TwelveSky2 cheat source code[C++]

Mr_Troy22 · 04/25/2011, 16:11

This is for educational purposes, releasing a cheat with this source code as a base is allowed if my name is on the credits list.

As you can see on the source code itself( the addresses ) this release was particulary for Aeria, yet with the right anti-detect methods you can bypass their anti-cheat and with changed addresses it will work for PH and Mayn versions of the game.
Note: The anti-cheats of both versions detect the memory editing method, the rest shouldn't be detected at all.

Features:
- Zoom hack ( NUMPAD 5 )
- First person mode ( NUMPAD 4 )
- GM Sight ( NUMPAD 2 )
- Swear filter bypass ( NUMPAD 3 )
- Ranged monster godmode(non-ranged monsters will dc you a few seconds later if you haven't killed them yet) ( NUMPAD 6 )
- Map time cheat ( NUMPAD 7 )
- Loot key spam ( NUMPAD 1 )

In-game information: press Alt + I

Sidenote: I use an alternative method of editing memory (the ordinary way is using ReadProcessMemory and WriteProcessMemory), from experience I've found out that my way works faster and better.

TS2_Main.cpp

Code:

#include <Windows.h> //Header required for DLL files 

//Addresses
// Zoom hack
LPVOID aZoomMax = (LPVOID)0x115e40a; // 20000
LPVOID aZoomMin = (LPVOID)0x115e406; // 0
LPVOID aCam = (LPVOID)0x115e402; //16511 for First person
// GM Sight hack
LPVOID aSight = (LPVOID)0x00491286; //Different method to show people's levels
// Boss godmode
DWORD aBGod = 0x00499319;
// Swear filter bypass
LPVOID aSwear = (LPVOID)0x005EF1F0;
// Map hack
LPVOID aMap = (LPVOID)0x11660EC;
LPVOID aMap2 = (LPVOID)0x11660f0;
// Faction
LPVOID aFaction = (LPVOID)0x01164800;

//Other global variables
BYTE	godMemory[] = {0x8B, 0x82, 0x74, 0x01, 0x00, 0x00}; //Original
BYTE	godMemory2[] = {0xB8, 0x00, 0x00, 0x00, 0x00, 0x90}; //Cheated
DWORD oldProtect; //For VirtualProtect function; storing protection value

//Bools --> global variables that have 2 values ; either 0 or 1, or easier: true or false
//GM sight
bool g_bGM				 = false; //Makes sure cheats aren't activated at runtime
//Swear filter bypass
bool g_bSwear			 = false;
//Map time cheat
bool g_bTime			 = false;
//Godmode cheat
bool g_bGod				 = false;
//Zoom cheat
bool g_bZoom			 = false;
//First person mode
bool g_bFPS				 = false;
//Loot spam
bool g_bLoot			 = false;
//Due to not having a menu, movement speed, attack speed, autopill can't be changed
//Currently I'm busy with experimenting with the chat command function to create
//chat commands for changing those values.

//References
DWORD __stdcall dwInitialize(LPVOID res);
DWORD __stdcall dwMain(LPVOID res);
DWORD __stdcall dwHotkeys(LPVOID res);

void v_sendMessage(char *a, int b);

int __stdcall DllMain ( HINSTANCE hInst, DWORD dwReason, LPVOID lpvReserved )
{
	if ( dwReason == DLL_PROCESS_ATTACH ) //DLL_PROCESS_ATTACH is a macro for the integer 1
	{
		CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)&dwInitialize, NULL, NULL, NULL ); //Create the initialization thread
	}
	return 1;
}

DWORD __stdcall dwInitialize(LPVOID res)
{
	CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)&dwMain, NULL, NULL, NULL ); //Create main thread
	CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)&dwHotkeys, NULL, NULL, NULL ); //Create main thread
	return 0;
}

DWORD __stdcall dwMain(LPVOID res)
{
	while(true)//Create an endless loop
	{
		if(g_bZoom) //Check if a bool is true
			{
				if(*(DWORD*)aZoomMin != 0 || *(DWORD*)aZoomMax != 20001)
				{
					VirtualProtect((LPVOID)aZoomMin, 4, PAGE_EXECUTE_READWRITE, &oldProtect); //VirtualProtect removes protections from memory area's , if you don't do this with memory edits, you'll crash the game lol
					*(DWORD*)aZoomMin = 0;
					VirtualProtect((LPVOID)aZoomMin, 4, oldProtect, &oldProtect);
					VirtualProtect((LPVOID)aZoomMax, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aZoomMax = 20001;
					VirtualProtect((LPVOID)aZoomMax, 4, oldProtect, &oldProtect);
					Sleep(25);
				}
			}
			else
			{
				if(*(DWORD*)aZoomMin == 0 || *(DWORD*)aZoomMax == 20001)
				{
					VirtualProtect((LPVOID)aZoomMin, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aZoomMin = 16840;
					VirtualProtect((LPVOID)aZoomMin, 4, oldProtect, &oldProtect);

					VirtualProtect((LPVOID)aZoomMax, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aZoomMax = 17174;
					VirtualProtect((LPVOID)aZoomMax, 4, oldProtect, &oldProtect);
					Sleep(25);
				}
			}
			if(g_bFPS)
			{
				if(*(DWORD*)aCam != 16511)
				{
					VirtualProtect((LPVOID)aCam, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aCam = 16511;
					VirtualProtect((LPVOID)aCam, 4, oldProtect, &oldProtect);
				}
			}
			else
			{
				if(*(DWORD*)aCam == 16511)
				{
					VirtualProtect((LPVOID)aCam, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aCam = 16840;
					VirtualProtect((LPVOID)aCam, 4, oldProtect, &oldProtect);
				}
			}
			if(g_bGM)
			{
				if(*(WORD*)aSight != 0x9090)
				{
					VirtualProtect((LPVOID)aSight, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(WORD*)aSight = 0x9090;
					VirtualProtect((LPVOID)aSight, 4, oldProtect, &oldProtect);
				}
			}
			else
			{
				if(*(WORD*)aSight == 0x9090)
				{
					VirtualProtect((LPVOID)aSight, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(WORD*)aSight = 0x737E;
					VirtualProtect((LPVOID)aSight, 4, oldProtect, &oldProtect);
				}
			}
			if(g_bSwear)
			{
				if(*(DWORD*)aSwear != 0)
				{
					VirtualProtect((LPVOID)aSwear, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aSwear = 0;
					VirtualProtect((LPVOID)aSwear, 4, oldProtect, &oldProtect);
				}
			}
			else
			{
				if(*(DWORD*)aSwear == 0)
				{
					VirtualProtect((LPVOID)aSwear, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aSwear = 319;
					VirtualProtect((LPVOID)aSwear, 4, oldProtect, &oldProtect);
				}
			}
			if(g_bGod)
			{
				if((BYTE*)aBGod != godMemory2)
				{
					VirtualProtect((LPVOID)aBGod, sizeof(godMemory2), PAGE_EXECUTE_READWRITE, &oldProtect);
					memcpy((void*)aBGod, (const void*)godMemory2, sizeof(godMemory2));//aBGod = godMemory2; --> memcpy works better here
					VirtualProtect((LPVOID)aBGod, sizeof(godMemory2), oldProtect, &oldProtect);
				}
			}
			else
			{
				if((BYTE*)aBGod != godMemory)
				{
					VirtualProtect((LPVOID)aBGod, sizeof(godMemory), PAGE_EXECUTE_READWRITE, &oldProtect);
					memcpy((void*)aBGod, (const void*)godMemory, sizeof(godMemory));//aBGod = godMemory; --> memcpy works better here
					VirtualProtect((LPVOID)aBGod, sizeof(godMemory), oldProtect, &oldProtect);
				}
			}
			if(g_bLoot) //Only works for American keyboards
			{
				keybd_event(VK_OEM_3, MapVirtualKey(VK_OEM_3, 0), 0, 0);
				Sleep(5);
				keybd_event(VK_OEM_3, MapVirtualKey(VK_OEM_3, 0), KEYEVENTF_KEYUP, 0);
				Sleep(10);
			}
			if(g_bTime)
			{
				if(*(DWORD*)aFaction == 0 && *(DWORD*)aMap != 1) //Guanyin
				{
					VirtualProtect((LPVOID)aMap, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aMap = 1;
					VirtualProtect((LPVOID)aMap, 4, oldProtect, &oldProtect);
				}
				if(*(DWORD*)aFaction == 1 && *(DWORD*)aMap != 6) //Fujin
				{
					VirtualProtect((LPVOID)aMap, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aMap = 6;
					VirtualProtect((LPVOID)aMap, 4, oldProtect, &oldProtect);
				}
				if(*(DWORD*)aFaction == 2 && *(DWORD*)aMap != 11) //Jinong
				{
					VirtualProtect((LPVOID)aMap, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aMap = 11;
					VirtualProtect((LPVOID)aMap, 4, oldProtect, &oldProtect);
				}
				if(*(DWORD*)aFaction == 3 && *(DWORD*)aMap != 140) //Nangin
				{
					VirtualProtect((LPVOID)aMap, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
					*(DWORD*)aMap = 140;
					VirtualProtect((LPVOID)aMap, 4, oldProtect, &oldProtect);
				}
			}
		Sleep(20); //Make sure the thread doesn't lag by adding a 20ms delay between each loop
	}
	return 0;
}

DWORD __stdcall dwHotkeys(LPVOID res)
{
	while(true)
	{
//GetAsyncKeyState is an awesome function that checks if a certain key is pressed :D
		if(GetAsyncKeyState(VK_NUMPAD1)&1) //Every key has it's own virtual key code, you can look them up on google
		{
			g_bLoot =! g_bLoot; //Toggle bool
			if(g_bLoot)v_sendMessage("Loot spam has been activated", 1);//Displays a white message, saying loot spam has been activated
			if(!g_bLoot)v_sendMessage("Loot spam has been deactivated", 1); //if(!bool) means if(bool == false)
			Sleep(100);
		}
		if(GetAsyncKeyState(VK_NUMPAD2)&1)
		{
			g_bGM =! g_bGM;
			if(g_bGM)v_sendMessage("GM Sight has been activated", 1);
			if(!g_bGM)v_sendMessage("GM Sight has been deactivated", 1);
			Sleep(100);
		}
		if(GetAsyncKeyState(VK_NUMPAD3)&1)
		{
			g_bSwear =! g_bSwear;
			if(g_bSwear)v_sendMessage("Swear filter bypass has been activated", 1);
			if(!g_bSwear)v_sendMessage("Swear filter bypass has been deactivated", 1);
			Sleep(100);
		}
		if(GetAsyncKeyState(VK_NUMPAD4)&1)
		{
			g_bFPS =! g_bFPS;
			if(g_bFPS)v_sendMessage("FPS mode has been activated", 1);
			if(!g_bFPS)v_sendMessage("FPS mode has been deactivated", 1);
			Sleep(100);
		}
		if(GetAsyncKeyState(VK_NUMPAD5)&1)
		{
			g_bZoom =! g_bZoom;
			if(g_bZoom)v_sendMessage("Zoom cheat has been activated", 1);
			if(!g_bZoom)v_sendMessage("Zoom cheat has been deactivated", 1);
			Sleep(100);
		}
		if(GetAsyncKeyState(VK_NUMPAD6)&1)
		{
			g_bGod =! g_bGod;
			if(g_bGod)v_sendMessage("Godmode cheat has been activated", 1);
			if(!g_bGod)v_sendMessage("Godmode cheat has been deactivated", 1);
			Sleep(100);
		}
                if(GetAsyncKeyState(VK_NUMPAD7)&1)
		{
			g_bTime =! g_bTime;
			if(g_bTime)v_sendMessage("Map time cheat has been activated", 1);
			if(!g_bTime)v_sendMessage("Map time cheat has been deactivated", 1);
			Sleep(100);
		}
		if(GetAsyncKeyState(VK_MENU)&1 && GetAsyncKeyState('I')&1) // Alt + I
		{
			v_sendMessage("TS2 cheater by Mr_Troy", 2);
			v_sendMessage("Numpad1 = Loot spam         Numpad2 = GM Sight", 2);
			v_sendMessage("Numpad3 = Swear filter	   Numpad4 = FPS mode", 2);
			v_sendMessage("Numpad5 = Zoom cheat		   Numpad6 = Godmode", 2);
			Sleep(500);
		}
		Sleep(20);
	}
	return 0;
}

void v_sendMessage(char *a, int b) //parameter a = the string , parameter b = the color
{
	LPVOID ts_send = (LPVOID)0x00523430; //This address can be found in olly by finding the string GM Command OK or something
										 //Which would look like :
										/*
										mov edx, dword ptr ds (or something with a pointer, idk which register either, im doing this outta my head)
										push edx
										push DEADBEEF --> string address
										mov ecx, DEADBEEF --> this address contains a class needed to call the function
										call 0xDEADBEEF
										*/
	__asm
	{
		push b
		push a
		mov ecx, 0x012E4900 //Class pointer
		call ts_send //ts_send is defined as a LPVOID, call requires a pointer to call a function and LPVOID seemed to me
		// as the best option to use
	}
}

acerr88 · 04/26/2011, 09:11

can any1 tell me or teach me how to use this code to make it in a trainer pls? ty

vtdved · 04/26/2011, 14:44

Quote:

Originally Posted by acerr88

can any1 tell me or teach me how to use this code to make it in a trainer pls? ty

its for c++ but i have no idea how to use it either XD

MegaHaska · 04/26/2011, 16:29

Bro here is kidna hard explain how work in C++ rly trust me
So with C++ you can make some hacks

darc01 · 04/26/2011, 18:04

is this working in every version?

corther · 04/26/2011, 18:07

its the base for hacks , this is aeria us i think(atleast it works for that) change adreeses for ur version, compile and inject

dabnoj · 10/08/2011, 08:06

easy lol you copy paste in a c++ IDE and then you update your adress and the cheat will work :P