Making Hacks in C++

[Fish Beans]

First of all, this tutorial assumes a basic understanding of C++ and game hacking. You don't need to be great, but you'll need to know what you're doing or you'll have no idea what I'm talking about. This guide will also not address a single hack, but more a general approach to making a hack using C++. This leaves the responsibility of developing the program itself to you, the reader. This hack will address only writing to memory, and not hotkeying and dialogs. With that out of the way, we can get to the meat of this document. You don't need anything special other than a compiler, I recommend MS Visual C++.

To start, I'll list out the functions that we'll be using, and explain each briefly. The function that we'll use to actually write to memory is WriteProcessMemory. Its parameters in order are a handle to the process to write to, the address to write to, the data to be written, the length of the data to be written to in bytes and finally, a pointer to a variable to store the actual number of bytes successfully written. WriteProcessmemory returns 0 if it fails, and a nonzero value if it succeeds.

The next function we'll be using is OpenProcess. This is used to get the process handle we pass to WriteProcessMemory. The parameters taken by OpenProcess are the access level to the process (You need at least write access to use WriteProcessMemory), the inheritance flag and the process id of the process to open. This function returns the handle to the process.

Since we don't have a process handle, we'll need another function to grab it. This function is GetWindowThreadProcessId. Despite it's apparently complex name, it only takes two parameters, a handle to the window for which you want the process id and a pointer to the variable that will store the process id. This function returns the thread id of the thread that created the window.

Once again, we don't have a necessary parameter, the window handle. To get this, we use FindWindow. This also only take two parameters, the classname of the window to be found and the window name. The classname can be ignored, but it's best to go ahead and include it if at all possible. This function returns a handle to the window found.

Phew, that took a while, three functions just to be able to use WriteProcessMemory. Don't worry, it's all pretty simple from here. All that's left to do is actually construct our hack. I'll assume a basic understanding of how a simple C++ application works from this point forward. If you don't know how to make a simple C++ program, just stop reading now.Before we can use WriteProcessMemory, we must grab the process handle, so we call the functions in the reverse order I listed them. First FindWindow, then GetWindowThreadProcessId and then OpenProcess. It's best to make sure that each function succeeds, otherwise your hack may not work when you expect it to. This can be accomplished with an if or a while. If you use a while loop, you can start up the hack before the game is loaded, and it will continue trying to open the process until it succeeds. Here is an example of a while loop that will wait until the game starts.

WindowHandle = FindWindow("Your Classname Here","Your Window Name Here"); //Grab a handle to the window
while(!WindowHandle) //If the handle is null...
{
Sleep(50); //Wait 50 miliseconds..
WindowHandle = FindWindow("Your Classname Here","Your Window Name Here");//and try again
}
GetWindowThreadProcessId(hwndWindow,&pid);//Get a process id
ProcessHandle = OpenProcess(PROCESS_ALL_ACCESS,0,pid);//And grab the process handle

All variables must be declared first of course, but you get the general picture.

Moving right along, we are now at the actual memory writing. The way in which you use WriteProcessMemory is pretty simple.

WriteProcessMemory(ProcessHand,(void*)AddressToWri teTo,&DataToWrite,DataLength,&BytesWritten);

You can probably figure everything out but the (void*) part. That just tells the compiler that the following variable is a pointer that points to void, or nothing in other words. This makes sense because the address you will be writing to will not point to anything in your hack, but to something in the game. When declaring the address you are writing to, you must preceed the address with (void*) or else the compiler will think you're trying to pass a const int to a void pointer.

This is all that will be covered in this tutorial, and I'm sure that you all still have quite a few questions such as hotkeys and dialogs. Those are subjects best left to more specialized tutorials, and there are plenty of documents out on the internet that do a wonderful job of explaining the subjects, far better than anything I could produce at any rate.

Supplimental information:

http://msdn.microsoft.com/library/de...findwindow.asp
http://msdn.microsoft.com/library/de...dProcessId.asp
http://msdn.microsoft.com/library/de...penprocess.asp
http://msdn.microsoft.com/library/de...cessmemory.asp
http://www.cplusplus.com/doc/tutorial/

Special thanks to Nickolay for helping me get started in C++, can't really think of anyone else who's ever helped me.

[BXRu2Death]

Ive got a great understanding of C++,
But have never been able to make hacks...

[K? Pŕo?ćtiόnŹ]

Seriously, any admin want to close this section off again?

[Mr.Lampy]

but if it was closed none of us would know how to use cheatengine, thank god ihackbroodwar posted a tut on how to use it.