There are 2 Parts of the Hack:
The Process Patching Code
The Process Verifying Code
The Pacthing Code applys the Hack to the Client While the Verifying Checks to see if the Client is the right Code to start with to make sure you dont patch the wrong code which can cause systems to have Fatal errors.
First ill Explain how to Convert a Hack into the source needed
This is 3.51 as an example
Log out
Code: Select all
0045C9F8 |. C74424 20 0B00>MOV DWORD PTR SS:[ESP+20],0B
0045C9F8 |. C74424 20 0000>MOV DWORD PTR SS:[ESP+20],00
004A3809 . C74424 2C 0000>MOV DWORD PTR SS:[ESP+2C],00
004A3809 . C74424 2C 0B00>MOV DWORD PTR SS:[ESP+2C],0B
Lets break this down
This is the Original Cleint ASM string
Code: Select all
0045C9F8 |. C74424 20 0B00>MOV DWORD PTR SS:[ESP+20],0B
Code: Select all
0045C9F8 |. C74424 20 0000>MOV DWORD PTR SS:[ESP+20],00
C74424 20 0B0000 Is the binary
MOV DWORD PTR SS:[ESP+20],0B Is the ASM
Now ill explain how to Convert it into the source
THIS IS VERIFIYING
<span style='color:red'>Ill Break this down for you</span>
Code: Select all
//Patch Delay for Log Out / Restarting
BYTE verify2[5]={0xC7,0x44,0x24,0x20,0x0B};
if (VerifyMemory(verify2, 0x45C9F8, 5) == FALSE{
EnableWindow(GetDlgItem(hwDlg,IDC_BUTTON2), FALSE);
}
Code: Select all
BYTE verrify2[5]
Code: Select all
0xC7,0x44,0x24,0x20,0x0B
Code: Select all
verify2, 0x45C9F8
Code: Select all
, 5
And that should be all there is for verifying
Now Patching is just the same but with the "hacked" code
THIS IS PATCHING
<span style='color:red'>Ill Break this down for you</span>
Code: Select all
BOOL Button2(){
BYTE writeBuff[5]={0xC7,0x44,0x24,0x20,0x00};
WriteProcessMemory(hbProcess, (LPVOID) 0x45C9F8 , &writeBuff, 5, &lpNumberOfBytesWritten);
EnableWindow(GetDlgItem(hwDlg,IDC_BUTTON2), FALSE);
return TRUE;
}
Code: Select all
BYTE writeBuff[5]
Code: Select all
0xC7,0x44,0x24,0x20,0x00
Code: Select all
WriteProcessMemory(hbProcess, (LPVOID) 0x45C9F8
Code: Select all
, 5
Thats about it undoublty bigger hacks are harder to convert but that should give you the idea the code is pretty messy but still works ill write more tutorials later