Showing results 1 to 11 of 11

Thread: Basic VB Hacking Tutorial - Hacking PQ

  1. #1
    The Sexy Penguin Senior Member
    Retired Staff Member

    Prophet
    LCS's Avatar
    Join Date
    Feb 2005
    Location
    astrotravelin'
    Posts
    7,801

    Default Basic VB Hacking Tutorial - Hacking PQ

    Ok, I decided to post this tutorial I wrote along time ago because there are alot of people having problems with the API and stuff and a few people found this tutorial helpful, I wrote this tutorial in notepad so the spacing and **** is kinda ****ed up, but just live with it...

    WriteProscessMemory Tutorial
    Basic Game Hacking Tutorial For Visual Basic 6.0
    By LCSBSSRHXXX

    Tools:
    ArtMoney (or other memory searchers)
    VB 6.0
    Program you want to write new memory too.

    In this example we will use a free game called PQ (Progress Quest)
    www.progressquest.com




    ################################################## #################################
    ### NOTICE: ###
    ### Addresses, and search results will often varry for different users ###
    ################################################## #################################




    OK to start out make a file on PQ.
    Open up ArtMoney and Select Progress Quest in the "Select process" combo box
    Now click search set it up as the fallowing :

    Code:
    	Search - Exact Value
    	Value  - 
    	Type   - ALL
    Value is what you want your searching for. Well start out by searching for your characters Race, my characters race it Panda Man,
    you need to type the value your searching for exactly how it is in the game (because the search is Case sensetive)

    Code:
    	Search - Exact Value
    	Value  - Panda Man
    	Type   - ALL
    You should come up with a couple of results, around 4 maybe more or less, but around there.


    ################################################## #################################
    ### NOTICE: ###
    ### Addresses, and search results will often varry for different users ###
    ################################################## #################################

    Code:
    	Value 1 - 0012002F - Panda Man - Text 9 Bytes
    	Value 2 - 0016E247 - Panda Man - Text 9 Bytes
    	Value 3 - 004D0BCE - Panda Man - Text 9 Bytes
    	Value 4 - 009F98D8 - Panda Man - Text 9 Bytes
    Now your going to change the values.


    Code:
    	Value 1 - 0012002F - 1 - Text 9 Bytes
    	Value 2 - 0016E247 - 2 - Text 9 Bytes
    	Value 3 - 004D0BCE - 3 - Text 9 Bytes
    	Value 4 - 009F98D8 - 4 - Text 9 Bytes
    Now go to the the bottom of ArtMoney and click save, or go to the "Table" menu then click "Save".
    Now open PQ back up, and look at your race. It should be the original value with the first letter replaced with one of the numbers you listed.

    Code:
    	Race - 4anda Man
    Now that it you know what number wrote to Panda Man (in my case 4) look at Value 4, and write down, or rember that address.


    Code:
    	Value 4 - 009F98D8 - 4 - Text 9 Bytes
    The address for value 4 is 009F98D8, now you know what address to write to.
    Open up VB, and start a new project, make a module, and a from called what ever
    In the module you want to put ur API in it (you dont need all of those calls, but those are the basic API calls you would use to write a hack / trainer.)

    Code:
    Option Explicit
    	Public Declare Function FindWindow Lib "user32" Alias "FindWindowA" (ByVal lpClassName As String, ByVal lpWindowName As String) As Long
    	Public Declare Function GetWindowThreadProcessId Lib "user32" (ByVal hwnd As Long, lpdwProcessId As Long) As Long
    	Public Declare Function OpenProcess Lib "kernel32" (ByVal dwDesiredAccess As Long, ByVal bInheritHandle As Long, ByVal dwProcessId As Long) As Long
    	Public Declare Function WriteProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
    	Public Declare Function ReadProcessMemory Lib "kernel32" (ByVal hProcess As Long, ByVal lpBaseAddress As Any, ByVal lpBuffer As Any, ByVal nSize As Long, lpNumberOfBytesWritten As Long) As Long
    	Public Declare Function CloseHandle Lib "kernel32" (ByVal hObject As Long) As Long
    	Public Const PROCESS_ALL_ACCESS As Long = &H1F0FFF
    Ok now your going to make a form with a command button, and textbox on it. Name the button cmdChange1, and the textbox txtRace.
    Double click cmdChange1, so u bring up the code window start out by writing this.

    Code:
    Private Sub cmdChange1_Click()
        Dim hwnd As Long
        Dim pid As Long
        Dim pHandle As Long    
        Dim hProcess as Long
    
        hwnd = FindWindow(vbNullString, "Progress Quest")
        If (hwnd = 0) Then
            MsgBox "Window not found!"
    	Exit sub
        End If
        GetWindowThreadProcessId hwnd, pid
        pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
        If (pHandle = 0) Then
            MsgBox "Couldn't get a process handle!"
            Exit Sub
        End If
    End Sub
    Ok that part of the code will find Progress Quest's Window and get the proscess's handle, if the window isn't open it will bing up an error.
    Now, for the other part of the code, This will write the new memory to the address, take the address from earlier and plug it in to the code:
    Since my address is 009F98D8, we will do this &H009F98D8, this will chop off the first digits (VB will do this automaticly)

    Input
    Code:
    WriteProcessMemory pHandle, &H009F98D8, txtRace.Text, Len(txtRace.Text), 0&
    Output
    Code:
    WriteProcessMemory pHandle, &H9F98D8, txtRace.Text, Len(txtRace.Text), 0&


    Finished code should look like this :

    Code:
    Private Sub cmdChange1_Click()
        Dim hwnd As Long
        Dim pid As Long
        Dim pHandle As Long
        Dim hProcess as Long
    
        hwnd = FindWindow(vbNullString, "Progress Quest")
        If (hwnd = 0) Then
            MsgBox "Window not found!"
    	Exit sub
        End If
        GetWindowThreadProcessId hwnd, pid
        pHandle = OpenProcess(PROCESS_ALL_ACCESS, False, pid)
        If (pHandle = 0) Then
            MsgBox "Couldn't get a process handle!"
            Exit Sub
        End If
        WriteProcessMemory pHandle, &H9F98D8, txtRace.Text, Len(txtRace.Text), 0&
        CloseHandle hProcess
    End Sub

  2. #2
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,606

    Default

    So is it normal for my computer to crash at random after this tutorial? Maybe the version's, you are 6, I am 8 . I learned my API's anyways :D

  3. #3
    Bee Double You Hacks Senior Member
    Retired Staff Member

    Enlightened
    Zaund's Avatar
    Join Date
    May 2005
    Posts
    2,606

    Default

    yay I got it to work! Praise LCS

  4. #4
    The Sexy Penguin Senior Member
    Retired Staff Member

    Prophet
    LCS's Avatar
    Join Date
    Feb 2005
    Location
    astrotravelin'
    Posts
    7,801

    Default

    Took you 9 months, not bad.

  5. #5

    Default

    Okay, first, hello to all! I am quite new to programming and especially game hacking. So please don't laugh about me ;)

    On my computer VB6 is still installed so I found this posting and tried to do the explained steps.
    For this I downloaded PQ and used the race "Dung Elf". It worked very nice like in the tutorial written. That was very helpful!
    After this I did a Windows XP Pinball Hack on me own to test and it works.

    But I have 2 questions:

    1. What software are you using to find adresses? I tried ArtMoney, like in tutorial, but there was no feature to search for adresses in testversion. So I downloaded "MHS" by L. Spiro and there I found the adresses. It is a good program? How I search for decimal values with this software. Strings I found without any problems but I searched for a number like "123.456" and got no results.

    2. How I can cut off the values. Errm ... to explain what I mean: In the tutorial the code is:
    WriteProcessMemory pHandle, &H9F98D8, txtRace.Text, Len(txtRace.Text), 0&

    When the race is now "Dung Elf" and I change value to "4" there is "4ung Elf" because the written bytes is len(txtRace.text). How I can do it that there are only the "4" or the value I choose?

  6. #6
    Senior Member

    Crusader
    Dyndrilliac's Avatar
    Join Date
    Jun 2005
    Location
    Jacksonville, FL, USA
    Posts
    3,618

    Default

    1. What software are you using to find adresses? I tried ArtMoney, like in tutorial, but there was no feature to search for adresses in testversion. So I downloaded "MHS" by L. Spiro and there I found the adresses. It is a good program? How I search for decimal values with this software. Strings I found without any problems but I searched for a number like "123.456" and got no results.
    Set the search data type to either float (small) or double (large). I prefer MHS.
    The Ultimate Guide Thread
    Quote Originally Posted by Ethernet Networking Bible
    Thou shalt switch where thy can, and route where thy must.

  7. #7

    Default

    Searched with "Data type", set data type to double but it didn't work :-/

    Entered 123.456 i.e. but I think the program is just searching for 123.45 and doesn't find any results ...

  8. #8

    Default

    Quote Originally Posted by Raigor View Post
    Okay, first, hello to all! I am quite new to programming and especially game hacking. So please don't laugh about me ;)

    On my computer VB6 is still installed so I found this posting and tried to do the explained steps.
    For this I downloaded PQ and used the race "Dung Elf". It worked very nice like in the tutorial written. That was very helpful!
    After this I did a Windows XP Pinball Hack on me own to test and it works.

    But I have 2 questions:

    1. What software are you using to find adresses? I tried ArtMoney, like in tutorial, but there was no feature to search for adresses in testversion. So I downloaded "MHS" by L. Spiro and there I found the adresses. It is a good program? How I search for decimal values with this software. Strings I found without any problems but I searched for a number like "123.456" and got no results.

    2. How I can cut off the values. Errm ... to explain what I mean: In the tutorial the code is:
    WriteProcessMemory pHandle, &H9F98D8, txtRace.Text, Len(txtRace.Text), 0&

    When the race is now "Dung Elf" and I change value to "4" there is "4ung Elf" because the written bytes is len(txtRace.text). How I can do it that there are only the "4" or the value I choose?
    Change: WriteProcessMemory pHandle, &H9F98D8, txtRace.Text, Len(txtRace.Text), 0&

    To: WriteProcessMemory pHandle, &H9F98D8, txtRace.Text & vbNullChar, (Len(txtRace.Text) + 1), 0&

    What this does is add the null character breaker after whatever you just wrote to memory allowing the program to identify the end of a string, rather than just writing over data that was previously there and blending the two together if the new string is shorter than the previous string.


  9. #9

    Default

    Okay, thx for your explanation and sample code! I tested it and it works great!
    But it's normal that now the memory value is "Test\0\0\0" ?

  10. #10

    Default

    It should always have a null byte (0x00) after each string written. Otherwise whatever program you are writing data to will treat a continuous line of text as an entire string. The null byte is there to break each string. Depending upon how long your text is, it should only add a null byte after the last character in your string.


  11. #11

    Default question

    uh nice tutorial but regarding DMA.. =( uh any tips..i was trying to find the starcraft 2 minerals etc.. i managed to NOP so u can build and not have deductions or adding i.e. mineral/gas lock .. but how do i change the mineral/gas value..

    i can do easily in cheat engine but addresses alwas change

    and i also looked at a youtube thing on defeating DMA through finding pointers..but still failed to find the pesky mineral pointer

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Gamehacking tutorial
    By NickF in forum Starcraft/Brood War
    Replies: 85
    Last Post: 01-08-2008, 03:37 PM
  2. Hacking in VB
    By cbain93 in forum Starcraft/Brood War
    Replies: 7
    Last Post: 04-22-2005, 05:05 AM
  3. Hacking 101
    By Fish Beans in forum Hacking Tutorials
    Replies: 0
    Last Post: 07-28-2004, 05:00 PM
  4. Hacking Tutorial
    By Titan in forum Starcraft/Brood War
    Replies: 1
    Last Post: 07-08-2004, 06:11 PM

Posting Rules

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •