Home

User Tag List[Close]

+ Reply to Thread
Page 1 of 10 123 ... LastLast
Results 1 to 14 of 134
  1. #1
    Soul Eater PsychicSymphony's Avatar

    Join Date
    May 2011
    Posts
    288
    Reputation
    12
    Soul Points
    501
    Thanks
    31

    User Hash: 2Dw1OMcEIP Address Hash: zGhzMYZk
    Country: Not Viewable By Guests


    Hacktimus Prime
    How to make MapleStory Hacks




    Source code

    What do you need to have:
    1. Microsoft Visual C++(Download)
    2.Cheat Engine(Download)
    3. MapleStory(You probably already have it)

    What do you need to know:
    1. A little bit of c++
    2. Global knowledge of MapleStory
    3. How to use Microsoft Visual C++ to make windows forms

    What I suggest you know:
    1. A good amount of c++
    2. A good amount of auto assembly
    3. How to use cheat engine

    What will this teach you:
    1. Some c++ hacking basics
    2. Some asm basics
    3. How to make a MapleStory trainer

    Here we go

    STEP 1 THE GUI:

    1. Open up Microsoft visual studio c++
    2. Press on file->new->project
    3. Select windows forms application
    4. Name your project and press create
    5. Now you will have your windows form project
    6. Now customize the form to look however you want your trainer to look

    STEP 2 THE HACKS AND CHEAT ENGINE:

    1. Open up Cheat Engine
    2. Open up MapleStory
    3. Login to MapleStory
    4. Put the hacks you would like to include to your trainer into cheat engine
    How to do 4:
    41.Select MapleStory as a process
    42. Open up memory view
    43. press ctrl+a
    44. A window with a text field should come up
    45. copy and paste your auto assembly code(Im going to be using a Full Godmode script)
    Fullgodmode:
    Code:
    [Enable]
    00961B6C:
    db 0F 84
    
    [Disable]
    00961B6C:
    db 0F 85
    46. now on the new window press File->Assign to current cheat table
    47. Under cheat engine you should now have a script on ur cheat table


    5. Now test ur hack and make sure it works
    How to do 5:
    51. Open up MapleStory
    52. Login and go on a account/character you dont care about
    53. Press the checkbox under "active"
    54. Your hack should work if you put in the script correctly

    6. If your hack worked then go on to the next part


    STEP 3 ADDING ACTIVITY TO THE GUI(you need some c++ knowledge for this part)

    1. Load up your Microsoft Visual c++ project that has your gui
    2. Open up the form that you are using(if you are using forms)
    3. Add a checkbox set the text to "Full Godmode"
    4. Go to events(the lightning bolt under properties), goto the "Check changed" field, double click it
    5. You should now be looking at some code something like
    Code:
    	private: System::Void checkBox1_CheckedChanged(System::Object^  sender, System::EventArgs^  e) {
    			 }
    	};
    6. If you are looking at that then you have successfully just added events to the interface


    STEP 4 CONVERTING THE AUTO ASSEMBLY SCRIPTS TO C++(WriteProcessMemory method)
    NOTE: this isnt the only way to convert auto assembly scripts to c++


    This step isnt going to be written in steps because I have to cover so much code and how to do it. In this I will be teaching how to convert a very easy auto assembly script(full godmode) to c++ using the WriteProcessMemory in bytes method.

    Auto Assembly script:
    Code:
    [Enable]
    00961B6C:
    db 0F 84
    
    [Disable]
    00961B6C:
    db 0F 85
    Ok thats our auto assembly script, if you do not know auto assembly/asm this probably looks very confusing to you. Let me just go over a simple explanation, this code writes the bytes
    Code:
    0F 84
    to the address
    Code:
    00961B6C
    it is actually very simple the
    Code:
    db
    I think stands for "distribute bytes" but I dont know thats just a guess. All I know is it changes the address's bytes, when the hack is enabled the bytes are
    Code:
     0F 84
    and when not enabled the bytes are
    Code:
    0F 85
    .


    Now to start converting.

    The first thing we need to do in c++ is just make a quick function(e.g void()) im going to name mine
    "Fullgodmode"
    Code:
    void Fullgodmode() {
    }
    Make this function in a new header file or somewhere where you can access it from the form.h file.
    Now to initialize the address in c++ for quick access.
    Code:
    DWORD address = 0x00961B6C;
    this pretty much makes a DWORD named "address" that holds the address(00961B6C)

    the 0x part:
    Your probably wondering why there is a 0x infront of the address, well that is because in c++ everything that has to do with hex values(bytes, address's etc) has to have a 0x infront of it to declare that it is a hex type.

    now that we have our address we need to declare the bytes that are being changed. We are going to do this by making a unsigned char that holds the bytes for when the hack is enabled and disabled. This is what it looks like.
    Code:
    unsigned char fgmOn[8] = "\x0F\x94";
    unsigned char fgmOff[8] = "\x0F\x95";
    In text we declare hex by putting a "\x" before the byte. Now we have our bytes.

    Your Fullgodmode() function should look like this now

    Code:
    void Fullgodmode() {
    	DWORD address = 0x00961B6C;
    	unsigned char fgmOn[8] = "\x0F\x94";
    	unsigned char fgmOff[8] = "\x0F\x95";
    }
    Now we need to initialize MapleStory itself so that we may read and write to its process and inject our hacks into the program.

    Im going to be covering the easiest way to get the MapleStory process(Through the window)
    First of all we have to get the MapleStory window handle,
    Code:
    HWND mapleWindow = FindWindow(0, "MapleStory");
    What this function does is it finds the window with the name "MapleStory" and writes it to the window handle mapleWindow if it does not work mapleWindow will equal 0 so we can do a function like.
    Code:
    if (mapleWindow == 0) {
    	MessageBox(0, "Cannot find MapleStory open", "MapleStory Hack", 0);
    	ExitProcess(0);
    }
    What that does is if the program cannot find the MapleStory window it will show a messagebox that says "Cannot find MapleStory open" and then once you press ok on it your program will exit.

    Now this is a confusing part, we need to get the process id of the MapleStory window and then get the process handle from the process id. We do this by first making a DWORD called pID(process id) and then calling the function GetWindowThreadProcessId(HWND hWnd, DWORD processID) then once we do that we make a handle named hProc(handle process) this is what we need. We will get the process by calling OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
    All together it looks like this
    Code:
    	DWORD pID;
    	GetWindowThreadProcessId(mapleWindow, &pID);
    	HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
    Your code should look like this now
    Code:
    void Fullgodmode() {
    	DWORD address = 0x00961B6C;
    	unsigned char fgmOn[8] = "\x0F\x94";
    	unsigned char fgmOff[8] = "\x0F\x95";
    	HWND mapleWindow = FindWindow(0, "MapleStory");
    	if (mapleWindow == 0) {
    		MessageBox(0, "Cannot find MapleStory open", "MapleStory Hack", 0);
    		ExitProcess(0);
    	} else {
    		DWORD pID;
    		GetWindowThreadProcessId(mapleWindow, &pID);
    		HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
    	}
    }
    Now that we have the process handle we can use WriteProcessMemory() to clone the the auto assembly function db.
    I am going to explain WriteProcessMemory() very thouroghly(I fail I know I spelt that wrong) because it can be used for alot more then you think. When I first learned about it I thought you could just write a new integer or text to an address. Turns out you can do so much more.

    About writeprocessmemory:
    Code:
    WriteProcessMemory(HANDLE proc, LPVOID address, LPVOID value, SIZE_T size, SIZE_T *numberofbyteswritten);
    First of all you can probably guess the "HANDLE proc" part is where we put our process handle that we got in the earlier section(hProc).

    Next were going to cover the LPVOID address part. For this part we put in our DWORD address or if you want you can just put in 0x00961B6C instead if you want. If you put in the DWORD address we made earlier you have to cast it as an LPVOID because it is a DWORD right now so it should look like this
    Code:
    WriteProcessMemory(hProc, (LPVOID)address, LPVOID value, SIZE_T size, SIZE_T *numberofbyteswritten);

    Now lets cover the LPVOID value part, this part is the most important because this because this is what you are writing to the address. There are many ways you can use this, if your changing a address that holds a number then you can write an int to it like so
    Code:
    WriteProcessMemory(hProc, (LPVOID)address, (LPVOID)9999999, SIZE_T size, SIZE_T *numberofbyteswritten);
    of course we had to cast it as a LPVOID. You can write almost anything to the address. But the most used is either an int or a byte. In this we are going to be writing a byte to the address. As you saw earlier we wrote a unsigned char that contains our bytes that we are going to use. For this we do not need to cast it so we can do it just like this
    Code:
    WriteProcessMemory(hProc, (LPVOID)address, fgmOn, SIZE_T size, SIZE_T *numberofbyteswritten);
    Now the next part is kindof confusing at first put is not that hard to pickup. For SIZE_T size you cant just do the sizeof() function because that is not what it is. The size in this case is actually the number of bytes being written. In our case it is 2 bytes because "\x0F\x94"("\x1\x2") so we fill in "2" in that section. The next section does not need to be used(I normally just put in NULL) but it can be used to see the number of bytes written.
    now writeprocessmemory should look like this
    Code:
    WriteProcessMemory(hProc, (LPVOID)address, fgmOn, 2, NULL);
    That function will write the bytes "\x0F\x94" to the address 0x00961B6C in the process MapleStory.exe from the window MapleStory.


    Now we are done converting that simple auto assembly script to c++ your Fullgodmode function should now look like this.
    Code:
    void Fullgodmode() {
    	DWORD address = 0x00961B6C;
    	unsigned char fgmOn[8] = "\x0F\x94";
    	unsigned char fgmOff[8] = "\x0F\x95";
    	HWND mapleWindow = FindWindow(0, "MapleStory");
    	if (mapleWindow == 0) {
    		MessageBox(0, "Cannot find MapleStory open", "MapleStory Hack", 0);
    		ExitProcess(0);
    	} else {
    		DWORD pID;
    		GetWindowThreadProcessId(mapleWindow, &pID);
    		HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
    		WriteProcessMemory(hProc, (LPVOID)address, fgmOn, 2, NULL);
    	}
    }
    When you run that function it will turn Full Godmode on. Congratulations you have successfully converted that simple auto assembly script to c++.

    STEP 5 EXTRA TRAINER STUFF

    This step is just going to be all about packing up your trainer and linking everything together.

    First thing were going to do is fix the Fullgodmode function so that it also turns full godmode off. We can do this by adding a bool to it like so
    Code:
    void Fullgodmode(bool on) {}
    Now we add in the extra function to see if its on or off and change the bytes being written depending on if its on or off.
    This is what it will look like.
    Code:
    void Fullgodmode(bool on) {
    	DWORD address = 0x00961B6C;
    	unsigned char fgmOn[8] = "\x0F\x94";
    	unsigned char fgmOff[8] = "\x0F\x95";
    	HWND mapleWindow = FindWindow(0, "MapleStory");
    	if (mapleWindow == 0) {
    		MessageBox(0, "Cannot find MapleStory open", "MapleStory Hack", 0);
    		ExitProcess(0);
    	} else {
    		DWORD pID;
    		GetWindowThreadProcessId(mapleWindow, &pID);
    		HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
    		if (on) {
    			WriteProcessMemory(hProc, (LPVOID)address, fgmOn, 2, NULL);
    		} else {
    			WriteProcessMemory(hProc, (LPVOID)address, fgmOff, 2, NULL);
    		}
    	}
    }
    Now if its off it will write the off bytes to the address.


    Next part is adding the functionality so that when the checkbox is checked it runs the Fullgodmode function. In our checkbox changed event(private: System::Void checkBox1_CheckedChanged(System::Object^ sender, System::EventArgs^ e)) we need to run the fullgodmode function but we also need to check if the checkbox is checked or not. We can check this by accessing the checkbox class and checking if its checked.
    Code:
    	this->checkBox1->Checked = false;
    So inside the event we just call
    Code:
    Fullgodmode(this->checkBox1->Checked);
    Your event function should now look like this
    Code:
    	private: System::Void checkBox1_CheckedChanged(System::Object^  sender, System::EventArgs^  e) {
    				Fullgodmode(this->checkBox1->Checked);
    			 }
    	};
    Now if you open MapleStory then compile and run ur program you should have a fully working trainer with Fullgodmode.
    Congratulations you have made a trainer.



    Computer broke, got bored, decided to spend around an hour writing a tutorial on my iphone while my computer was getting fixed hope it helps some ppls


    HACKTIMUS PRIME


    *NEW* C++ Hacking Functions!


    This part of the guide is for mostly the people that already know c++ and want to know some of the usefull hacking functions and how to use them.

    WriteProcessMemory:
    Write process memory can write information to a selected address: WriteProcessMemory


    How to get Process ID/Process handle:
    Code:
    HWND hWnd = FindWindow(0, "MapleStory");//get the window for maplestory
    DWORD pID;//dword that holds the process id
    GetWindowThreadProcessId(hWnd, &pID);//gets the process id which is used for getting the process handle
    HANDLE procHandle = OpenProcess(PROCESS_ALL_ACCESS, pID);//gets you a process handle for maplestory using the process id we got

    Killing MapleStory(Killing the process(no ad)):
    Code:
    bool ExitMapleStory() {
    	HWND hWnd = FindWindow(0, "MapleStory");//get maplestory window
    	if (hWnd == 0) {
    		return false;//return false if maplestory is not found
    	} else {
    		DWORD pID;//process id
    		GetWindowThreadProcessId(hWnd, &pID);//getting the process id
    		HANDLE pHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);//opening the process
    		PostThreadMessage(pID, WM_CLOSE, 0, 0);//posting a message to close maplestory
    		WaitForSingleObject(pHandle, 2000);//wait for 2 seconds waiting for maplestory to close
    
    		DWORD exit = 0;//exit code
    		GetExitCodeProcess(pHandle, &exit);//get the exit code
    		if (exit == STILL_ACTIVE) {
    			TerminateProcess(pHandle, 0);//if maplestory doesnt exit destroy the process
    		}
    		CloseHandle(pHandle);//close the process handle
    		return true;
    	}
    }



    More c++ quick functions coming soon :D-Hacktimus Prime






    NEW Making a hack in a Dll!!!!!

    This part is going to be on making a dll that exports hack functions to be called from your trainer. The reason for this is so that we may inject the dll into maplestory so we dont need to use WriteProcessMemory we can just put it into the memory using memcpy. So what I want you to do is open up Microsoft Visual c++ and create an empty project.
    Now make a new source file and call it main.cpp. This will be our cpp that holds all of our exported functions. Now I want you to follow these steps.
    1. Right click your project
    2. Press on properties
    3. Go to General
    4. Change Common Language Runtime Support to "No Common Language Runtime Support"
    5. Next set the Character Set to "Use Multi-Byte Character Set"
    6. Now change Configuration Type to "Dynamic Library(.dll)"

    Now you have a simple dll program, but if you compile it you will get errors because you do not have an entry point. Copy and paste the code below into your main.cpp file.
    Code:
    
    #include <windows.h> //include the files you need
    #include <string.h>
    #include <iostream>
    #include <fstream>
    using namespace std; //using the proper namespace
    
    BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved) { //the dll main entry point just like int main()
        switch ( dwReason ) { //the switch to check for the dll calls
            case DLL_PROCESS_ATTACH: //if the dll is attached
                DisableThreadLibraryCalls(hModule); //it calls this method to disable library calls
                break; 
                
            case DLL_PROCESS_DETACH: //when the program exits and the dll is detached
    			ExitProcess(0); //it exits the process to make a smoother exit
                break;
                
            case DLL_THREAD_ATTACH://these are never really called
                break;
            case DLL_THREAD_DETACH:
                break;
        }
        return TRUE; //return true because it is a bool
    }
    


    Greate now we have our basic dll, if you compile it now it should compile but give you an error. This error is because dll's are not executables so they cannot be run like normal files. Dont worry just ignore this error your dll still compiled.
    Now we want to add in a script, for this im going to use my own not working teleport script :/ this script doesnt work but il just use it as an example:
    Code:
    extern "C" __declspec(dllexport) void Teleport() {//first we declare it as an external C script so that we may call it easily, next we declare that //it will be exported
    MessageBox(0, "Teleport is on", "Teleport", 0);//call a message box to let us know that teleport is on
    __asm {//start our inline asm
    		mov [esi+0x3B94],0x00
    		mov eax,[0x00CBE0A8]
    		cmp dword ptr [eax+0x9C8],0x0c
    		jne teleNormal
    
    		teleNormal:
    		cmp dword ptr [esi+0x00003B94],0x01
    		jmp dword ptr [teleHack2]
    }
    }
    Now that script will not work but you pretty much just copy and past your script into the asm part. Now if you compile it right now it will give you inline asm errors. That is because in c++ you cant do stuff like
    Code:
    mov eax,[00493823]
    it doesnt work like that you need to declare it as hex so you put 0x infront like so
    Code:
    mov eax,[0x00493823]
    so for example in our teleport script the first part would have originally been
    Code:
    mov [esi+3B94],00
    but now because we add the hex it is
    Code:
    mov [esi+0x3B94],0x00
    Now if you compile your dll you have a dll that you can call exported functions from
    Last edited by PsychicSymphony; 06-18-2011 at 08:41 AM.


  2. # ADS
    Circuit advertisement
    Join Date
    Always
    Posts
    Many
     

  3. #2
    dotdotdot
    Vita's Avatar

    Join Date
    Mar 2011
    Posts
    1,294
    Reputation
    36
    Soul Points
    1,575
    Thanks
    279

    User Hash: DjwkZNYRIP Address Hash: Dj01ZOQE
    Country: Not Viewable By Guests

    Very nice work! I can see this helping a lot of people.

  4. #3
    Soul Prophet
    Zodiac's Avatar

    Join Date
    Jan 2011
    Posts
    2,428
    Reputation
    62
    Soul Points
    3,935
    Thanks
    88

    User Hash: DW1wMNUUIP Address Hash: 2mhwNNFM
    Country: Not Viewable By Guests

    You sir are a genuis, this is completely understandable, And is easy to follow!

    Thank you.







  5. #4
    BT Level 1 ita1997's Avatar

    Join Date
    Jul 2010
    Posts
    1,243
    Reputation
    1
    Soul Points
    2,828
    Thanks
    22

    User Hash: jDi2ZZRkIP Address Hash: zT2iOYkl
    Country: Not Viewable By Guests

    Thanks...this will help a lot of people wanting to make a trainer including me =)

  6. #5

    User Hash: WD01OZIUIP Address Hash: GW04YNYY
    Country: Not Viewable By Guests

    Very nice tutorial ... but you have made one mistake.

    In step4 you tell the code for bytes on are 0F 84 and for off is 0F 85
    but later in your code i see this:

    void Fullgodmode() {
    DWORD address = 0x00961B6C;
    unsigned char fgmOn = "\x0F\x94";
    unsigned char fgmOff = "\x0F\x95";
    }

    but it most be:

    void Fullgodmode() {
    DWORD address = 0x00961B6C;
    unsigned char fgmOn = "\x0F\x84";
    unsigned char fgmOff = "\x0F\x85";
    }

    Or is it me that made a mistake now ?

  7. #6
    Soul Eater PsychicSymphony's Avatar

    Join Date
    May 2011
    Posts
    288
    Reputation
    12
    Soul Points
    501
    Thanks
    31

    User Hash: 2Dw1OMcEIP Address Hash: zGhzMYZk
    Country: Not Viewable By Guests

    @dannyvriens sorry yea I did make the mistake. btw I wrote this all on my iphone so I was making the code from scratch

  8. #7
    Banned

    Creation's Avatar

    Join Date
    Apr 2011
    Location
    New York
    Posts
    3,321
    Reputation
    30
    Soul Points
    4,472
    Thanks
    226

    User Hash: GWwmYMIFIP Address Hash: TThmNYNJ
    Country: Not Viewable By Guests

    I wish I understood it all...

    I will devote tomorrow to do so!

    -__________-

  9. #8
    Soul Eater PsychicSymphony's Avatar

    Join Date
    May 2011
    Posts
    288
    Reputation
    12
    Soul Points
    501
    Thanks
    31

    User Hash: 2Dw1OMcEIP Address Hash: zGhzMYZk
    Country: Not Viewable By Guests

    @Creation good luck

  10. #9
    Banned

    Creation's Avatar

    Join Date
    Apr 2011
    Location
    New York
    Posts
    3,321
    Reputation
    30
    Soul Points
    4,472
    Thanks
    226

    User Hash: GWwmYMIFIP Address Hash: TThmNYNJ
    Country: Not Viewable By Guests

    Quote Originally Posted by PsychicSymphony View Post
    @Creation good luck
    Thanks!!!
    -__________-

  11. #10
    Devourer of Souls Painiskill's Avatar

    Join Date
    Mar 2011
    Posts
    1,104
    Reputation
    -2
    Soul Points
    1,307
    Thanks
    25

    User Hash: TjhxYNJcIP Address Hash: TjxkZYUZ
    Country: Not Viewable By Guests

    @PsychicSymphony Is there anyway to change the shape of the GUI to like idk, the shape of a Mushroom?

  12. #11
    Devourer of Souls
    w8boy's Avatar

    Join Date
    Apr 2011
    Posts
    1,080
    Reputation
    15
    Soul Points
    1,290
    Thanks
    125

    User Hash: 2D4mOYIZIP Address Hash: jml2NYFY
    Country: Not Viewable By Guests

    You also need a full bypass to use CE.
    Just sayin :)

  13. #12
    Soul Eater PsychicSymphony's Avatar

    Join Date
    May 2011
    Posts
    288
    Reputation
    12
    Soul Points
    501
    Thanks
    31

    User Hash: 2Dw1OMcEIP Address Hash: zGhzMYZk
    Country: Not Viewable By Guests

    @Painiskill like the shape of the window?
    @w8boy Yea if you want one just install the w8baby pass :P

  14. #13
    ᶘ ᵒᴥᵒᶅ
    Deity's Avatar

    Join Date
    Jul 2010
    Location
    Your Moms House
    Posts
    1,396
    Reputation
    5
    Soul Points
    2,115
    Thanks
    110

    User Hash: GD50NMAIIP Address Hash: zjiiZMJJ
    Country: Not Viewable By Guests

    Whats ASM?

  15. #14
    Soul Eater PsychicSymphony's Avatar

    Join Date
    May 2011
    Posts
    288
    Reputation
    12
    Soul Points
    501
    Thanks
    31

    User Hash: 2Dw1OMcEIP Address Hash: zGhzMYZk
    Country: Not Viewable By Guests

    @Deity ASM : The ISO 639-3 official language code of Assamese (SIL) (from wiktionary.com)
    @lonerboy im actually gonna add in a part on how to make a trainer in a dll :D
    Last edited by PsychicSymphony; 06-15-2011 at 02:28 PM.

Page 1 of 10 123 ... LastLast

Tags for this Thread

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •