Adding Hacks Into The Source

Private Discussion on Helbreath Hack Development, (Do not release hacks which are talked about in here to the rest of the forum unless you write the hacks)
Post Reply
charlie
Outpost4lyfe
Posts: 3324
Joined: Sun Apr 06, 2003 12:24 am
Location: Mt GOD
Contact:

Post by charlie »

This is quite a bit different to the way the old hacks were written you still map them etc but adding them to the source is quite time consuming

There are 2 Parts of the Hack:

The Process Patching Code

The Process Verifying Code

The Pacthing Code applys the Hack to the Client While the Verifying Checks to see if the Client is the right Code to start with to make sure you dont patch the wrong code which can cause systems to have Fatal errors.

First ill Explain how to Convert a Hack into the source needed

This is 3.51 as an example

Log out

Code: Select all

0045C9F8  |. C74424 20 0B00>MOV DWORD PTR SS:[ESP+20],0B
0045C9F8  |. C74424 20 0000>MOV DWORD PTR SS:[ESP+20],00

004A3809   . C74424 2C 0000>MOV DWORD PTR SS:[ESP+2C],00
004A3809   . C74424 2C 0B00>MOV DWORD PTR SS:[ESP+2C],0B
I always use Logout hack as an example its the most easiet hack to convert and it never changes Registers

Lets break this down
This is the Original Cleint ASM string

Code: Select all

0045C9F8  |. C74424 20 0B00>MOV DWORD PTR SS:[ESP+20],0B
This is the Edited Cleint ASM string

Code: Select all

0045C9F8  |. C74424 20 0000>MOV DWORD PTR SS:[ESP+20],00
45C9F8 is the address in memory of the first byte in the string

C74424 20 0B0000 Is the binary

MOV DWORD PTR SS:[ESP+20],0B Is the ASM

Now ill explain how to Convert it into the source

THIS IS VERIFIYING

<span style='color:red'>Ill Break this down for you</span>

Code: Select all

	//Patch Delay for Log Out / Restarting
	BYTE verify2&#91;5&#93;=&#123;0xC7,0x44,0x24,0x20,0x0B&#125;;

	if &#40;VerifyMemory&#40;verify2, 0x45C9F8, 5&#41; == FALSE&#123;
  EnableWindow&#40;GetDlgItem&#40;hwDlg,IDC_BUTTON2&#41;, FALSE&#41;;
	&#125;

Code: Select all

BYTE verrify2&#91;5&#93;
This determines how many Bytes it checks [5] means its checking 5 bytes in total

Code: Select all

0xC7,0x44,0x24,0x20,0x0B
this is the convert binary code you change C74424 20 0B into that that shouldnt be to hard for you to work out..

Code: Select all

verify2, 0x45C9F8
This takes the varible verify2 and checks it against the memory at the address 0x45C9F8

Code: Select all

, 5
All this means is size of the array verify2 is in this case 5

And that should be all there is for verifying


Now Patching is just the same but with the "hacked" code

THIS IS PATCHING

<span style='color:red'>Ill Break this down for you</span>

Code: Select all

BOOL Button2&#40;&#41;&#123;
	BYTE writeBuff&#91;5&#93;=&#123;0xC7,0x44,0x24,0x20,0x00&#125;;

	WriteProcessMemory&#40;hbProcess, &#40;LPVOID&#41; 0x45C9F8 , &writeBuff, 5, &lpNumberOfBytesWritten&#41;;

	EnableWindow&#40;GetDlgItem&#40;hwDlg,IDC_BUTTON2&#41;, FALSE&#41;;
	return TRUE;
&#125;

Code: Select all

BYTE writeBuff&#91;5&#93;
This determines how many Bytes its going to write [5] means its writeing 5 bytes in total

Code: Select all

0xC7,0x44,0x24,0x20,0x00
this is the convert binary code you change C74424 20 00 into that that shouldnt be to hard for you to work out..

Code: Select all

WriteProcessMemory&#40;hbProcess, &#40;LPVOID&#41; 0x45C9F8
This takes the varible writeBuff and writes it to the memory at 45C9F8

Code: Select all

, 5
All this means is size of the array writeBuff is in this case 5

Thats about it undoublty bigger hacks are harder to convert but that should give you the idea the code is pretty messy but still works ill write more tutorials later
Girlfriends are dedicated hookers.
KLKS
Loyal fan
Posts: 218
Joined: Sun Feb 22, 2004 2:32 pm

Post by KLKS »

at least give me credit for the code i write :P
Drajwer
&lt;3 bd long time
Posts: 841
Joined: Fri Dec 10, 2004 3:24 pm

Post by Drajwer »

no OpenProcess ? :huh:

ill try compile it
<img src='http://img440.imageshack.us/img440/2627/15pt.jpg' border='0' alt='user posted image' /><br><br>HBPolska characters:<br><br>Hellios 150+ Aresden Hero Mage<br>TheBill 120 Aresden plrider<br>Kill_Me 100 Full-Hero plrider<br>Rockeater 110+ Aresden Plate Mage<br><br><a href='http://www.helbreath.org' target='_blank'>http://www.helbreath.org</a> come and play (250 ppl online)
tomtomtom
noob
Posts: 29
Joined: Sat Oct 16, 2004 8:24 pm

Post by tomtomtom »

<3 KLKS :)
binarydata
DBfiller
Posts: 3816
Joined: Fri Oct 31, 2003 5:30 am
Location: San Diego CA, USA
Contact:

Post by binarydata »

1st. whats the point of "adding hacks to the source" with no source
2nd. whats the point of "adding hacks to the source" with nothing mapped
<img src='http://img88.exs.cx/img88/2290/7666.jpg' border='0' alt='user posted image' />
tomtomtom
noob
Posts: 29
Joined: Sat Oct 16, 2004 8:24 pm

Post by tomtomtom »

He alrdy wrote a teut on how to dump the code binary :) surely thats easy enough for ppl to map from there :D

Also for those that arent so good in c++ there are various free trainer/patcher progs that you can use to do the patching for you :)

Tom
binarydata
DBfiller
Posts: 3816
Joined: Fri Oct 31, 2003 5:30 am
Location: San Diego CA, USA
Contact:

Post by binarydata »

tomtomtom wrote: He alrdy wrote a teut on how to dump the code binary :) surely thats easy enough for ppl to map from there :D

Also for those that arent so good in c++ there are various free trainer/patcher progs that you can use to do the patching for you :)

Tom
you dont need to dump anything
just fucking do it all in olly
<img src='http://img88.exs.cx/img88/2290/7666.jpg' border='0' alt='user posted image' />
charlie
Outpost4lyfe
Posts: 3324
Joined: Sun Apr 06, 2003 12:24 am
Location: Mt GOD
Contact:

Post by charlie »

binary you cant mpa for shit and theres a lot of beifits to dumping to a txt file so stfu plx
Girlfriends are dedicated hookers.
tomtomtom
noob
Posts: 29
Joined: Sat Oct 16, 2004 8:24 pm

Post by tomtomtom »

dumping it in a text allows u to search quicker/ eaier and to play about more with the code. It also means u dont have to keep booting up HB every time u want to look at it :) its more helpful to me at least anyway.

Tom
KLKS
Loyal fan
Posts: 218
Joined: Sun Feb 22, 2004 2:32 pm

Post by KLKS »

binary got PWNED :lol:
binarydata
DBfiller
Posts: 3816
Joined: Fri Oct 31, 2003 5:30 am
Location: San Diego CA, USA
Contact:

Post by binarydata »

tomtomtom wrote: dumping it in a text allows u to search quicker/ eaier and to play about more with the code. It also means u dont have to keep booting up HB every time u want to look at it :) its more helpful to me at least anyway.

Tom
im just always done it in olly
<img src='http://img88.exs.cx/img88/2290/7666.jpg' border='0' alt='user posted image' />
Cleroth
Loyal fan
Posts: 416
Joined: Wed Jun 16, 2004 7:08 pm

Post by Cleroth »

nah, thats the asm code. just that u see it in hex instead of OP codes
<img src='http://ic1.deviantart.com/fs11/i/2006/1 ... leroth.gif' border='0' alt='user posted image' />
Post Reply