[Release] Wallhack method all Client / find Maparea pointer

rantenor · 10/17/2012, 14:35

yes it's still working, i just saw the base address changed, anyway here's the base address: 0107CF90

MarlonCris1 · 11/06/2012, 17:02

I find this method with only one value array, but I can not get to the green value (did not get the part or subtracting this method does not work for Cabal BR)

geosnuk · 12/10/2012, 10:03

it works for evry client just read it and follow the instruction tnx again for this ts

rantenor · 12/12/2012, 02:21

Yeah, sorry for my last post. Found that fixedmain.exe file was wrong; that's why I can't search. It's still working absolutely.

demons_2100 · 12/13/2012, 04:29

Quote:

Originally Posted by rantenor

yes it's still working, i just saw the base address changed, anyway here's the base address: 0107CF90

could u also give the PH wh addrss.... tenxs...

bahamut300 · 01/29/2013, 19:19

4.
Now do a 4-Byte scan for this adress.
Cheatengine will find one green pointer for this.

I don't understand this step, pls make it clearly, thank

th1nk · 02/20/2013, 06:37

why i can just wallhack the ****** Ice ???

darkhole_29 · 04/25/2013, 05:35

can any one give a wallhack codes for c++ nid badly,...

demonkid2010 · 04/30/2013, 04:25

I tested making a Lua Script in CE, and it works perfect,
but when I tried making an AutoIt script,
it runs and shows the GUI, but when I tried to hit START
nothing happens,
can someone help me?

#include <NomadMemory.au3>
#include <ButtonConstants.au3>
#include <GUIConstantsEx.au3>
#include <WindowsConstants.au3>
Global $PID = ProcessExists('cabalmain.exe')
Global $proc=_MemoryOpen($PID)
Global $cabalmain = _MemoryGetBaseAddress($PID,"cabalmain.exe")

#Region ### START Koda GUI section ### Form=
$Form1 = GUICreate("WH Start", 248, 113, 192, 124)
$Start = GUICtrlCreateButton("Start", 32, 24, 185, 49)
GUISetState(@SW_SHOW)
#EndRegion ### END Koda GUI section ###

While 1
$nMsg = GUIGetMsg()
Switch $nMsg
Case $GUI_EVENT_CLOSE
Exit
Case $Start
_WHstart()
EndSwitch
WEnd

Func _WHstart()
$wh=_MemoryRead($cabalmain+0xABEA10,$proc,"DWORD") +0x40814
$test=_MemoryRead($wh,$proc,"DWORD")
For $i=$wh to $wh+0x3ffff step 4
_MemoryWrite($i,$proc,0,"DWORD")
Next
EndFunc

Wayntressierts · 05/08/2013, 13:06

Quote:

Originally Posted by demonkid2010

$cabalmain+0xABEA10

Make sure you are using the right base address for you Cabal client.
The script itself seems okay.

You can indeed optimize the wallhack loop because writeprocessmemory is quite slow with just 4 bytes each run.

demoneyezQ · 05/11/2013, 03:32

Big Apllause!!! stil working on ep10 ph here.

paulken · 05/14/2013, 03:14

im using same address for my wallhack and works when it comes with autoit nothing happens

demoneyezQ · 06/01/2013, 13:50

Sir Wayne, it gives unfefined function wid this line in autoit _MemoryModuleGetBaseAddress, even i hav the nomadmemory.au3?
Tnx.

Wayntressierts · 06/04/2013, 12:00

Quote:

Originally Posted by demoneyezQ

Sir Wayne, it gives unfefined function wid this line in autoit _MemoryModuleGetBaseAddress, even i hav the nomadmemory.au3?
Tnx.

1. Either use Google for the au3 - you'll find the function below.
2. Or you may simply use "real" pointer address without module base address.

when you have this: cabalmail.exe + 1234abcd

simply use: 400000 + 1234abcd

----

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

If Not IsString($sModule) Then Return SetError(2, 0, 0)

Local $PSAPI = DllOpen("psapi.dll")

;Get Process Handle
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf

;EnumProcessModules
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf

DllClose($PSAPI)
Return SetError(-1, 0, 0)

EndFunc

demoneyezQ · 06/05/2013, 04:13

Quote:

Originally Posted by Wayntressierts

1. Either use Google for the au3 - you'll find the function below.
2. Or you may simply use "real" pointer address without module base address.

when you have this: cabalmail.exe + 1234abcd

simply use: 400000 + 1234abcd

----

Func _MemoryModuleGetBaseAddress($iPID, $sModule)
If Not ProcessExists($iPID) Then Return SetError(1, 0, 0)

If Not IsString($sModule) Then Return SetError(2, 0, 0)

Local $PSAPI = DllOpen("psapi.dll")

;Get Process Handle
Local $hProcess
Local $PERMISSION = BitOR(0x0002, 0x0400, 0x0008, 0x0010, 0x0020) ; CREATE_THREAD, QUERY_INFORMATION, VM_OPERATION, VM_READ, VM_WRITE

If $iPID > 0 Then
Local $hProcess = DllCall("kernel32.dll", "ptr", "OpenProcess", "dword", $PERMISSION, "int", 0, "dword", $iPID)
If $hProcess[0] Then
$hProcess = $hProcess[0]
EndIf
EndIf

;EnumProcessModules
Local $Modules = DllStructCreate("ptr[1024]")
Local $aCall = DllCall($PSAPI, "int", "EnumProcessModules", "ptr", $hProcess, "ptr", DllStructGetPtr($Modules), "dword", DllStructGetSize($Modules), "dword*", 0)
If $aCall[4] > 0 Then
Local $iModnum = $aCall[4] / 4
Local $aTemp
For $i = 1 To $iModnum
$aTemp = DllCall($PSAPI, "dword", "GetModuleBaseNameW", "ptr", $hProcess, "ptr", Ptr(DllStructGetData($Modules, 1, $i)), "wstr", "", "dword", 260)
If $aTemp[3] = $sModule Then
DllClose($PSAPI)
Return Ptr(DllStructGetData($Modules, 1, $i))
EndIf
Next
EndIf

DllClose($PSAPI)
Return SetError(-1, 0, 0)

EndFunc

Big Tnx! I've dl the 2 ver of the func. Dis is wat missing surely ->
simply use: 400000 + 1234abcd