 |
Cheat Engine
The Official Site of Cheat Engine
|
| View previous topic :: View next topic |
| Author |
Message |
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
 Posted: Mon Jul 07, 2008 6:04 pm Post subject: [TUT][v1] DLL's |
 |
|
(If you don't know hex, anything about bytes, AA/ASM, C++, or general hacking don't read this.)
This is a 3 part guide. It will teach you how to make *simple* scripts into C++, how to create a DLL, and how to make a GUI for your DLL. I will have some helpful references and attachments at the end.
Why I made this:
I made this because I had problems making dll's. I mainly had a lot of errors (which took 1000x more time), but a good tut and source might have helped me. Because I had so many errors, feel free to chat with me on MSNM.
_________________________
How to make scripts into C++
_________________________
This will just be quick, so you don't have a dll that does nothing.
We will convert this script:
| Code: | [ENABLE] //Swear Hack for MS v57 (From Pro-Surf's CT)
46f08c:
nop // 90
nop // 90
[DISABLE]
46f08c:
je 0046f0aa // 74 1C |
That is the swear hack, my favorite hack.  To change this code we need the bytes. (90 90, 74 1C) You can find the bytes in the memory viewer, or if your smart you can find other ways. Now we have two ways to convert that script:
1. Pointers
2. ASM
I like to use ASM as much as possible, but pointers are easier (usually).
With pointers you do this:
| Code: | DWORD address; //Create a DWORD variable
address = 0x46f08c; //Put the address into the variable
*(DWORD*)address = 0x9090 //Change the 2 bytes (DWORD) |
Now I first created a DWORD variable, to hold the address we are going to edit. Then we assigned the variable a value (the address). Then we edited its value by making address a pointer. The (DWORD) in front of the variable makes it a DWORD, (or (int),(long),etc). The * is an indecator for a pointer. Then the deactivate will look like this:
| Code: | | *(DWORD*)0x0046f08c = 0x1C74 |
| you wrote: | | Why is it 0x1C74, not 0x741C? |
The bytes are reversed, I can't think of an easy explanation here; just remember it.
With ASM you do this:
| Code: | | __asm mov dword ptr ds:[0x0046F08C],0x9090 |
Simple, yet powerful! I will not teach you ASM here, so deal! But you can be a leacher and use that code if you want.
Here is the deactivation:
| Code: | | __asm mov dword ptr ds:[0x0046F08C],0x1C74 |
Remember the bytes are reversed still. ^
That was the first part of the guide. I hope you learn something, but try to learn some more about pointers or ASM if that was confusing.
_______________
Creating your Dll:
_______________
You first must understand every compiler is different. I recommend VC++ for this task, and almost none other. I used VC++ 2008, but this should work with 2005, and other past versions.
1. Make a new project.
2. Select Empty. Then choose Dll, and check empty.
3. Configure your compiler (VC++), most will not. (But I had to, b/c I got every error imanginable while researching dll's)
4. Make a new header, cpp, and other files if needed/wanted.
5. Now you can start coding your DLL.
In normal C++ apps there is Main(); The auto loading function. In dll's their is DllMain, like in Win32 there is WinMain. [quote=you]But in front of WinMain there is WINAPI, is there something like that for Dlls?[/quote] Kinda, you can put WINAPI or APIENTRY, people just don't know that they are the same thing. APIENTRY is defined as WINAPI. Now b/c we have WINAPI we need #include <windows.h>, put that in your header. (Make sure you include your header file in your .cpp one). Now put this in your empty .cpp file:
| Code: | // include header
bool WINAPI DllMain(HMODULE hInst, DWORD reason, LPVOID reserved)
{
return TRUE;
} |
Then in a Dll you also need this:
| Code: | switch (reason)
{
case DLL_PROCESS_ATTACH:
DisableThreadLibraryCalls( hInst );
MessageBoxA (NULL, "Success!", "", MB_OK);
Func();
break;
case DLL_PROCESS_DETACH:
break;
/*case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;*/
} |
Put it inside your DllMain. The last part is commented out b/c you don't really need it. Now DLL_PROCESS_ATTACH is ran when you inject it, then if it works it will say Success! in a message box.
| Code: | | DisableThreadLibraryCalls( hInst ); |
This code makes it so the DLL_THREAD function calls are not in the dll, to make it faster/smaller/have less errors (b/c we commented them out it isnt needed). Now you may think you can just start making your app like any other in DllMain, NO! You need to put you code in DLL_PROCESS ATTACH, so it knows when to load it. But puting code into their still isnt a good idea, you will want to make a function that is called in there.
| Code: | MainLoop(int pause)
{
while(enabled_var == true)
{
//Code
Sleep(pause); // Less CPU intensive
}
}
// STUFF, DLLMAIN, ETC
case DLL_PROCESS_ATTACH:
MainLoop(10);
break; |
Thats a small example, then you will put your ASM or pointers where the Code comment is. If something isnt in those places it will not be ran, except functions that are called.
Now you want to make your hack to have an enable/disable ability. The best way is to check for a keypress, ex: F1, F2, F3, SHIFT+F1, etc. You will first need to make an boolean variable that is equal to if your hack is enabled or not (confused? You Shouldn't be making a dll.). Then in your loop put this:
| Code: | if (GetAsyncKeyState(0x71))
{
//Checks if key 0x71 (F1) is down
//If's go here, elses go there, etc
} |
| you wrote: | | What happens if I want it to activate when several keys are pressed? |
Here:
| Code: | if (GetAsyncKeyState(0x71) && GetAsyncKeyState(0x72))
{
//F1 + F2 ^
//code
} |
| you wrote: | | What happens if I don't know the key #'s? |
Go here or here to learn more about the GetAsyncKeyState() function!
Tip: Use this: | Code: | | if (GetAsyncKeyState(0x71) &0x8000) |
It will then check if it has been called durring the loop, but other programs can mess this up. Another problem is that it will toggle on/off really fast. I use message box's so that they know when they de/activated it, and pauses the loop. Other solutions are to put a delay when it is activated, or to make you need to push 2 keys to deactivate it (F1 + F1 & Shift).
- HalfPrime + Chaosis13
Your dll is starting to look snazzy! You might have about 50-75 lines, if you think it is too much, don't program anymore. (Many programs I have made are 1000-2000 lines, pros make 40,000-60,000 line codes often, NASA has 2.5+ millish lines of code - just for the ISS < I will work for it one day...) So I will leave the rest of the coding to you. -Except for my sample project.... Continue to add new features to your dll, PLZ LEARN C++/ASM (for the noobs).
______________
Making your GUI
______________
I am going to summerize 3 ways to make a GUI. With a console, message boxes, and windows (like a trainer). I find that a GUI is not needed, but I am am known to put some message boxes in (but for different reasons).
This section is about Win32 programming, read more about it if this is interesting. And remember, these concepts/codes can be used in other programs too!
Console:
Most might not consider this a GUI, but it is (normally dll's don't show anything). To make a console include this code in your header:
| Code: | #include <iostream>
using namespace std; |
Then add these commands to control your function:
| Code: | AllocConsole(void); // Creates a console
FreeConsole(void); // Removes the console
AttachConsole(); // Uses a console of another proccess... Hehehe.... |
Read more about the console and functions here!
Then you can take it from there. Use 'cout', 'cin', etc. If you need help check out the link above (I learned something too).
Message Boxes:
I like message boxes because they pause the program and wait for a response. This can come in handy, and tell the user whats going on, or lets them answer yes/no easier. There are three message box functions:
| Code: | #include <windows.h> // Need this at beginning of .cpp or .h file
MessageBox(*HWND hWnd, LPCTSTR lpText, LPCTSTR lpCaption, UINT uType); // Regular
MessageBoxA(*); // Ascii
MessageBoxW(*); // Unicode |
The last one is for Unicode and is outdated, but it is kept for compatibility. You will need to use MessageBoxA for your dll, but in other situations MessageBox will work (but isn't needed). Here is a sample on how to use it: | Code: | MessageBoxA(NULL, "Message", "Title", MB_OKCANCEL);
switch(msgboxID) {
case IDOK:
cout << "You pushed ok!";
case IDCANCEL:
cout << "You pushed cancel!";
} |
So you don't need a handle, so set it to NULL or 0. Then you have your message, then title; for example "Didn't load", "Error:". Then the last one (MB_OKCANCEL) tells what the box will look like. You don't need the switch in there, just use MB_OK at the end. To learn more go here. I highly suggest going to the link above, there is a lot more you can do with your message box.
Making Windows:
Making windows can be a complicated process, but Microsoft's Visual Studio projects make is simple to make windows and GUI's. When I did this I had to make my project in VC++ 2005, 2008 may work for you. Make a new, empty Dll project file. Then click on your project name and Add > New item > Windows Form (Or add it to your current Dll). Then you can start creating your form. Here is the simple process:
1. In the properties menu change the forms text to whatever you want ("DLL Trainer").
2. In the tool bar menu click on different GUI components to add.
3. Arrange, re-size, change text, etc of all GUI components. The properties menu may be needed.
4. Re-size your project, for no extra space.
5. Code it!
Coding your GUI is the hard, less fun part. But before I go into this I must tell you it is very complicated programming, you cannot learn it yourself! Get a book on it (after your C++ book), plz; I can only scratch the surface of the gigantic iceberg Win32 API is... Or something like that. You cannot learn it yourself, like you may have and I did, in VB.
First start by... I go to bed now. (tomorrow lol)
_______________
Helpful resources:
_______________
CEF:
A Very In Depth Tutorial on Auto Assembler -by samuri25404 << You da man!
[TUTORIAL] Basic Assembly -by Skyone
What are pointers? -by Dark Byte
Online:
theForger's Win32 API Programming Tutorial[url] -Brook Miles << Very good!
Books:
[url=http://www.amazon.com/C-Complete-Reference-Herbert-Schildt/dp/0078824761]C++: The Complete Reference -by Herbert Schildt
-More to come
___________
My DLL Pack:
___________
Includes WHOLE dll project source, dll injector, and compiled Swear Hack (My favorite hack, once again).
Will add later, when GUI tut is done.
_____________
Future Updates:
_____________
-Dll pack
-Video tut!
-Pic's ?
-Improve format
-Add more once I learn more!
-FLAWLESS AUTO DLL LOADER TUT! (FOR ANY GAME w/o .exe)
(C) 2008 Chaosis13 of CEF
^Don't leach it bitch! Yes, that is legal (you can argue with me on MSNM)!
Plz sticky moderator! OR move to General programming+ section, and make me coder?!?! 
Chat with me on MSNM if you need help with any programming, I love helping (and being helped back)!
Last edited by Chaosis13 on Tue Jul 08, 2008 10:20 pm; edited 6 times in total |
|
| Back to top |
|
 |
samuri25404
Grandmaster Cheater
 Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Mon Jul 07, 2008 7:01 pm Post subject: |
|
|
A few pointers on the C++:
You should make the decl of MainLoop the following
| Code: |
DWORD MainLoop( void ) {
//...
}
|
And make the sleep 10 (standard)
Then, create a BOOL at the top for when it wants to exit, and make the loop in MainLoop() check if that BOOL is TRUE (FALSE by default); you would set the BOOL to TRUE when DLL_PROCESS_DETACH is the parameter.
Also, use CreateThread for MainLoop(), because I know from experience that a lot of Dll Injectors assume that something is wrong if the DllMain() hasn't returned within 10 seconds.
You might also want to check out Wicc's dll tutorial, as it's a really good starting point for this (found on Extalia).
Otherwise, nice guide; good explanation, and nice use of a prominent (somewhat) script.
_________________
|
|
| Back to top |
|
|
Hieroglyphics
I post too much
 Reputation: 0
Joined: 06 Dec 2007
Posts: 2007
Location: Your bedroom
|
| Posted: Mon Jul 07, 2008 7:25 pm Post subject: |
|
|
You should say
*(DWORD*) is for 4 byte and *(WORD*) is for 2 byte.
It doesn't matter but just so that it is proper.
_________________
|
|
| Back to top |
|
|
HalfPrime
Grandmaster Cheater
![]() Reputation: 0
Joined: 12 Mar 2008
Posts: 532
Location: Right there...On your monitor
|
| Posted: Mon Jul 07, 2008 7:38 pm Post subject: |
|
|
| Quote: | | Also, use CreateThread for MainLoop(), because I know from experience that a lot of Dll Injectors assume that something is wrong if the DllMain() hasn't returned within 10 seconds |
Update that asap. It's incredibly bad form to do much of anything besides start a new thread from dllmain.
http://msdn.microsoft.akadns.net/en-us/library/ms682583.aspx
The relevant part:
| Quote: | The entry-point function should perform only simple initialization or termination tasks. It must not call the LoadLibrary or LoadLibraryEx function (or a function that calls these functions), because this may create dependency loops in the DLL load order. This can result in a DLL being used before the system has executed its initialization code. Similarly, the entry-point function must not call the FreeLibrary function (or a function that calls FreeLibrary) during process termination, because this can result in a DLL being used after the system has executed its termination code.
Because Kernel32.dll is guaranteed to be loaded in the process address space when the entry-point function is called, calling functions in Kernel32.dll does not result in the DLL being used before its initialization code has been executed. Therefore, the entry-point function can call functions in Kernel32.dll that do not load other DLLs. For example, DllMain can create synchronization objects such as critical sections and mutexes, and use TLS. Unfortunately, there is not a comprehensive list of safe functions in Kernel32.dll.
Windows 2000: Do not create a named synchronization object in DllMain because the system will then load an additional DLL.
Calling functions that require DLLs other than Kernel32.dll may result in problems that are difficult to diagnose. For example, calling User, Shell, and COM functions can cause access violation errors, because some functions load other system components. Conversely, calling functions such as these during termination can cause access violation errors because the corresponding component may already have been unloaded or uninitialized.
|
Also, when you use GetAsyncKeyState, it returns 2 things: whether the key has been pressed since the last time GetASyncKetystate was called and if it's currently down. You only want to know if it has been pressed since the last call. If you check if it's currently down, you will toggle it over and over each loop.
You can use
| Code: | | if(GetAsyncKeyState(key) &0x8000){} |
to only check whether it has been pressed since the last call. However, you may have to be careful as, if another program is using getasynckeystate at the same time, it can mess this up.
_________________
|
|
| Back to top |
|
|
Symbol
I'm a spammer
![]() Reputation: 0
Joined: 18 Apr 2007
Posts: 5094
Location: Israel.
|
| Posted: Mon Jul 07, 2008 8:02 pm Post subject: |
|
|
Thats what you don't use GetAsyncKeyState, but you use RegisterHotKey. 
I hate GetAsyncKeyState... 
|
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Mon Jul 07, 2008 8:05 pm Post subject: |
|
|
I just wanted them to get the basics, and for some reason CreatThread will not compile for me. If I get it to work for me, I will update it. I just wanted to make a fool proof tut.
I might update those small things once most of the GUI is done. This is still a working progress, but I am planing to add those more advanced concepts later...
|
|
| Back to top |
|
|
samuri25404
Grandmaster Cheater
Reputation: 7
Joined: 04 May 2007
Posts: 955
Location: Why do you care?
|
| Posted: Mon Jul 07, 2008 8:39 pm Post subject: |
|
|
| Chaosis13 wrote: | | I just wanted them to get the basics, and for some reason CreatThread will not compile for me. If I get it to work for me, I will update it. I just wanted to make a fool proof tut. |
Post the errors and code?
_________________
|
|
| Back to top |
|
|
Hieroglyphics
I post too much
Reputation: 0
Joined: 06 Dec 2007
Posts: 2007
Location: Your bedroom
|
| Posted: Tue Jul 08, 2008 3:48 pm Post subject: |
|
|
I would like to learn to make a GUI, can you link me to another tut until yours is done?
_________________
|
|
| Back to top |
|
|
lurc
Grandmaster Cheater Supreme
 Reputation: 2
Joined: 13 Nov 2006
Posts: 1900
|
| Posted: Tue Jul 08, 2008 3:58 pm Post subject: |
|
|
| mrkrishan wrote: | | I would like to learn to make a GUI, can you link me to another tut until yours is done? |
theForger's Win32 API Tutorial
_________________
|
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Tue Jul 08, 2008 9:49 pm Post subject: |
|
|
| I forgot to add that link... Thats a good site. Me add it at update....
|
|
| Back to top |
|
|
oib111
I post too much
 Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Tue Jul 08, 2008 10:27 pm Post subject: |
|
|
| Quote: |
There are three message box functions:
|
There are only two. MessageBox is an alias for MessaegBoxA and MessageBoxW.
| Code: |
#define MessageBox MessageBoxA
#define MessageBox MessageBoxW
|
| Quote: |
The last one is for Unicode and is outdated, but it is kept for compatibility.
|
Unicode isn't outdated  It's a common character set used today.
| Quote: |
You will need to use MessageBoxA for your dll
|
No. You don't.
| Quote: |
Making windows can be a complicated process, but Microsoft's Visual Studio projects make is simple to make windows and GUI's.
|
That's nice for people who like to use Visual Studio, but there are plenty of people who use Win32 API who don't want to use Visual Studio.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
atom0s
Moderator
 Reputation: 205
Joined: 25 Jan 2006
Posts: 8587
Location: 127.0.0.1
|
| Posted: Wed Jul 09, 2008 6:08 am Post subject: |
|
|
You don't have to use Visual Studio to create dialogs either, you can use notepad, or any other resource editor.
You should also run all your code within a thread, as injecting during run time can prevent things from happening in some processes, such as writing to memory. If the process is still "frozen" during the startup of your DLL, some things will not work as planned.
_________________
- Retired. |
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Wed Jul 09, 2008 1:51 pm Post subject: |
|
|
lol, I dont like visual studios, but thats the compiler I am using for the tut and example. And Unicode is still used, but check out this here:
| Microsoft wrote: | | Windows 95/98/Me: Even though MessageBoxW exists, it is supported by the Microsoft Layer for Unicode on Windows 95/98/Me Systems to give more consistent behavior across all Windows operating systems. |
Found here. They just have it to keep support for older systems. I would use Unicode for multiple languages though.
And I use MessageBoxA, cuz the others will not compile in a dll. I dont know about other people....
And I know about creating a new thread, but once again I get so many F**king errors! So untill I can fix em too bad, find a different injector.
But to make everyone happy I will try to work on the small issues in my F**king tut. I said I wasn't done and am adding more when I know more.
|
|
| Back to top |
|
|
oib111
I post too much
Reputation: 0
Joined: 02 Apr 2007
Posts: 2947
Location: you wanna know why?
|
| Posted: Wed Jul 09, 2008 1:55 pm Post subject: |
|
|
95/98/Me are not recent OSes released by Microsoft. And almost everyone in this forum is either running XP, Vista, or dual booting between Windows/Linux. Seeing as those aren't 95/98/Me that doesn't apply.
_________________
| 8D wrote: |
cigs dont make people high, which weed does, which causes them to do bad stuff. like killing |
|
|
| Back to top |
|
|
Chaosis13
Master Cheater
![]() Reputation: 0
Joined: 14 Aug 2007
Posts: 372
|
| Posted: Wed Jul 09, 2008 2:01 pm Post subject: |
|
|
| Whats that suppose to mean? And then again why would I tell em to use MessageBoxW? I use XP and Vista, so if A works, why do I care (or anyone else)?
|
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
You cannot attach files in this forum
You can download files in this forum
|
|
FAQ
Search
Memberlist
Usergroups
Register
Profile
Log in to check your private messages
Log in
