![TwelveSky2 cheat source code[C++]](https://www.elitepvpers.com/forum/iconimages/12sky2-hacks-bots-cheats-exploits/twelvesky2-cheat-source-code-c_ltr.gif){kind=small}
As you can see on the source code itself( the addresses ) this release was particulary for Aeria, yet with the right anti-detect methods you can bypass their anti-cheat and with changed addresses it will work for PH and Mayn versions of the game.
Note: The anti-cheats of both versions detect the memory editing method, the rest shouldn't be detected at all.
Features:
- Zoom hack ( NUMPAD 5 )
- First person mode ( NUMPAD 4 )
- GM Sight ( NUMPAD 2 )
- Swear filter bypass ( NUMPAD 3 )
- Ranged monster godmode(non-ranged monsters will dc you a few seconds later if you haven't killed them yet) ( NUMPAD 6 )
- Map time cheat ( NUMPAD 7 )
- Loot key spam ( NUMPAD 1 )
In-game information: press Alt + I
Sidenote: I use an alternative method of editing memory (the ordinary way is using ReadProcessMemory and WriteProcessMemory), from experience I've found out that my way works faster and better.
TS2_Main.cpp
Code:
#include <Windows.h> //Header required for DLL files
//Addresses
// Zoom hack
LPVOID aZoomMax = (LPVOID)0x115e40a; // 20000
LPVOID aZoomMin = (LPVOID)0x115e406; // 0
LPVOID aCam = (LPVOID)0x115e402; //16511 for First person
// GM Sight hack
LPVOID aSight = (LPVOID)0x00491286; //Different method to show people's levels
// Boss godmode
DWORD aBGod = 0x00499319;
// Swear filter bypass
LPVOID aSwear = (LPVOID)0x005EF1F0;
// Map hack
LPVOID aMap = (LPVOID)0x11660EC;
LPVOID aMap2 = (LPVOID)0x11660f0;
// Faction
LPVOID aFaction = (LPVOID)0x01164800;
//Other global variables
BYTE godMemory[] = {0x8B, 0x82, 0x74, 0x01, 0x00, 0x00}; //Original
BYTE godMemory2[] = {0xB8, 0x00, 0x00, 0x00, 0x00, 0x90}; //Cheated
DWORD oldProtect; //For VirtualProtect function; storing protection value
//Bools --> global variables that have 2 values ; either 0 or 1, or easier: true or false
//GM sight
bool g_bGM = false; //Makes sure cheats aren't activated at runtime
//Swear filter bypass
bool g_bSwear = false;
//Map time cheat
bool g_bTime = false;
//Godmode cheat
bool g_bGod = false;
//Zoom cheat
bool g_bZoom = false;
//First person mode
bool g_bFPS = false;
//Loot spam
bool g_bLoot = false;
//Due to not having a menu, movement speed, attack speed, autopill can't be changed
//Currently I'm busy with experimenting with the chat command function to create
//chat commands for changing those values.
//References
DWORD __stdcall dwInitialize(LPVOID res);
DWORD __stdcall dwMain(LPVOID res);
DWORD __stdcall dwHotkeys(LPVOID res);
void v_sendMessage(char *a, int b);
int __stdcall DllMain ( HINSTANCE hInst, DWORD dwReason, LPVOID lpvReserved )
{
if ( dwReason == DLL_PROCESS_ATTACH ) //DLL_PROCESS_ATTACH is a macro for the integer 1
{
CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)&dwInitialize, NULL, NULL, NULL ); //Create the initialization thread
}
return 1;
}
DWORD __stdcall dwInitialize(LPVOID res)
{
CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)&dwMain, NULL, NULL, NULL ); //Create main thread
CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)&dwHotkeys, NULL, NULL, NULL ); //Create main thread
return 0;
}
DWORD __stdcall dwMain(LPVOID res)
{
while(true)//Create an endless loop
{
if(g_bZoom) //Check if a bool is true
{
if(*(DWORD*)aZoomMin != 0 || *(DWORD*)aZoomMax != 20001)
{
VirtualProtect((LPVOID)aZoomMin, 4, PAGE_EXECUTE_READWRITE, &oldProtect); //VirtualProtect removes protections from memory area's , if you don't do this with memory edits, you'll crash the game lol
*(DWORD*)aZoomMin = 0;
VirtualProtect((LPVOID)aZoomMin, 4, oldProtect, &oldProtect);
VirtualProtect((LPVOID)aZoomMax, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aZoomMax = 20001;
VirtualProtect((LPVOID)aZoomMax, 4, oldProtect, &oldProtect);
Sleep(25);
}
}
else
{
if(*(DWORD*)aZoomMin == 0 || *(DWORD*)aZoomMax == 20001)
{
VirtualProtect((LPVOID)aZoomMin, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aZoomMin = 16840;
VirtualProtect((LPVOID)aZoomMin, 4, oldProtect, &oldProtect);
VirtualProtect((LPVOID)aZoomMax, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aZoomMax = 17174;
VirtualProtect((LPVOID)aZoomMax, 4, oldProtect, &oldProtect);
Sleep(25);
}
}
if(g_bFPS)
{
if(*(DWORD*)aCam != 16511)
{
VirtualProtect((LPVOID)aCam, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aCam = 16511;
VirtualProtect((LPVOID)aCam, 4, oldProtect, &oldProtect);
}
}
else
{
if(*(DWORD*)aCam == 16511)
{
VirtualProtect((LPVOID)aCam, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aCam = 16840;
VirtualProtect((LPVOID)aCam, 4, oldProtect, &oldProtect);
}
}
if(g_bGM)
{
if(*(WORD*)aSight != 0x9090)
{
VirtualProtect((LPVOID)aSight, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(WORD*)aSight = 0x9090;
VirtualProtect((LPVOID)aSight, 4, oldProtect, &oldProtect);
}
}
else
{
if(*(WORD*)aSight == 0x9090)
{
VirtualProtect((LPVOID)aSight, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(WORD*)aSight = 0x737E;
VirtualProtect((LPVOID)aSight, 4, oldProtect, &oldProtect);
}
}
if(g_bSwear)
{
if(*(DWORD*)aSwear != 0)
{
VirtualProtect((LPVOID)aSwear, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aSwear = 0;
VirtualProtect((LPVOID)aSwear, 4, oldProtect, &oldProtect);
}
}
else
{
if(*(DWORD*)aSwear == 0)
{
VirtualProtect((LPVOID)aSwear, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aSwear = 319;
VirtualProtect((LPVOID)aSwear, 4, oldProtect, &oldProtect);
}
}
if(g_bGod)
{
if((BYTE*)aBGod != godMemory2)
{
VirtualProtect((LPVOID)aBGod, sizeof(godMemory2), PAGE_EXECUTE_READWRITE, &oldProtect);
memcpy((void*)aBGod, (const void*)godMemory2, sizeof(godMemory2));//aBGod = godMemory2; --> memcpy works better here
VirtualProtect((LPVOID)aBGod, sizeof(godMemory2), oldProtect, &oldProtect);
}
}
else
{
if((BYTE*)aBGod != godMemory)
{
VirtualProtect((LPVOID)aBGod, sizeof(godMemory), PAGE_EXECUTE_READWRITE, &oldProtect);
memcpy((void*)aBGod, (const void*)godMemory, sizeof(godMemory));//aBGod = godMemory; --> memcpy works better here
VirtualProtect((LPVOID)aBGod, sizeof(godMemory), oldProtect, &oldProtect);
}
}
if(g_bLoot) //Only works for American keyboards
{
keybd_event(VK_OEM_3, MapVirtualKey(VK_OEM_3, 0), 0, 0);
Sleep(5);
keybd_event(VK_OEM_3, MapVirtualKey(VK_OEM_3, 0), KEYEVENTF_KEYUP, 0);
Sleep(10);
}
if(g_bTime)
{
if(*(DWORD*)aFaction == 0 && *(DWORD*)aMap != 1) //Guanyin
{
VirtualProtect((LPVOID)aMap, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aMap = 1;
VirtualProtect((LPVOID)aMap, 4, oldProtect, &oldProtect);
}
if(*(DWORD*)aFaction == 1 && *(DWORD*)aMap != 6) //Fujin
{
VirtualProtect((LPVOID)aMap, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aMap = 6;
VirtualProtect((LPVOID)aMap, 4, oldProtect, &oldProtect);
}
if(*(DWORD*)aFaction == 2 && *(DWORD*)aMap != 11) //Jinong
{
VirtualProtect((LPVOID)aMap, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aMap = 11;
VirtualProtect((LPVOID)aMap, 4, oldProtect, &oldProtect);
}
if(*(DWORD*)aFaction == 3 && *(DWORD*)aMap != 140) //Nangin
{
VirtualProtect((LPVOID)aMap, 4, PAGE_EXECUTE_READWRITE, &oldProtect);
*(DWORD*)aMap = 140;
VirtualProtect((LPVOID)aMap, 4, oldProtect, &oldProtect);
}
}
Sleep(20); //Make sure the thread doesn't lag by adding a 20ms delay between each loop
}
return 0;
}
DWORD __stdcall dwHotkeys(LPVOID res)
{
while(true)
{
//GetAsyncKeyState is an awesome function that checks if a certain key is pressed :D
if(GetAsyncKeyState(VK_NUMPAD1)&1) //Every key has it's own virtual key code, you can look them up on google
{
g_bLoot =! g_bLoot; //Toggle bool
if(g_bLoot)v_sendMessage("Loot spam has been activated", 1);//Displays a white message, saying loot spam has been activated
if(!g_bLoot)v_sendMessage("Loot spam has been deactivated", 1); //if(!bool) means if(bool == false)
Sleep(100);
}
if(GetAsyncKeyState(VK_NUMPAD2)&1)
{
g_bGM =! g_bGM;
if(g_bGM)v_sendMessage("GM Sight has been activated", 1);
if(!g_bGM)v_sendMessage("GM Sight has been deactivated", 1);
Sleep(100);
}
if(GetAsyncKeyState(VK_NUMPAD3)&1)
{
g_bSwear =! g_bSwear;
if(g_bSwear)v_sendMessage("Swear filter bypass has been activated", 1);
if(!g_bSwear)v_sendMessage("Swear filter bypass has been deactivated", 1);
Sleep(100);
}
if(GetAsyncKeyState(VK_NUMPAD4)&1)
{
g_bFPS =! g_bFPS;
if(g_bFPS)v_sendMessage("FPS mode has been activated", 1);
if(!g_bFPS)v_sendMessage("FPS mode has been deactivated", 1);
Sleep(100);
}
if(GetAsyncKeyState(VK_NUMPAD5)&1)
{
g_bZoom =! g_bZoom;
if(g_bZoom)v_sendMessage("Zoom cheat has been activated", 1);
if(!g_bZoom)v_sendMessage("Zoom cheat has been deactivated", 1);
Sleep(100);
}
if(GetAsyncKeyState(VK_NUMPAD6)&1)
{
g_bGod =! g_bGod;
if(g_bGod)v_sendMessage("Godmode cheat has been activated", 1);
if(!g_bGod)v_sendMessage("Godmode cheat has been deactivated", 1);
Sleep(100);
}
if(GetAsyncKeyState(VK_NUMPAD7)&1)
{
g_bTime =! g_bTime;
if(g_bTime)v_sendMessage("Map time cheat has been activated", 1);
if(!g_bTime)v_sendMessage("Map time cheat has been deactivated", 1);
Sleep(100);
}
if(GetAsyncKeyState(VK_MENU)&1 && GetAsyncKeyState('I')&1) // Alt + I
{
v_sendMessage("TS2 cheater by Mr_Troy", 2);
v_sendMessage("Numpad1 = Loot spam Numpad2 = GM Sight", 2);
v_sendMessage("Numpad3 = Swear filter Numpad4 = FPS mode", 2);
v_sendMessage("Numpad5 = Zoom cheat Numpad6 = Godmode", 2);
Sleep(500);
}
Sleep(20);
}
return 0;
}
void v_sendMessage(char *a, int b) //parameter a = the string , parameter b = the color
{
LPVOID ts_send = (LPVOID)0x00523430; //This address can be found in olly by finding the string GM Command OK or something
//Which would look like :
/*
mov edx, dword ptr ds (or something with a pointer, idk which register either, im doing this outta my head)
push edx
push DEADBEEF --> string address
mov ecx, DEADBEEF --> this address contains a class needed to call the function
call 0xDEADBEEF
*/
__asm
{
push b
push a
mov ecx, 0x012E4900 //Class pointer
call ts_send //ts_send is defined as a LPVOID, call requires a pointer to call a function and LPVOID seemed to me
// as the best option to use
}
}
