[Source] Zero Maphack v7.x.x for Warcraft 3 v1.21b

[Perma]

Here is the well organized source code to the last version of Zero. You're probably wondering why I'm posting this, and the answer is because these methods are a bit archaic and are being redeveloped. There's no need to keep the old ones a secret. Feel free to comment.

Zero.asm

Code:

;====================================================;
;            Zero Maphack Project by Perma           ;
;====================================================;
; This project was started on January 1st, 2007 as a ;
; public undetected maphack for Warcraft III. It has ;
; since evolved into a premium maphack with several  ;
; security implementations.                          ;
;                                                    ;
; INDEX                                              ;
; -------                                            ;
;                                                    ;
; Zero.asm      - Main source file.                  ;
; Hooks.inc     - Hooked game functions.             ;
; Security.inc  - Debugging and security-related.    ;
; Functions.inc - Numerous functions used by the     ;
;                 project. Consider it an API of     ;
;                 sorts, I suppose.                  ;
; Variables.inc - Address and hook definitions and   ;
;                 various toggles and variables.     ;
;                                                    ;
;====================================================;

.486
.Model Flat, StdCall

    ;//Make our DLL's code not case sensitive.
    OPTION CASEMAP :NONE

    ;//Import system includes.
    include \masm32\include\windows.inc
    include \masm32\include\masm32.inc
    include \masm32\include\user32.inc
    include \masm32\include\kernel32.inc
    include \masm32\include\debug.inc
    include \masm32\include\comctl32.inc
    include \masm32\include\comdlg32.inc
    include \masm32\include\advapi32.inc
    include \masm32\include\gdi32.inc
    include \masm32\include\wsock32.inc

    ;//Import system libraries.
    includelib \masm32\lib\masm32.lib
    includelib \masm32\lib\user32.lib
    includelib \masm32\lib\kernel32.lib
    includelib \masm32\lib\debug.lib
    includelib \masm32\lib\comctl32.lib
    includelib \masm32\lib\comdlg32.lib
    includelib \masm32\lib\advapi32.lib
    includelib \masm32\lib\gdi32.lib
    includelib \masm32\lib\wsock32.lib

    ;//Local imports for Zero.dll.
    include Variables.inc
    include Functions.inc
    include Security.inc
    include Hooks.inc

.data?

thread_InjectID        dd ?
hThread            dd ?

.code

DllEntryPoint proc hInstDLL:DWORD, reason:DWORD, unused:DWORD
   ;//This code is executed when our DLL is loaded.

    mov eax,reason
    .if eax == DLL_PROCESS_ATTACH

        ;//Save our DLL's current module handle.
        mov eax, hInstDLL
        mov hModule, eax

        ;//Call the function to hide our module.
        invoke DLL_HideModule

        ;//Create our injection thread if the launcher is present.
        invoke FindWindow, 0, CTEXT("Zero Launcher")
        .if eax != 0
            invoke CreateThread, NULL, 0, addr thread_InjectWarcraft, 0, 0, addr thread_InjectID
            mov hThread, eax
        .endif

    .endif
    ret

DllEntryPoint endp


End DllEntryPoint

[Perma]

Functions.inc

Code:

;====================================================;
;       Global Function Module (Functions.inc)       ;
;====================================================;
; This file houses a number of global functions that ;
; the project uses frequently. These are internal to ;
; the module as well as native functions of the      ;
; target game.                                       ;
;====================================================;

.code

DLL_PatchMemory proc   MemOffset:DWORD, DataPtr:DWORD, dataLen:DWORD
   ;//Memory patching function.

    LOCAL OldProt:DWORD

    invoke VirtualProtect, MemOffset, dataLen, PAGE_EXECUTE_READWRITE, addr OldProt
    invoke RtlMoveMemory, MemOffset, DataPtr, dataLen
    invoke VirtualProtect, MemOffset, dataLen, OldProt, addr OldProt
    ret

DLL_PatchMemory endp


DLL_SetHook proc   uses ecx ebx    from:DWORD, to:DWORD, jmptype:BYTE
   ;//Memory hooking function. Patches a call/jump to a target function.

    mov ecx, from
    mov ebx, to
    add ecx, 05h
    sub ebx, ecx
    lea ecx, lgJmp
    .if jmptype == 1

        ;//Type is an unconditional jump.
        mov byte ptr [ecx], 0E9h

    .elseif jmptype == 2

        ;//Type is a call.
        mov byte ptr [ecx], 0E8h

    .endif
    mov dword ptr [ecx+1], ebx
    invoke DLL_PatchMemory, from, addr lgJmp, 5
    ret

DLL_SetHook endp


DLL_MoveString proc   uses ecx ebx edx        destaddress:DWORD,srcaddress:DWORD
   ;//String moving function.

    mov ebx, destaddress
    mov ecx, srcaddress
    .while byte ptr [ecx] != 00h
        mov dl, byte ptr [ecx]
        mov byte ptr [ebx], dl
        inc ecx
        inc ebx
    .endw
    mov byte ptr [ebx], 00h
    ret

DLL_MoveString endp


Warcraft_TextOut proc        textloc:DWORD
   ;//In-game text printing function.

    push eax
    push edx
    push ecx
    push 0FFFFFFFFh

    ;//Get the pointer to Warcraft's global class.
    mov eax, WC3FXN_GlobalClass
    mov eax, dword ptr ds:[eax]

    ;//Get the pointer to the output class.
    mov eax, dword ptr ds:[eax+3E0h]
    mov edx, dword ptr ds:[eax]
    push 0
    push 41200000h
    lea ecx, dword ptr ss:[esp+08h]
    push ecx

    ;//Push the text address.
    mov ecx, textloc
    push ecx
    mov ecx, eax
    call dword ptr [WC3FXN_TextOut]
    pop ecx
    pop edx
    pop eax
    ret

Warcraft_TextOut endp


Warcraft_CheckGameState proc
   ;//Current game state checking function.

    ;//Get the pointer to Warcraft's global class.
    mov eax, WC3FXN_GlobalClass
    mov eax, dword ptr ds:[eax]

    ;//Check to see if we're in a game and return true/false.
    .if dword ptr [eax+1ACh] == 00000000h
        mov eax, 0
    .else
        mov eax, 1
    .endif
    ret

Warcraft_CheckGameState endp

[Perma]

Security.inc

Code:

.code

DLL_HideModule proc
   ;//PEB module hiding function.

    pushad

    ;//Get the address of the PEB.
    assume fs:nothing
    mov eax, fs:[30h]

    ;//Save ProcessModuleInfo.
    mov eax, [eax+0Ch]
    mov PPEB_LDR_DATA, eax

    @InLoadOrderModuleList:
    mov esi, [eax+0Ch]
    mov edx, [eax+10h]

    @LoopInLoadOrderModuleList:
    lodsd
        mov esi, eax
        mov ecx, [eax+18h]
        cmp ecx, hModule
        jne @f
            mov ebx, [eax]
            mov ecx, [eax+4]
            mov [ecx], ebx
            mov [ebx+4], ecx
            jmp @InMemoryOrderModuleList
    @@:
    cmp edx, esi
    jne @LoopInLoadOrderModuleList

    @InMemoryOrderModuleList:
    mov eax, PPEB_LDR_DATA
    mov esi, [eax+14h]
    mov edx, [eax+18h]

    @LoopInMemoryOrderModuleList:
        lodsd
        mov esi, eax
        mov ecx, [eax+10h]
        cmp ecx, hModule
        jne @f
            mov ebx, [eax]
            mov ecx, [eax+4]
            mov [ecx], ebx
            mov [ebx+4], ecx
            jmp @InInitializationOrderModuleList
    @@:
    cmp edx, esi
    jne @LoopInMemoryOrderModuleList

    @InInitializationOrderModuleList:
    mov eax, PPEB_LDR_DATA
    mov esi, [eax+1Ch]
    mov edx, [eax+20h]

    @LoopInInitializationOrderModuleList:
        lodsd
        mov esi, eax        
        mov ecx, [eax+08h]
        cmp ecx, hModule
        jne @f
            mov ebx, [eax]
            mov ecx, [eax+4]
            mov [ecx], ebx
            mov [ebx+4], ecx
            jmp @Finished
    @@:
    cmp edx, esi
    jne @LoopInInitializationOrderModuleList
      
    @Finished:
    popad
    ret

DLL_HideModule endp

[Perma]

Hooks.inc

Code:

;====================================================;
;          Warcraft Source Module (Hooks.inc)        ;
;====================================================;
; This is where all of our memory hooks jump to, in  ;
; appropriately crafted custom functions. This allows;
; us a lot of flexibility in manipulating various    ;
; parts of the function while maintaining a low      ;
; impact overall on Warcraft's address space.        ;
;====================================================;

.code

;===================================;
;           Main Map Hooks          ;
;===================================;

mainmap_Draw proc
   ;//Remove main map fog of war.

    .data
    mainmap_Draw1        dd 6F40AA86h

    .code
    or ebx, 0000F000h
    and ebx, esi
    test bx, bx
    je continue
    mov ecx, dword ptr [ecx]
    jmp dword ptr [mainmap_Draw1]
    continue:
    mov eax, dword ptr [eax+2Ch]
    movzx edx, word ptr [eax+2*edx]
    xor eax, eax
    mov ax, si
    and edx, 0FFFh
    not edx
    test eax, edx
    je explored
    mov ecx, dword ptr ds:[ecx+4]
    jmp finish
    explored:
    mov ecx, dword ptr ds:[ecx+8]
    finish:
    mov cl, byte ptr ds:[ecx+6F833DB4h]
    .if stateMap == 02h
        xor ecx, ecx
    .endif
    jmp dword ptr [fxnMainmapRetn]

mainmap_Draw endp


mainmap_Players proc
   ;//View player vision limitations on main map.

    mov esi, dword ptr [ebp-08h]
    mov eax, dword ptr [esi+0000099Ch]
    xor ecx, ecx
    cmp eax, ecx
    je continue
    .if stateMap == 01h
        mov dx, 0FFFh
    .else
        mov dx, word ptr ds:[eax+3Ch]
    .endif
    mov word ptr ss:[ebp-1Ch], dx
    jmp finish
    continue:
    mov dword ptr ss:[ebp-1Ch], ecx
    finish:
    mov edx, dword ptr ds:[esi+9D0h]
    xor eax, eax
    jmp dword ptr [fxnMainmapPlayersRetn]

mainmap_Players endp


mainmap_Units proc
   ;//Reveal enemy and neutral units on main map.

    mov dword ptr ss:[ebp-28h], eax
    mov dword ptr ss:[ebp-24h], eax
    mov dword ptr ss:[ebp-1Ch], eax
    mov eax, dword ptr ds:[edx+14h]
    mov edx, dword ptr ds:[edx+10h]
    .if stateMap != 00h
        xor eax, eax
        xor edx, edx
    .endif
    lea edx, dword ptr ds:[edx+eax*2]
    and ecx, edi
    jmp dword ptr [fxnUnitsRetn]

mainmap_Units endp


mainmap_Invisible proc
   ;//Reveal invisible units on main map.

    .data
    mainmap_Invisible1    dd 6F2A3D30h

    .code
    mov edx, dword ptr ds:[edi+198h]
    mov ecx, dword ptr ds:[edi+178h]
    xor eax, eax
    mov ax, word ptr ds:[edi+edx*2+218h]
    .if stateMap != 00h
        mov eax, 00000001h
    .else
        push 0
        push eax
        push esi
        call dword ptr [mainmap_Invisible1]
    .endif
    and ebx, eax
    jmp dword ptr [fxnInvisibleRetn]

mainmap_Invisible endp


mainmap_Footprints proc
   ;//Reveal unit footprints on main map.

    mov dword ptr ss:[ebp-30h], edi
    mov dword ptr ss:[ebp-18h], edi
    mov edi, dword ptr ds:[eax+10h]
    mov dword ptr ss:[ebp-1Ch], ecx
    mov ecx, dword ptr ds:[eax+14h]
    .if stateMap != 00h
        xor edi, edi
        xor ecx, ecx
    .endif
    lea ecx, dword ptr ds:[edi+ecx*2]
    mov edi, dword ptr ds:[eax+30h]
    jmp dword ptr [fxnFootprintsRetn]

mainmap_Footprints endp


mainmap_Specular proc
   ;//Reveal specular effects on main map.

    mov dword ptr ss:[ebp-44h], ebx
    mov dword ptr ss:[ebp-2Ch], ebx
    mov ebx, dword ptr ss:[esi+10h]
    mov dword ptr ss:[ebp-30h], edx
    mov edx, dword ptr ds:[esi+14h]
    .if stateMap != 00h
        xor ebx, ebx
        xor edx, edx
    .endif
    lea edx, dword ptr ds:[ebx+edx*2]
    mov ebx, dword ptr ds:[esi+30h]
    jmp dword ptr [fxnSpecularRetn]

mainmap_Specular endp


mainmap_Corpses proc
   ;//Reveal corpses on main map.

    mov dword ptr ss:[ebp-40h], edx
    mov dword ptr ss:[ebp-28h], edx
    mov edx, dword ptr ds:[esi+10h]
    mov dword ptr ss:[ebp-38h], eax
    mov dword ptr ss:[ebp-34h], eax
    mov dword ptr ss:[ebp-2Ch], eax
    mov eax, dword ptr ds:[esi+14h]
    .if stateMap != 00h
        xor eax, eax
        xor edx, edx
    .endif
    lea eax, dword ptr ds:[edx+eax*2]
    mov edx, dword ptr ds:[esi+30h]
    jmp dword ptr [fxnCorpsesRetn]

mainmap_Corpses endp


mainmap_StaticSprites proc
   ;//Reveal trees and static sprites on main map.

    mov dword ptr ss:[ebp-28h], ebx
    mov dword ptr ss:[ebp-24h], ebx
    mov dword ptr ss:[ebp-1Ch], ebx
    mov ebx, dword ptr ds:[ecx+14h]
    mov ecx, dword ptr ds:[ecx+10h]
    .if stateMap != 00h
        xor ebx, ebx
        xor ecx, ecx
    .endif
    lea ecx, dword ptr ds:[ecx+ebx*2]
    and eax, edi
    jmp dword ptr [fxnStaticSpritesRetn]

mainmap_StaticSprites endp


mainmap_Sound proc
   ;//Play out of range sounds on main map.

    mov dword ptr ss:[ebp-38h], ecx
    mov dword ptr ss:[ebp-34h], ecx
    mov dword ptr ss:[ebp-30h], ecx
    mov dword ptr ss:[ebp-2Ch], ecx
    mov dword ptr ss:[ebp-28h], ecx
    mov dword ptr ss:[ebp-20h], ecx
    mov dword ptr ss:[ebp-14h], ecx
    mov ecx, dword ptr ds:[esi+14h]
    .if stateMap != 00h
        xor ecx, ecx
        xor edx, edx
    .endif
    lea ecx, dword ptr ds:[edx+ecx*2]
    mov edx, dword ptr ds:[esi+30h]
    add eax, edi
    jmp dword ptr [fxnSoundRetn]

mainmap_Sound endp


mainmap_Blight proc
   ;//Reveal undead blight animation on main map.

    sub eax, edx
    xor edx, edx
    shl edx, cl
    mov ecx, dword ptr [esi+34h]
    sar eax, 1
    mov dword ptr [ebp-18h], esi
    add edx, edi
    mov edi, dword ptr [esi+30h]
    lea edx, dword ptr [edx+edx+02h]
    add ecx, edx
    add edi, edx
    mov edx, dword ptr ds:[esi+24h]
    and edx, 1
    mov dword ptr ss:[ebp-0Ch], ecx
    mov dword ptr ss:[ebp-10h], edi
    xor edx, edx
    jmp dword ptr [fxnBlightRetn]

mainmap_Blight endp


mainmap_Illusions proc
   ;//Reveal Blademaster illusions on main map.

    mov edx, 00000001h
    shl edx, cl
    pop edi
    pop esi
    and edx, eax
    neg edx
    sbb edx, edx
    neg edx
    mov eax, edx
    inc eax
    ret

mainmap_Illusions endp


mainmap_ShowRally proc
   ;//Show enemy building rally points on main map.

    .data
    mainmap_ShowRally1    dd 6F2A2E60h
    mainmap_ShowRally2    dd 6F463051h

    .code
    push eax
    mov ecx, esi
    call dword ptr [mainmap_ShowRally1]
    .if stateMap != 0
        @skip:
        jmp dword ptr [fxnShowRallyRetn]
    .else
        test eax, eax
        jne @skip
        jmp dword ptr [mainmap_ShowRally2]
    .endif

mainmap_ShowRally endp


mainmap_PaidStructure proc
   ;//Reveal structure placement of unbuilt buildings.

    .data
    mainmap_PaidStructure1    dd 6F563D5Ch
    mainmap_PaidStructure2    dd 6F1C2C60h

    .code
    call dword ptr [mainmap_PaidStructure2]
    test eax, eax
    je @skip
    jmp dword ptr [fxnPaidStructureRetn]
    @skip:
    .if stateMap != 00h
        jmp dword ptr [fxnPaidStructureRetn]
    .else
        jmp dword ptr [mainmap_PaidStructure1]
    .endif

mainmap_PaidStructure endp


mainmap_Placement proc
   ;//Same as above.

    .data
    mainmap_Placement1    dd 6F15C60Ah
    mainmap_Placement2    dd 6F1C2C60h

    .code
    mov ecx, edi
    call dword ptr [mainmap_Placement2]
    test eax, eax
    je @skip
    jmp dword ptr [fxnPlacementRetn]
    @skip:
    .if stateMap != 00h
        jmp dword ptr [fxnPlacementRetn]
    .else
        jmp dword ptr [mainmap_Placement1]
    .endif

mainmap_Placement endp



;===================================;
;           Minimap Hooks           ;
;===================================;

minimap_Draw proc
   ;//Remove fog of war on minimap.

    mov ebx, dword ptr ds:[6F873334h]
    mov esi, dword ptr ds:[ebx+34h]
    mov eax, dword ptr ds:[esi+14h]
    .if stateMap == 02h
        xor ecx, ecx
        xor eax, eax
    .else
        mov ecx, dword ptr ds:[esi+10]
    .endif
    test eax, eax
    jmp dword ptr [fxnMinimapRetn]

minimap_Draw endp


minimap_Players proc
   ;//Show player vision limitations on minimap.

    .data
    minimap_Players1    dd 6F2A4080h

    .code
    mov edx, dword ptr [edi+00000228h]
    mov ebx, dword ptr [edi+00000224h]
    sub esi, ecx
    mov ecx, dword ptr [ebp-30h]
    sub ebx, edx
    movzx edx, word ptr ds:[ecx+28h]
    push edx
    call dword ptr [minimap_Players1]
    mov eax, dword ptr ss:[ebp-20h]
    .if stateMap == 01h
        mov cx, 0FFFh
    .else
        mov cx, word ptr ds:[eax+3Ch]
    .endif
    mov eax, dword ptr ds:[edi+218h]
    mov word ptr ss:[ebp-28h], cx
    jmp dword ptr [fxnMinimapPlayersRetn]

minimap_Players endp


minimap_Locations proc
   ;//Show shops and gold mines on minimap.

    .data
    minimap_Locations1    dd 6F148769h
    minimap_Locations2    dd 6F293B00h

    .code
    call dword ptr [minimap_Locations2]
    test eax, eax
    jz continue
    mov ecx, dword ptr [ebp-14h]
    mov edx, dword ptr [ecx+24h]
    and edx, 00000001h
    cmp dl, 01h
    jne continue
    jmp dword ptr [minimap_Locations1]
    continue:
    lea ecx, dword ptr [edi+000000F0h]
    call dword ptr [WC3FXN_Ownership]
    test eax, eax
    jne @End
    xor ecx, ecx
    @End:
    jmp dword ptr [fxnLocationsRetn]

minimap_Locations endp


minimap_Ping proc
   ;//Show opponent pings on minimap.

    .data
    minimap_Ping1        dd 6F088E10h
    minimap_Ping2        dd 6F325ECAh
    minimap_Ping3        dd 6F325E4Bh
    minimap_Ping4        dd 6F2A2C70h

    .code
    push eax
    push ecx
    mov ecx, esi
    call dword ptr [minimap_Ping4]
    test eax, eax
    je @continue
    jmp dword ptr [minimap_Ping3]
    @continue:
    lea ecx, dword ptr ds:[edi+0F0h]
    call dword ptr [minimap_Ping1]
    cmp eax, eax
    jz continue
    jmp dword ptr [minimap_Ping2]
    continue:
    xor edx, edx
    mov ecx, 1
    jmp dword ptr [fxnMinimapPingRetn]

minimap_Ping endp



;===================================;
;          Selection Hooks          ;
;===================================;

select_EnemySelect proc
   ;//Allow selection of enemy units.

    .data
    select_EnemySelect1    dd 6F088E10h

    .code
    mov edx, dword ptr [ebp-08h]
    lea ecx, dword ptr [edx+000000F0h]
    call dword ptr [select_EnemySelect1]
    push 0
    mov eax, dword ptr ss:[ebp+0Ch]
    push eax
    push edi
    mov edi, dword ptr ss:[ebp-04h]
    push edi
    mov ecx, esi
    call dword ptr [WC3FXN_Select]
    jmp dword ptr [fxnSelectRetn]

select_EnemySelect endp


select_ShowResources proc
   ;//Show resources of enemies in the unit HUD.

    .data
    select_ShowResources1    dd 6F3186F0h
    select_ShowResources2    dd 6F088E10h
    select_ShowResources3    dd 6F1B8770h

    .code
    mov ecx, dword ptr [esi+00000124h]
    mov dword ptr [ebp-08h], eax
    call dword ptr [select_ShowResources3]
    mov edi, eax
    mov ecx, edi
    call dword ptr [select_ShowResources1]
    mov ecx, dword ptr [ebp-08h]
    movzx edx, byte ptr [ecx+30h]
    lea ecx, dword ptr [eax+00000088h]
    mov dword ptr [ebp-10h], edx
    call dword ptr [select_ShowResources2]
    mov ecx, dword ptr [ebp-10h]
    mov edx, 00000001h
    shl edx, cl
    jmp dword ptr [fxnShowResourcesRetn]

select_ShowResources endp


select_ShowHealth proc
   ;//Permanently display health bars.

    .data
    select_ShowHealth1    dd 6F081330h

    .code
    mov edx, 6F17D770h
    mov ecx, eax
    call dword ptr [select_ShowHealth1]
    mov ecx, 00000002h
    call dword ptr [WC3FXN_War3D2]
    mov edi, eax
    cmp edi, ebx
    jne @Show1
    mov ecx, 00000112h
    call dword ptr [WC3FXN_War3D2]
    .if stateHealth == 01h
        mov eax, 00000001h
    .else
        test eax, eax
        je @NoShow1
        @Show1:
        mov eax, 00000001h
    .endif
    @NoShow1:
    cmp edi, ebx
    mov dword ptr [esi+00000180h], eax
    jne @Show2
    mov ecx, 00000113h
    call dword ptr [WC3FXN_War3D2]
    .if stateHealth == 01h
        mov eax, 00000001h
    .else
        test eax, eax
        je @End
        @Show2:
        mov eax, 00000001h
    .endif
    @End:
    jmp dword ptr [fxnShowHealthRetn]

select_ShowHealth endp


select_ShowCooldowns proc
   ;//Reveal enemy cooldowns.

    pop esi
    mov eax, 1
    ret

select_ShowCooldowns endp


select_ShowSkills1 proc
   ;//Show hero skills.

    call dword ptr [WC3FXN_DrawIcon]
    jmp dword ptr [fxnShowSkills1Retn]

select_ShowSkills1 endp


select_ShowSkills2 proc

    call dword ptr [WC3FXN_DrawIcon]
    jmp dword ptr [fxnShowSkills2Retn]

select_ShowSkills2 endp


select_HeroPortraits proc
   ;//Displays allied hero portraits in the top left.

    .data
    select_HeroPortraits1    dd 6F137EB4h
    select_HeroPortraits2    dd 6F137BE1h
    select_HeroPortraits3    dd 6F2A2C70h
    select_HeroPortraits4    dd 6F2A2E60h

    .code
    mov eax, dword ptr [ebp-1Ch]
    mov ecx, dword ptr [ebp+08h]
    mov edx, dword ptr [ecx]
    push eax
    call dword ptr [edx+000000ECh]
    mov ecx, dword ptr [ebp-20h]
    push eax
    .if stateMap == 02h
        call dword ptr [select_HeroPortraits3]
        test eax, eax
        jne @skip
        jmp dword ptr [select_HeroPortraits1]
        @skip:
        jmp dword ptr [select_HeroPortraits2]
    .else
        call dword ptr [select_HeroPortraits4]
        test eax, eax
        jne @end
        jmp dword ptr [select_HeroPortraits1]
        @end:
        jmp dword ptr [fxnHeroPortraitsRetn]
    .endif

select_HeroPortraits endp

[Perma]

Hooks.inc (Hotkey Thread)

Code:

;===================================;
;            Hotkey Hook            ;
;===================================;

thread_InjectWarcraft proc

    ;//Set hooks to Warcraft.
    invoke DLL_SetHook, fxnMainmapHook, addr mainmap_Draw, 1
    invoke DLL_SetHook, fxnMinimapHook, addr minimap_Draw, 1
    invoke DLL_SetHook, fxnMainmapPlayersHook, addr mainmap_Players, 1
    invoke DLL_SetHook, fxnLocationsHook, addr minimap_Locations, 1
    invoke DLL_SetHook, fxnMinimapPingHook, addr minimap_Ping, 1
    invoke DLL_SetHook, fxnMinimapPlayersHook, addr minimap_Players, 1
    invoke DLL_SetHook, fxnUnitsHook, addr mainmap_Units, 1
    invoke DLL_SetHook, fxnFootprintsHook, addr mainmap_Footprints, 1
    invoke DLL_SetHook, fxnSpecularHook, addr mainmap_Specular, 1
    invoke DLL_SetHook, fxnCorpsesHook, addr mainmap_Corpses, 1
    invoke DLL_SetHook, fxnStaticSpritesHook, addr mainmap_StaticSprites, 1
    invoke DLL_SetHook, fxnSoundHook, addr mainmap_Sound, 1
    invoke DLL_SetHook, fxnIllusionsHook, addr mainmap_Illusions, 1
    invoke DLL_SetHook, fxnInvisibleHook, addr mainmap_Invisible, 1
    invoke DLL_SetHook, fxnSelectHook, addr select_EnemySelect, 1
    invoke DLL_SetHook, fxnShowResourcesHook, addr select_ShowResources, 1
    invoke DLL_SetHook, fxnShowHealthHook, addr select_ShowHealth, 1
    invoke DLL_SetHook, fxnShowCooldownsHook, addr select_ShowCooldowns, 1
    invoke DLL_SetHook, fxnShowSkills1Hook, addr select_ShowSkills1, 1
    invoke DLL_SetHook, fxnShowSkills2Hook, addr select_ShowSkills2, 1
    invoke DLL_SetHook, fxnShowRallyHook, addr mainmap_ShowRally, 1
    invoke DLL_SetHook, fxnHeroPortraitsHook, addr select_HeroPortraits, 1
    invoke DLL_SetHook, fxnPaidStructureHook, addr mainmap_PaidStructure, 1
    invoke DLL_SetHook, fxnPlacementHook, addr mainmap_Placement, 1

    Hotkey:

    ;//Make sure we're in a game.
    invoke Warcraft_CheckGameState
    test eax, eax
    jz @End

    invoke GetAsyncKeyState, VK_F5
    .if eax != 0

        ;//Get the current time.
        invoke GetTimeFormat, NULL, NULL, NULL, addr strClockFmt, addr strClockBuffer, 50

        .if stateMap == 00h

        ;//Change mode to Lite.
        mov stateMap, 01h
        invoke wsprintf, addr strMessageBuffer, addr wc3StratMode, addr strClockBuffer
        invoke Warcraft_TextOut, addr strMessageBuffer

        .elseif stateMap == 01h

        ;//Change mode to Full.
        mov stateMap, 02h
        invoke wsprintf, addr strMessageBuffer, addr wc3FullMode, addr strClockBuffer
        invoke Warcraft_TextOut, addr strMessageBuffer

        .elseif stateMap == 02h

        ;//Change mode to Off.
        mov stateMap, 00h
        invoke wsprintf, addr strMessageBuffer, addr wc3OffMode, addr strClockBuffer
        invoke Warcraft_TextOut, addr strMessageBuffer

        .endif
    .endif
    invoke GetAsyncKeyState, VK_F4
    .if eax != 0
        .if stateHealth == 00h

        ;//Turn health bars on.
        mov stateHealth, 01h

        .else

        ;//Turn health bars off.
        mov stateHealth, 00h

        .endif
    .endif

    @End:
    invoke Sleep, 750
    jmp Hotkey

thread_InjectWarcraft endp

[Perma]

Variables.inc

Code:

;====================================================;
;       Global Variables Module (Variables.inc)      ;
;====================================================;
; This file is home to all of the variables of the   ;
; entire project. This includes toggles, text, and   ;
; function addresses.                                ;
;====================================================;

.data?

    hModule         dd ?
    lgJmp            db 5 dup(?)
    strClockBuffer        db 50 dup(?)
    strMessageBuffer    db 128 dup(?)

.data

    PPEB_LDR_DATA        dd 0
    vNop            db 90h

    ;//Static text strings.
    strClockFmt        db "'['hh':'mm' 'tt']'", 0
    wc3OffMode        db "|cA0FFFFFF%s |cA000FF00Maphack has been set to |cA0FFFFFFoff mode|cA000FF00.",0
    wc3StratMode        db "|cA0FFFFFF%s |cA000FF00Maphack has been set to |cA0FFFFFFlite mode|cA000FF00.",0
    wc3FullMode        db "|cA0FFFFFF%s |cA000FF00Maphack has been set to |cA0FFFFFFfull mode|cA000FF00.",0

    ;//Primary maphack switch.
    stateMap        db 00h
    stateHealth        db 00h

    ;//Function addresses.
    WC3FXN_DrawUnit     dd 6F2A3D30h
    WC3FXN_Select        dd 6F2A3270h
    WC3FXN_Ownership    dd 6F088E10h
    WC3FXN_DrawRing     dd 6F116370h
    WC3FXN_HideRing     dd 6F1163D0h
    WC3FXN_DrawRally    dd 6F2A2E60h
    WC3FXN_War3D2        dd 6F63B602h
    WC3FXN_TextOut        dd 6F663740h
    WC3FXN_GlobalClass    dd 6F84CC20h
    WC3FXN_DrawIcon     dd 6F1C3050h
    WC3FXN_GameClass    dd 6F873334h
    PROFILE_LITE        dd 15046EF0h
    PROFILE_FULL        dd 15046F0Eh


    ;//Hook addresses.
    fxnMainmapHook        dd 6F40AA55h
    fxnMinimapHook        dd 6F147C6Fh
    fxnLocationsHook    dd 6F14872Bh
    fxnUnitsHook        dd 6F2A3BFAh
    fxnFootprintsHook    dd 6F07431Fh
    fxnSpecularHook     dd 6F17EA66h
    fxnCorpsesHook        dd 6F0735CFh
    fxnStaticSpritesHook    dd 6F2A3A9Ch
    fxnSoundHook        dd 6F2A31DFh
    fxnBlightHook        dd 6F30CF73h
    fxnIllusionsHook    dd 6F1B01A9h
    fxnInvisibleHook    dd 6F17D862h
    fxnSelectHook        dd 6F1C0755h
    fxnShowResourcesHook    dd 6F13EF2Bh
    fxnShowHealthHook    dd 6F17F4A9h
    fxnShowCooldownsHook    dd 6F1C2C77h
    fxnShowSkills1Hook    dd 6F12DC33h
    fxnShowSkills2Hook    dd 6F12DC73h
    fxnMinimapPingHook    dd 6F325E1Ch
    fxnMinimapPlayersHook    dd 6F147D10h
    fxnMainmapPlayersHook    dd 6F40A918h
    fxnShowRallyHook    dd 6F462F92h
    fxnHeroPortraitsHook    dd 6F137BF1h
    fxnPaidStructureHook    dd 6F563D12h
    fxnPlacementHook    dd 6F15C51Dh

    ;//Return addresses.
    fxnMainmapRetn        dd 6F40AA8Ch
    fxnMinimapRetn        dd 6F147C7Ah
    fxnLocationsRetn    dd 6F148769h
    fxnUnitsRetn        dd 6F2A3C0Eh
    fxnFootprintsRetn    dd 6F074334h
    fxnSpecularRetn     dd 6F17EA7Bh
    fxnCorpsesRetn        dd 6F0735EAh
    fxnStaticSpritesRetn    dd 6F2A3AB0h
    fxnSoundRetn        dd 6F2A31FFh
    fxnBlightRetn        dd 6F30D089h
    fxnInvisibleRetn    dd 6F17D883h
    fxnSelectRetn        dd 6F1C0789h
    fxnShowResourcesRetn    dd 6F13EF96h
    fxnShowHealthRetn    dd 6F17F4F5h
    fxnShowSkills1Retn    dd 6F12DC3Ch
    fxnShowSkills2Retn    dd 6F12DC7Ch
    fxnMinimapPingRetn    dd 6F325E52h
    fxnMinimapPlayersRetn    dd 6F147D3Eh
    fxnMainmapPlayersRetn    dd 6F40A93Ch
    fxnShowRallyRetn    dd 6F462FA2h
    fxnHeroPortraitsRetn    dd 6F137C11h
    fxnPaidStructureRetn    dd 6F563D1Bh
    fxnPlacementRetn    dd 6F15C52Ch

[Perma]

Feel free to use this source code in your own work, and I encourage you to make your releases open source. Please keep in mind that while constructive criticism is welcome, this work is quite old.

[sd333221]

6F12DC7Ch

This will cause problems as the Game.dll isn't always mapped to 6F000000

DLL_HideModule proc

It really senseless to hide the module when you have done very detectable patches to the game.dll.
Why would anyone try to detect frozen that way when the patches can be detected in 3 lines of code?

invoke GetAsyncKeyState, VK_F5
.if eax != 0
[...]
invoke Sleep, 750

When you hold F5 too long, it triggers multiple times.
You should really add a variable for that instead of that long sleep

Todo:
Move these

mov cl, byte ptr ds:[ecx+6F833DB4h]

into variables inc, or you will have hours for updating after each new patch

I hope I could help you with that.
Good job on your hack

[Perma]

This will cause problems as the Game.dll isn't always mapped to 6F000000

I know. There was room for a lot of improvement in this source code, but keep in mind it was written over a year ago and wasn't meant to be ported quickly to new patches.