thus DBAs do not need extra skills in specific file systems or volume managers (which usually operate at the level of the operating system).

    With ASM:

    • IO channels can take advantage of data striping and software mirroring
    • DBAs can automate online redistribution of data, along with the addition and removal of disks/storage
    • the system maintains redundant copies and provides 3rd-party[citation needed] RAID functionality
    • Oracle supports third-party multipathing IO technologies (such as failover or load balancing to SAN access)
    • the need for hot spares diminishes











    ----------How to make GG Bypass----------

    You need to know how to:
    Make a Wallhack *posted on forum
    JMP functions *I posted in a tutorial
    Open Soldierfront in OllyDBG - download OllyDBG goto soldierfront.exe and open
    Unpack Soldierfront *I found that its packed with ASProtect
    Copy the memory to a txt file *BAsic computer skills & logic
    Now to bypass Gameguard we just need to know where it interupts
    Search for "GameHack Detcted" (or whatever it says in that dialog box)
    Now look through the ASM in memory before it, you will see where it loads gameguard then releases it. Now you need to let it load gameguard else it will crash you, but you need to stop everything after that and before the final Push command. now this is really easy. Just find the Address before GameGuard kicks you, and look at the address after. JMP to empty memory, its as simple as JMP 910000 (Asuming 9100000 is in open memory) then all you have to do is return to the address that you found after the check.
    Done...
    Its so damn simple compared to most bypass coding. Yet so effective.
    Please just have a go - you would be suprised as to how damn simple this is. Everyone just gives up when they see an ASM command like JMP.





    ----------------------------------------------------------------------




    Credits to me for the Tutorial.
    Sorry for I didn't add some photos for you to easily understand the tutorial but I did mention that If you don't know how to code or haven't experienced or encountered them yet, then don't you dare to continue because you will be needing your own source to make a new or a latest Wallhack.

    Learn and be a Professional in C++ Programming.
     
  2. ano po ba yang C++
     
  3. grabi, kakahilo to. pero nice tutorial.. very helpful..
     
  4. thanks............
    [hr]
    thank's.............................................................................................................................................................................................................................................................................,,,,,,,,,,,,,
     
  5. nose bleed.... :) nice tutorial...
     
  6. coder ka ? hmpk ... :)
     
  7. ano po ba yang C++



    C++ is a statically typed, free-form, multi-paradigm, compiled, general-purpose programming language. It is regarded as an intermediate-level language, as it comprises a combination of both high-level and low-level language features.
    [hr]
    Dream' pid='13423' dateline='1343788130']
    grabi, kakahilo to. pero nice tutorial.. very helpful..



    It's very easy when you get the hang of it. But if you really want to learn C++ from BASIC to the Professional way, you must go to college and take the course that has computer-related fields.
     
  8. @genphskyko - Are you a Pilipino..??
     
  9. Khaylaj' pid='14228' dateline='1343897525']
    @genphskyko - Are you a Pilipino..??



    Yes, I am definitely a hundred-percent Filipino. Sorry for being such an english-speaking guy. It's just that I manage to speak english most of the time. Why did you ask?
     
  10. Thankk k+!!!!
    [hr]
    Thankk k+!!!!
     
  11. Always happy to help and share. If you have questions regarding SF DFI hacks, I will entertain you. Don't worry about the delay of the reply, I am active in this community.
     
  12. Undetected ba ang source na2?
     
  13. ma testing nga ito
     
  14. Jerome' pid='14366' dateline='1343913228']
    Undetected ba ang source na2?



    Sadly, this Source is just an example. You have to make or find your own NEW Source to make another wallhack. You can also make it undetected if you've got intense coding skills.
    [hr]

    ma testing nga ito



    If you're trying to test these previous posted codes, the hack will be detected. This is just only an example. Only experienced coders will be able to understand the codes of ASM/C++
     
  15. Magulo pero Thanks nalang =)
     
  16. thanks. dito ^^
     
  17. Magulo pero Thanks nalang =)



    You just say it's kinda messy because you don't understand the program structure but Thanks for the feedback by the way.
     
  18. hey gen psycho death note fan :)
    pde maglagay ka ng tutorial kung pano magedit ng hack or .dll?
    gusto ko kase walang menu at text sa taas.. nakakalag
     
  19. thanks. dito ^^



    No problem, make sure you know or you understand the program structure or else you will fail from attempting it. You will also be needing your own Source in order for you to make a new and an updated Wallhack.
    [hr]

    hey gen psycho death note fan :)
    pde maglagay ka ng tutorial kung pano magedit ng hack or .dll?
    gusto ko kase walang menu at text sa taas.. nakakalag



    Okay, I will keep in touch to your request. Just wait for me to make a new thread about editing .dll files. I assure you, it will be complicated.
     
  20. kadugo .. aheheheheh nice nmn po ii :D
     

Share This Page