#Closed.
[Tutorial] How To Make Your (Ingame & AOB-Scan) trainer
06/15/2015 04:02
HaMaDa..#1
06/15/2015 05:51
Jugram#2
best tutorial for making trainers so far
06/15/2015 06:33
ZarneXxX#3
Looks good :)
06/15/2015 09:13
Terrat#4
Looks good but you should replace learn to teach.
06/15/2015 09:20
RingleRangleRob#5
[Only registered and activated users can see links. Click Here To Register...]
^Better UDF ( my opinion )
^This include also better Function and support AoBs with jmps,calls..etc.
You didn't should use 4 Bytes for writing assembler..
[Only registered and activated users can see links. Click Here To Register...]
^Quelle : [Only registered and activated users can see links. Click Here To Register...]
If you need to write one byte you don't need to use four bytes..
Array of Bytes
Array of Bytes = sequence of bytes
Example :
(Show HP of Mates)
C6 41 14 00 83 7D E8 00 0F 85
Bytes = duh ?
Opcode = Operation Code ( Assembly Code )
[Only registered and activated users can see links. Click Here To Register...]
The Jmp don't need because this sequence of bytes give us only one result.
This mean this sequence of bytes is only one time in the assembly code.
If we want to include this jmp ( jne = jump if not equal ) we need to ignore the bytes of the jmp
[Only registered and activated users can see links. Click Here To Register...]
it will change after a patch.
C6 41 14 00 83 7D E8 00 0F 85 ?? ?? ?? ?? 8B 55 EC
[Only registered and activated users can see links. Click Here To Register...]
^to this i don't need to say more ( the most will not understand )
Usage ( Autoit )
[Only registered and activated users can see links. Click Here To Register...]
In this Function you got one change
huh ? wut is mask ?
$handle = huh ? brain afk ?
$pattern = '\xC6\x41\x14\x00\x83\x7D\xE8\x00\x0F\x85\x00\x00\ x00\x00 \x8B\x55\xEC'
$mask = 'xxxxxxxxxx????xxx'
..
i hope you can understand. i am sorry for my bad english :)
^Better UDF ( my opinion )
^This include also better Function and support AoBs with jmps,calls..etc.
Code:
SetPrivilege("Sedebugprivilege", 1)
Func SetPrivilege( $privilege, $bEnable )
Local $hToken, $SP_auxret, $SP_ret, $hCurrProcess, $nTokens, $nTokenIndex, $priv
$nTokens = 1
$LUID = DLLStructCreate("dword;int")
If IsArray($privilege) Then $nTokens = UBound($privilege)
$TOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
$NEWTOKEN_PRIVILEGES = DLLStructCreate("dword;dword[" & (3 * $nTokens) & "]")
$hCurrProcess = DLLCall("kernel32.dll","hwnd","GetCurrentProcess")
$SP_auxret = DLLCall("advapi32.dll","int","OpenProcessToken","hwnd",$hCurrProcess[0], _
"int",BitOR($TOKEN_ADJUST_PRIVILEGESS,$TOKEN_QUERYY),"int_ptr",0)
If $SP_auxret[0] Then
$hToken = $SP_auxret[3]
DLLStructSetData($TOKEN_PRIVILEGES,1,1)
$nTokenIndex = 1
While $nTokenIndex <= $nTokens
If IsArray($privilege) Then
$priv = $privilege[$nTokenIndex-1]
Else
$priv = $privilege
EndIf
$ret = DLLCall("advapi32.dll","int","LookupPrivilegeValue","str","","str",$priv, _
"ptr",DLLStructGetPtr($LUID))
If $ret[0] Then
If $bEnable Then
DLLStructSetData($TOKEN_PRIVILEGES,2,$SE_PRIVILEGE_ENABLEDD,(3 * $nTokenIndex))
Else
DLLStructSetData($TOKEN_PRIVILEGES,2,0,(3 * $nTokenIndex))
EndIf
DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,1),(3 * ($nTokenIndex-1)) + 1)
DLLStructSetData($TOKEN_PRIVILEGES,2,DllStructGetData($LUID,2),(3 * ($nTokenIndex-1)) + 2)
DLLStructSetData($LUID,1,0)
DLLStructSetData($LUID,2,0)
EndIf
$nTokenIndex += 1
WEnd
$ret = DLLCall("advapi32.dll","int","AdjustTokenPrivileges","hwnd",$hToken,"int",0, _
"ptr",DllStructGetPtr($TOKEN_PRIVILEGES),"int",DllStructGetSize($NEWTOKEN_PRIVILEGES), _
"ptr",DllStructGetPtr($NEWTOKEN_PRIVILEGES),"int_ptr",0)
$f = DLLCall("kernel32.dll","int","GetLastError")
EndIf
$NEWTOKEN_PRIVILEGES=0
$TOKEN_PRIVILEGES=0
$LUID=0
If $SP_auxret[0] = 0 Then Return 0
$SP_auxret = DLLCall("kernel32.dll","int","CloseHandle","hwnd",$hToken)
If Not $ret[0] And Not $SP_auxret[0] Then Return 0
return $ret[0]
EndFunc ;==>SetPrivilege
[Only registered and activated users can see links. Click Here To Register...]
^Quelle : [Only registered and activated users can see links. Click Here To Register...]
If you need to write one byte you don't need to use four bytes..
Array of Bytes
Array of Bytes = sequence of bytes
Example :
(Show HP of Mates)
C6 41 14 00 83 7D E8 00 0F 85
Bytes = duh ?
Opcode = Operation Code ( Assembly Code )
[Only registered and activated users can see links. Click Here To Register...]
The Jmp don't need because this sequence of bytes give us only one result.
This mean this sequence of bytes is only one time in the assembly code.
If we want to include this jmp ( jne = jump if not equal ) we need to ignore the bytes of the jmp
[Only registered and activated users can see links. Click Here To Register...]
it will change after a patch.
C6 41 14 00 83 7D E8 00 0F 85 ?? ?? ?? ?? 8B 55 EC
[Only registered and activated users can see links. Click Here To Register...]
^to this i don't need to say more ( the most will not understand )
Usage ( Autoit )
[Only registered and activated users can see links. Click Here To Register...]
In this Function you got one change
Code:
_MemoryScanEx($ah_Handle, $pattern, $mask , $after = False, $iv_addrStart = 0x00400000, $iv_addrEnd = 0x00FFFFFF, $step = 51200)
$handle = huh ? brain afk ?
$pattern = '\xC6\x41\x14\x00\x83\x7D\xE8\x00\x0F\x85\x00\x00\ x00\x00 \x8B\x55\xEC'
$mask = 'xxxxxxxxxx????xxx'
..
i hope you can understand. i am sorry for my bad english :)
06/15/2015 10:42
teeracer#6
And I always thought it is Ctrl + C/V o.oQuote:
[CENTER]
3. Copy All Your Code (Alt+C)
3. Paste the Code that you have copied (Alt+V)
But nice tutorial c:
06/15/2015 10:44
[Beatrice]#7
This was public since 2009 but it would be helpful for the people who's too fag to use google.
06/15/2015 10:48
HaMaDa..#8
Fixed xDQuote:
But nice tutorial c:
06/15/2015 11:49
alexmen10#9
Cool :D
mmm is nothing new
for beginners will do well: v
mmm is nothing new
for beginners will do well: v
06/15/2015 18:00
naruhinasakusasu#10
Making an ingame autoit is nothing new for me , but the aob scan is awesome , Thanks Bro xD
06/15/2015 18:31
Technodrame#11
Nice... Surely the best tutorial for making trainers.
06/15/2015 18:50
~*MarlboroRed+#12
Thank you for this great tutorial!
However, I prefer VB.NET. :)
However, I prefer VB.NET. :)
06/15/2015 19:17
HaMaDa..#13
Wanna a tutorial for vb.net? xDQuote:
However, I prefer VB.NET. :)
06/15/2015 21:53
~*MarlboroRed+#14
No, I know how that works.Quote:
06/16/2015 17:15
BeatZz-#15
I would be happy if you could make a tutorial for vb.net because I have no idea how to include the aob scan in vb.netQuote:
I was a little bit confused because AutoIt said that "_memorywrite" is not declared so I was to stupid to work with copy&paste q.q :confused:
The Tutorial itselfe was pretty nice I want more like this :handsdown:
Here the Code :
Edit: Now I fixed the error but it still dont work q.q Im too stupidQuote:
#RequireAdmin
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
#include <NoMadMemory.au3>
#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("BeatZz Trainer", 338, 100, 192, 124)
$Checkbox1 = GUICtrlCreateCheckbox("Inf Sp", 144, 40, 65, 17)
$Button1 = GUICtrlCreateButton("Exit", 136, 64, 75, 25)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###
$Pid = ProcessExists("S4Client.exe")
$OPEN = _MemoryOpen ($Pid)
$InfSp = ""
$InfSpMEMSCAN = _MEMSCAN($OPEN,$InfSp,0x0000000000000000,0x7ffffff fffffffff)
While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
Case $Button1
Exit
;(I thinkhere is the mistake)
If GUICtrlRead($Checkbox1) = 1 Then
_memorywrite($InfSpMEMSCAN,$open,2348565979,"long ;4Bytes")
Else
_memorywrite($InfSpMEMSCAN,$open,2348565977,"long ;4Bytes")
EndIf
EndSwitch
WEnd
Func _MEMSCAN($AH_HANDLE, $AB_ARRAY, $BASE_ADD = 0x00400000, $STOP_ADD = 0xFFFFFFFF)
For $ADD = $BASE_ADD To $STOP_ADD Step 51200 - (StringLen($AB_ARRAY) / 2)
StringRegExp(_MREAD($ADD, $AH_HANDLE, "byte[" & 51200 & "]"), $AB_ARRAY, 1, 2)
If Not @Error Then
Return StringFormat("0x%.8X", $ADD + ((@extended - StringLen($AB_ARRAY) - 2) / 2))
EndIf
Next
EndFunc
Func _MOPEN($IV_PID, $IV_DESIREDACCESS = 2035711, $IV_INHERITHANDLE = 1)
If Not ProcessExists($IV_PID) Then
SetError(1)
Return 0
EndIf
Local $AH_HANDLE[2] = [DllOpen("kernel32.dll")]
If @error Then
SetError(2)
Return 0
EndIf
Local $AV_OPENPROCESS = DllCall($AH_HANDLE[0], "int", "OpenProcess", "int", $IV_DESIREDACCESS, "int", $IV_INHERITHANDLE, "int", $IV_PID)
If @error Then
DllClose($AH_HANDLE[0])
SetError(3)
Return 0
EndIf
$AH_HANDLE[1] = $AV_OPENPROCESS[0]
Return $AH_HANDLE
EndFunc
Func _MREAD($IV_ADDRESS, $AH_HANDLE, $SV_TYPE = "dword")
If Not IsArray($AH_HANDLE) Then
SetError(1)
Return 0
EndIf
Local $V_BUFFER = DllStructCreate($SV_TYPE)
If @error Then
SetError(@error + 1)
Return 0
EndIf
DllCall($AH_HANDLE[0], "int", "ReadProcessMemory", "int", $AH_HANDLE[1], "int", $IV_ADDRESS, "ptr", DllStructGetPtr($V_BUFFER), "int", DllStructGetSize($V_BUFFER), "int", "")
If Not @error Then
Local $V_VALUE = DllStructGetData($V_BUFFER, 1)
Return $V_VALUE
Else
SetError(6)
Return 0
EndIf
EndFunc
Func _MCLOSE($AH_HANDLE)
If Not IsArray($AH_HANDLE) Then
SetError(1)
Return 0
EndIf
DllCall($AH_HANDLE[0], "int", "CloseHandle", "int", $AH_HANDLE[1])
If Not @error Then
DllClose($AH_HANDLE[0])
Return 1
Else
DllClose($AH_HANDLE[0])
SetError(2)
Return 0
EndIf
EndFunc