W3X Basic MH for 1.25b Source
#include <cstdlib>
#include <iostream>
#include <windows.h>
#include <Tlhelp32.h>
using namespace std;
#define PATCH(i,w,l) WriteProcessMemory(hProc,reinterpret_cast<LPVOID>(gameBase+i),w,l,&dSize)
void patchW3X();
void patchwar25b(HANDLE hProc, DWORD gameBase, DWORD dSize);
DWORD GetPIDForProcess(char* process);
void EnableDebugPriv();
DWORD GetDLLBase(char* DllName, DWORD tPid);
int main(int argc, char *argv[])
{
SetConsoleTitle("W3X Basic MH v1 for 1.25b [by DarkSupremo]");
patchW3X();
system("PAUSE");
return EXIT_SUCCESS;
}
//-------------------------------------------------------------------------------------------------------------
void patchW3X()
{
DWORD PID = 0;
puts("-------------------------------------------------------------------------------");
puts("This is a Basic MH for 1.25b designed to who want learn how to code a mh!");
puts("Please, if you will use this code on your project, give me the credits too!");
puts("Program developed by DarkSupremo [www.GarenaMaster.com]");
puts("-------------------------------------------------------------------------------\n");
puts("Searching for Warcraft 3...");
while(FindWindowA("Warcraft III", NULL) == NULL)
{
Sleep(500);
}
puts("Searching for Warcraft 3 PID...");
if(GetPIDForProcess("war3.exe") != NULL)
PID = GetPIDForProcess("war3.exe");
if(GetPIDForProcess("War3.exe") != NULL)
PID = GetPIDForProcess("War3.exe");
puts("Enabling Debug privilege...");
EnableDebugPriv();
puts("Opening Warcraft 3 Process...");
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, false, PID);
if(hProc)
{
puts("Searching Base Address of Game.dll");
DWORD gameBase = GetDLLBase("Game.dll", PID);
DWORD dSize = 0;
puts("Patching war3...");
patchwar25b(hProc, gameBase, dSize);
}
}
//-------------------------------------------------------------------------------------------------------------
void patchwar25b(HANDLE hProc, DWORD gameBase, DWORD dSize)
{
//1.25b
//Reveal units on Mainmap / Invisibles: Main & Mini
puts("\nPatching fallowing features:\n");
//Cam Distance Hack, configured to 2300
puts("- Cam Distance Hack, configured to 2300");
unsigned long oldprotector25b;
float realdistance = 2300; // set the distance here!
DWORD camAddr = gameBase + 0x93645C;
VirtualProtectEx(hProc, (void*)camAddr, 4, PAGE_EXECUTE_READWRITE, &oldprotector25b);
PATCH(0x93645C, &realdistance, sizeof(float));
VirtualProtectEx(hProc, (void*)camAddr, 4, oldprotector25b, &oldprotector25b);
//Delay reducer, configured to 100ms
puts("- Delay reducer, configured to 100ms");
int delayreducer = 100; // set the ms here!
PATCH(0x65DC21, &delayreducer, sizeof(int));
PATCH(0x65DC22, "\x00\x00\x00",3);
PATCH(0x660CE1, &delayreducer, sizeof(int));
PATCH(0x660CE2, "\x00\x00\x00",3);
// Reveal units on Mainmap / Invisibles: Main & Mini
puts("- Reveal units on Mainmap / Invisibles: Main & Mini");
PATCH(0x39DE4C,"\x75",1);
PATCH(0x3A12C0,"\x90\x90",2);
PATCH(0x3A136B,"\x90\x90",2);
PATCH(0x35628E, "\x90\x90\x90",3);
PATCH(0x361621, "\x3B\xC0\x0F\x85",4);
PATCH(0x3997AB, "\x90\x90\x90\x90\x90\x90",6);
PATCH(0x3997BE, "\x90\x90\x90\x90\x90\x90\x90\x90\x33\xC0\x40",11);
//Remove FOG on Mainmap
puts("- Remove FOG on Mainmap");
PATCH(0x74C7E9,"\xB2\x00\x90\x90\x90\x90",6);
//Reveal units on Minimap
puts("- Reveal units on Minimap ");
PATCH(0x36120B,"\xB8\x00",2);
//Remove FOG on Minimap
puts("- Remove FOG on Minimap");
PATCH(0x3562F5,"\x90\x90",2);
//Enable Trade / Resource View
puts("- Enable Trade / Resource View");
PATCH(0x34DB72,"\xB8\xC8\x00\x00\x00\x90",6);
PATCH(0x34DB7A,"\xB8\x64\x00\x00\x00\x90",6);
PATCH(0x35F81A,"\x90\x90",2);
//Make units clickable
puts("- Make units clickable");
PATCH(0x284F6C,"\x90\x90",2);
PATCH(0x284F82,"\xEB",1);
//Reveal Illusions
puts("- Reveal Illusions");
PATCH(0x28282C,"\x40\xC3",2);
//Show Runes
puts("- Show Runes");
PATCH(0x3A12AB,"\xEB",1);
//Show Skills / Cooldowns
puts("- Show Skills / Cooldowns");
PATCH(0x2024AC,"\x90\x90\x90\x90\x90\x90",6);
PATCH(0x28DFAE,"\xEB",1);
PATCH(0x34F078,"\x90\x90",2);
PATCH(0x34F0B8,"\x74\x00",2);
//Bypass dota -ah
puts("- Bypass dota -ah");
PATCH(0x3C616C,"\xB8\xFF\x00\x00\x00\xEB",6);
PATCH(0x3CB642,"\xEB",1);
//Ally Hero icon
//puts("Ally Hero icon");
//PATCH(0x370990,"\xE8\x3B\x28",3);
//PATCH(0x370995,"\x85\xC0",2);
// PATCH(0x370998,"\x84",1);
// PATCH(0x37099D,"\xEB\xC9\x90\x90\x90\x90",6);
//Enemy Hero icon
puts("- Enemy Hero icon");
PATCH(0x370990,"\xE8\x3B\x28",3);
PATCH(0x370995,"\x85\xC0",2);
PATCH(0x370998,"\x85",1);
PATCH(0x37099D,"\xEB\xC9\x90\x90\x90\x90",6);
//All Hero icon
//puts("All Hero icon");
//PATCH(0x370995,"\xEB\x06",2);
// PATCH(0x37099D,"\xEB\xC9\x90\x90\x90\x90",6);
//Show Pings signal
puts("- Show Pings signal");
PATCH(0x43EC66,"\x3B\xC0\x0F\x85\xC0\x00\x00\x00",8);
PATCH(0x43EC79,"\x3B\xC0\x0F\x85\xAD\x00\x00\x00",8);
//[SAFE MODE] Reveal units on Main Map / Invisibles (Slow Motion)
/*
puts("- [SAFE MODE] Reveal units on Main Map / Invisibles (Slow Motion)");
PATCH(0x74C7E9,"\x8A\x90\x6C\x7E\xAB\x6F",6);
PATCH(0x3562F5,"\x88\x01",2);
PATCH(0x39DE4C,"\x74\x62",2);
PATCH(0x3A12C0,"\xEB\x09",2);
PATCH(0x3A136B,"\x23\xCA",2);
PATCH(0x36120B,"\xB8\x01\x00\x00\x00",5);
PATCH(0x284F6C,"\x74\x2A",2);
PATCH(0x284F82,"\x75",1);
PATCH(0x399868,"\xEB",1);
/*
//Disable ALL
/*
puts("- Disabling all features...!");
PATCH(0x74C7E9,"\x8A\x90\x6C\x7E\xAB\x6F",6);
PATCH(0x3562F5,"\x88\x01",2);
PATCH(0x35628E, "\x66\x85\xC0",3); // 6685C0
PATCH(0x361621, "\x85\xC0\x0F\x84",4); // 85C00F84
PATCH(0x3997AB, "\x8B\x97\x98\x01\x00\x00",6); // 8B9798010000
PATCH(0x3997BE, "\x0F\xB7\x00\x55\x50\x56\xE8\xF7\x7B\x00\x00",11); // 0FB700555056E8F77B0000
PATCH(0x39DE4C,"\x74\x62",2);
PATCH(0x3A12C0,"\xEB\x09",2);
PATCH(0x3A136B,"\x23\xCA",2);
PATCH(0x36120B,"\xB8\x01\x00\x00\x00",5);
PATCH(0x284F6C,"\x74\x2A",2);
PATCH(0x284F82,"\x75",1);
PATCH(0x34DB72,"\x8B\x87\x6c\x01\x00\x00",6);
PATCH(0x34DB7A,"\x8B\x87\x68\x01\x00\x00",6);
PATCH(0x35F81A,"\xEB\x08",2);
PATCH(0x3CB642,"\x74",1);
PATCH(0x28282C,"\xC3\xCC",2);
PATCH(0x399868,"\x74",1);
PATCH(0x3A12AB,"\x75",1);
PATCH(0x2024AC,"\x0F\x84\x5F\x01\x00\x00",6);
PATCH(0x28DFAE,"\x75",1);
PATCH(0x34F078,"\x74\x08",2);
PATCH(0x34F0B8,"\x74\x08",2);
PATCH(0x3C616C,"\x3D\xFF\x00\x00\x00\x76",6);
PATCH(0x3CB642,"\x74",1);
PATCH(0x43EC66,"\x85",1);
PATCH(0x43EC79,"\x85",1);
PATCH(0x370990,"\xE8\xFB\x29\x03\x00\x85\xC0\x0F\x84\x8F\x02\x00\x00\x8B\x85\x80\x01\x00\x00",19);
*/
puts("Done!");
}
//-------------------------------------------------------------------------------------------------------------
DWORD GetPIDForProcess(char* process)
{
BOOL working=0;
PROCESSENTRY32 lppe= {0};
DWORD targetPid=0;
HANDLE hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS ,0);
if (hSnapshot)
{
lppe.dwSize=sizeof(lppe);
working=Process32First(hSnapshot,&lppe);
while (working)
{
if(strcmp(lppe.szExeFile,process)==0)
{
targetPid=lppe.th32ProcessID;
break;
}
working=Process32Next(hSnapshot,&lppe);
}
}
CloseHandle( hSnapshot );
return targetPid;
}
//-------------------------------------------------------------------------------------------------------------
// enable the privilege necessary to patch the process
void EnableDebugPriv()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) puts("Failed to Enable Debug Options!");
if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue))
{
CloseHandle(hToken);
puts("Failed to Enable Debug Options!");
system("PAUSE");
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof tkp, NULL, NULL)) CloseHandle( hToken );
}
//-------------------------------------------------------------------------------------------------------------
//Gets the base of our dll
DWORD GetDLLBase(char* DllName, DWORD tPid)
{
HANDLE snapMod;
MODULEENTRY32 me32;
if (tPid == 0) return 0;
snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, tPid);
me32.dwSize = sizeof(MODULEENTRY32);
if (Module32First(snapMod, &me32)){
do{
if (strcmp(DllName,me32.szModule) == 0){
CloseHandle(snapMod);
return (DWORD) me32.modBaseAddr;
}
}while(Module32Next(snapMod,&me32));
}
CloseHandle(snapMod);
return 0;
}
作者:Crazy Ma
出处:http://www.cnblogs.com/intcry
♪:30%的技术+70%的精神,帮助别人得到他想要的,你就能得到你想要的! ♪
浙公网安备 33010602011771号