How To Write Your First Game Hack in C++ Tutorial

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

okay so today you're going to learn how to make your first ever cheats and this is going to be in a game called Soul Cube and it's going to be written in C++ so things you need for this is going to be first off visual studio and some kind of uh C++ compiler as well as uh chat engine to get your addresses froment effectively how this chat works is it finds uh you need addresses to read and write to in your your RAM where the game is held and you're effectively just overwriting in this case your health variable so obviously you're going to want to install a s Cube I'll put the link to that in the description and then also you're going to need a g engine so how you're going to start is you need to find the address for your health and this first you want to go up to this window in the top left here and attach assault Cube to G engine then you can see the health down here is a a value 100 so if we search 100 into uh gin and then scan it will find all the addresses in your RAM which have the value of 100 so next what you need to do to just get shot by an enemy just to take some damage okay perfect so we taken some damage what we need to do is to scan for a second time same with the value of 52 which is the new health value and just like that we get the this uh address here is the value of our health and we can check that by changing the value just say 20000 you can see down here that becomes 200 so we can label that as the help address and how uh e addresses work in the ram how they are effectively stored is uh using offsets so how this works is there'll be an object which has the entity in it and um in in the ram just next to this uh object address if you add an offset to that address you'll get uh the health so you can find that by right clicking this and find out what access is is address uh and if you look here you'll see there is a register which is ebx or EDI and then it adds the hexal EC uh so this means that the offset uh is EC and that the uh entity object is ebx so if you take this in ebx and add this address call it the entity object so effectively uh you can also check this by going to memory view tools disect data structures put that in there to find new structures and this way we can search through what's in the player entity uh so this is going to have to all the information of where the player is so for example if we look at 183 12803 I can see there's all floats so that's probably a position if I move there it changes uh if I jump you can see that is the Z coordinate changing and if we go to EC we can see it's 22 which is the same as our health value so once again change up to 100 our health value gets changed to 100 so we know this is the player object and that is the player's Health with that offset and how assault Cube works is actually a static address to the um entity objects or local in this case it's the local player object and there's always a static pointer to this address which is basically a static pointer it's like when you close the game um it will always stay the same and so that means you can uh find the same address every time you restart the game so how you find this is you take the address which is the local player pointer um and you search for it as a hex decimal number because that's what it is and when you scan for it it'll scan through all the ram to find um the add correct addresses and then if you look through this list it's the ones written in green with acore client.exe written in front of it so take one of these um and this is your static address to the uh local player pointer so basically this will always be equal to the location of the player object no matter how many times you restart your game so this is a local player pointer um so we can get rid of this now we don't need that anymore um then we could take this add an address manually put it in put it as a pointer then uh say and uh local player objects then okay so this is permanently attached to our local player object and then we can do the same for the local player Health then add that offset that we found earlier which was EC and as you can see this is if well if we come live again this will be equal to 100 sorry minor technical problem there so I just had to get all the offsets again so if we restart the game open it again and the rear touch tree engine to the process and now you can see all of these have come back again it just takes a moment uh until you get hit for it to actually register and put these back to what they were before so now we have all the the values we need we can start coding so if you want to create a new project uh and you want to find console app C++ next and then assult CU toor and create the project so then has all this stuff you can just get rid of that and um first thing you want to do is go to header FES add existing item no not existing item add a a new item uh and you want this to be called uh includes. H that's a header file and you're going to put all the things that need to be included so this first off you want to add the windows. H header file so this will include everything with the windows API uh and all the functions and data types that you'll need and also TL help 32. and iOS stream for any bits of data you'll want to print out um so that's all that includes and then first thing you want to do is include that in your regular uh C++ file and then you want to go uh just make an in main function which is like the first function that you will ever go to in uh C++ with your program starts so the first thing you're going to want to do is you're want to Define some variables so uh you want to Define uh some unside integer pointers oh actually first thing you want to do is quickly change this at the top to x86 and then release that's just making sure it's the right data and actually it's probably better if you do this as a dword because this specifically saying it's a 32-bit number uh and the next case it's the first you want to find the process ID and the base module which is like the module it's like the Base address of where the game is stored in the r um and then you're going to want to say p ID is equal to get process ID uh acore client and obviously this function hasn't been defined yet so we're going to want to create a new header file and you're going to call this proc. and then a new source file called prod. CPP so in here you're going to have functions which are going to return your process ID and your module Base address so you going want to begin in the header file and you're going to want to include includes file which have before and also windows again just due to some weird compiler problems you're going to have otherwise and you're want to start by defining the get process ID function and as an argument you want to run a cons CH pointer and you want to be called process name and that's just going to take the process name uh and then return the process ID of the function and second you want to make another dword and this is going to be the get module Base address we want to put in the process ID and another con pointer to the name of the module and so that's the header file done just going copy paste these and put them into the proc. CCP which we going to first off include proc. H so you have these two functions and now we're going to write them uh these are quite complex functions I'll explain what they do but it's uh I'll put them in the description uh if anyone can't be B to actually write them themselves so first thing you want to do is in the process ID you're want to just Define um the process ID which you're going to return as zero and then you want to create a handle called H snap and you want to say it's equal to create tool help 32 snapshots and then as a parameter you want to put in t32 sore snap process and then also zero because we don't need to put in uh a process ID because we don't have one here and then you just want to check that the handle is not invalid does not equal inv valid just handle value and if it doesn't you going to create a process entry 32 called proc entry you going to find the uh size which is proc entry. DW size is equal to size of proc entry and then you're going to want to see if the process 32 first and then you're going to p through the hnap and the address of the proc entry variable uh then you want to say the pr ID is equal to proc entry. t32 process not parent process 32 process ID that's fine and then going to break out of oh I forgot to include a do while loop so here you want to do do and then just indent that while any one do that while uh process 32 next H snap the the address of the proc entry variable then you're just going to want to close the handle so it's not opening definitely uh H and then return Pro ready so effectively what this does is it creates a snapshot of all the processes that windows currently has open and it uh in this uh loop here it goes through all of them checks if it's the one that you've put in as the process name and uh Returns the process that you're looking for and um that means that here in uh why is that undefined I just capitalized get process ID so that means that this function which is in here can now be referenced why is that uh We've Not Included the proc. H file it includes that should be F now yeah okay so now we have the process ID the next step is to get the uh base module so we have to say base module is equal to get module Base address you can put in the process ID and then the um the name of the uh exe again which is AC on client.exe so now we're going to have to Define how we can get that uh base module uh while module based addess which is where the this uh game is stored in the ram but first thing we're going to do have back to this proc. CCP file and now we're going to start writing the code for this function so first you want to begin by saying the dword mod Base address is equal to zero and it's it's very similar to what you so you a handle uh and then create to help 32 snapshots and then d32 csor snap module oh I need a bar line here the bar line on my keyboards my bad uh so have that there and then th h32 CS snap module 32 so this is just um using the both 64 and 32bit versions and then because this time we can put in the process ID because we already have it so that will create the handle to the process and then we just go check if it's invalid again um if you can if the handle is valid then create a module entry 32 I call that mod entry we can Define the size as mod entry DW size is equal to the size of mod entry um and then we've got to say if the module 32 first H snap and then put in the address of uh mod entry uh if that's true then you're going to want to do uh and then you want to do it while um module 32 next h now the address of mod entry and in this statement you want to do um hold up I just sped an error with the last function so if we we need to include if not WC SI CMP um then proc entry dot s zexe file and then proc name if those are true then we can do that um get the Press sorry that was a error from before and then want to do something very similar here if not WCS I cm p mod entry. SC modle then module name uh then you want to say the mod Base address is equal to uh casted uh dword um mod entry. mod Base address then you want to break and then here close the handle of H snap and turn mod base Ed R so that should be our function for get Auto based addesses and process IDs completely finished and we can test these now so if we do uh STD SE out STD hex uh p ke ID SCD n line that's just printing it out and do the same for the base module so what that function actually does is very similar to this one is it Cycles through all the processes again but uh this time because we have the process ID we can use the process ID to identify which one it is and then return the module Base address that's what that does uh and now uh we can't run this and 23dc is the actually that's not supposed to be an hex decimal so if we could get rid of that line because the prop idea is just an integer yes it's 9180 and then the Base address is uh 400,000 so now that we have the process C and the Base address um we can get to change changing some of the variables so first what we're going to want to do is create a handle what handle you want say that's equal to uh open process and this is basically opening handle to the process and you want to Define it as process or access so basically what this means is it gives you access to a handle which can be used to read and right uh the memory of the process uh we don't need to inherit so we just pass n through that and then just put in the proc that we got through from before so all that will do is just allow us to read a right to the process so the first thing the next thing we want to do is Define another dword here and just Define it as the uh local player pointer and then also Define it define an integer Health set that equal to 9999 for example that's the health that we're going to change it to so first we have to rot the local player pointer and the way we do that is by using the windows read process memory function first we've got to put in the handle to the process then you're going to want to cast this to uh like it says here an LPC void and then here you're going to put your uh you want to have a look back to CH engine find your local player uh pointer and you see it's AC client so this AC client bit that's the module Base address and that's the offset so for this AC client bit we're going to want to put in um base module and you're going to add this offset so you say plus Ox to make it hex and then add that uh and so that will mean they'll be able to read the pointer of the look player and then you to tell it to return that to the address of local player pointer at the size of loal play and then we don't need to specify the white spread so we just pass a no pointer through that there so that means that we'll have the local player pointer and we can just check that see SCD uh and so this should return uh the same value we have here so which is 05 by 05 95410 05 94514 Z so it's the same value there and there so that means we have our local player pointer so now we can get to the fun bit which is uh re uh overwriting uh well we can say while true so that means it will run forever and you can see right process memory uh put in the handle again this time not to an LPC void but to an LP void when you cast it and in the other brackets you want to put the local player pointer and then add the uh that that's defining uh this so this is the local player Point different B four which is the uh 07 B2 one for f8 and You' got add uh EC um is that correct I think so um add that's wait that's the wrong number uh X EC and then at the address of the buffer wait no uh yeah we need to def find the address of the health that's the value it's going to take from it and overwrite it as the size of health and then we just can pass into point you to specify them FES this should now work it's not running see there we go now my health is at 9999 and it doesn't go down so yep that's the first cheat you've written in C++ so what you've done is you've uh reversed the address yourself using Cheat Engine and then learn how to use C++ to overwrite them

Info

Channel: kxbra

Views: 9,177

Rating: undefined out of 5

Keywords:

Id: GwP6QZDIfyg

Channel Id: undefined

Length: 24min 40sec (1480 seconds)

Published: Sun Nov 20 2022