How to make a Dll

tarafından **Hello EMO** C.tesi Ara. 04, 2010 1:31 pm

[quote name='attilathedud' timestamp='1158871021' post='1055']
Although Dll's are probably overkill for a basic money hack, if you can't do them, you will never be able to be a very effective coder. So let's start shall we?

In this example I'm going to show you how to make a dll hack that gives you 50000 minerals whenever you press 'm' in Starcraft 1.13f(was to lazy to ever download the patch).

Before we go rushing into this let's think a little first. Dll stands for Dynamic Link Library, and in most basic terms, allows you to,when injected into the target, have complete and utter control.:lol:

Now, before I rush into anything, I always think over what the code will do in my head. When I did this, it looked something like this:

Kod:: function minerals { int offset = (adress) while 'm' down == true { offset = 50000 } } function main { call minerals }

That doesn't look to confusing, now does it?
Okay, now open up whatever compiler your using(I use MCVS 6.0) and select the win32 Dynamic Link Library, or something of that nature, then make a simple project.
Hopefully by now, your code will look something like this:

Kod:: #include "stdafx.h" BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { return TRUE; }

Now remembering back to our psuedo code we had:

Kod:: function minerals { int offset = (adress) while 'm' down == true { offset = 50000 } }

Now unfortutantly, we can't copy that code, but it's not to hard to translate to C.
For 'function minerals' it's going to look a little something like this:

Kod:: DWORD WINAPI minerals( LPVOID lpParam ); DWORD WINAPI minerals( LPVOID lpParam){

Now you may be going, WTF! Don't worry, this is actually pretty easy to understand. Basically this code declares minerals as a double word winapi. This is along the same lines as void or int. Now the next thing you'll notice is that I seemingly put the exact same code twice. Look carefully though, and you'll see that the first part DECLARES it, like int sdkdaslk;, while the second part is actually going to tell it what to do when we call it.
For the actual code inside, it's very similar to the psuedo:

Kod:: DWORD OldProt; int *offset = (int*)0x515240; while(true) { while(!(GetAsyncKeyState(0x4D))) Sleep(100); VirtualProtect(offset, 4, PAGE_EXECUTE_READWRITE, &OldProt); *offset = 50000; VirtualProtect(offset, 4, OldProt, &OldProt); } return 0; }

If you haven't learned about pointers yet, you're probably confused by the *. According to the ever right wikipedia a pointer is Basically that line in English would be

Kod:: integer offset point to adress value 515240(Starcraft's mineral value)

And just for your reference 0x in front of a number declares it as hex in C++.
Now comes to the while(true) loop. All this in itself does is to keep on executing the code over and over again.
Next comes the actual keypress. Now this make look a little odd, so let's examine it.

Kod:: while(!(GetAsyncKeyState(0x4D)))

GetAsyncKeyState checks to see if the key is down or up. Now you will notice the while loop. When a key is down, it's value is stored as one, and when it is up, it is stored as 0. 0x4D is M, which can also be 'M'. Now the ! means not in C++ so basically this says while M is not equal 0(because we never defined a value to check against, so the default is zero), execute my code.
Now for the code inside:

Kod:: Sleep(100); VirtualProtect(offset, 4, PAGE_EXECUTE_READWRITE, &OldProt); *offset = 50000; VirtualProtect(offset, 4, OldProt, &OldProt);

That turned out nicely. This tells our program what to do when 'm' is pressed. First it pauses for 1 second(Sleep is in Milliseconds), so the user has time to lift off the button. Then we change offset(with VirtualProtect) to the type of data our target uses to prevent StarCraft from crashing. The middle part should be self explainitory as it just sets offset to 50000.
Now to the last part of the code(on the last strech, hooray)!

Kod:: function main { call minerals }

Luckily, Mr. Compiler has already declared main for us in the form of:

Kod:: BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { return TRUE; }

So our next section of code will just go in here.
We need to call the minerals function now, which is actually quite easy:

Kod:: if (ul_reason_for_call == DLL_PROCESS_ATTACH) { CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)minerals, NULL, NULL, NULL ); } else{ return TRUE; };

If you try to translate it into what it would do in english, it's pretty much a direct match. If our program gets attached, then, create a thread for our program in the target, and call minerals.

And wallah, that's it. Hopefully by now you have something like this:

Kod:: #include <stdafx.h> DWORD WINAPI minerals( LPVOID lpParam ); DWORD WINAPI minerals( LPVOID lpParam){DWORD OldProt; int *offset = (int*)0x515240; while(true) { while(!(GetAsyncKeyState(0x4D))) Sleep(100); VirtualProtect(offset, 4, PAGE_EXECUTE_READWRITE, &OldProt); *offset = 50000; VirtualProtect(offset, 4, OldProt, &OldProt); } return 0; } BOOL APIENTRY DllMain( HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved ) { if (ul_reason_for_call == DLL_PROCESS_ATTACH) { CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)minerals, NULL, NULL, NULL ); } else{ return TRUE; }; return TRUE; }

Now all you have to do is build it and you're on your way.
Finally comes injected it. As it is a Dll, you will need a Dll injector to make it work. There are many easily found both online and on bwhacks.com for Starcraft.
Hopefully you learned something from this, and didn't just copy the code from the bottom. Hope you had fun!

ShoutOuts:
Pandas
[/quote]