The tutorial for creating maphack in Warcraft 3 is transferred from the fruit Forest
Http://alzzl.spaces.live.com/blog/cns! C1ff77e000059705d! 274. Entry? WA = wsignin1.0 & sa= 564164344
Sorry, I will try againArticlePlease forgive me for disturbing me...
This article references chaotic's howto create a basic maphack,
The original Article address is as follows. ========================================================== ======= Body:
Software Version:
Warcraft competition. 20e
Cheatengine: 5.3
Windows XP
Visualbasic6.0
Preparation for preparing MH:
-Game modifier, cheatengine (http://www.cheatengine.org/) is recommended /)
-Basic assembly language knowledge
-Basic game modification knowledge
-Basic Programming capabilities
-Run "Warcraft 3" in window mode (with the-window parameter added)
-> Create a shortcut for it, right-click it, select "properties", and add "-window" at the end of the "target" box"
The first part is about how map fog works.
After testing, the principle of the map fog in Warcraft 3 is as follows:
When the hostile unit is visible, the value is 1.
When the hostile unit is invisible, the value is 0.
The following sections search for memory addresses based on this.
Part 2 search for memory addresses
= Start the game in window mode and select a soldier to the vicinity of the wild monster. Then the wild monster can be seen because it is within the field of view.
When logging on to the kernel, select the 3rd thread war3.exe, set the value to 1, and the value type to byte. Click first scan to start searching.
= After the search is complete, switch to wc3, open the soldier so that the wild monster is invisible, return ce, change the value to 0, and click Next scan.
= After the search is complete, return to the game and move the soldier to make the wild monster visible. Return ce and search for 1
= In this way, you can get more than 10 addresses and lock them to 1 in sequence to test whether the address is the one we are looking.
= My value is 09c15ce2 this time, and the value of my locked address is 1. When I switch to the game, I will see that the wild monster is constantly flashing.
= After finding the address, you can trace it. Ce has this function very conveniently!
= Cancel the Lock of this address. Right-click this address and select find out what reads from this address in the pop-up menu.
= Now we can see that Ce helped us find this sentence 6f2a08b1-668b3c41-mov Di, [ECx + eax * 2].
= Click Show disassembler to view the Assembly near it. Code Double-click this sentence to change to mov Di, 01
= Ha, all the wild monsters on the map are visible!
= At this point, the most simple preparation for MH is complete, although only hostile units can be seen on the main map (RPG maps do not seem to be displayed normally ), it can only be used for the Warcraft version you used during production, but I believe that after reading this article, you will be able to make a more perfect MH.
MoV Di, [ECx + eax * 2]
Movzx ESI, word PTR [ESI + EDX * 2]
Part 3 write code
Since I don't know C, I have to translate the chaotic code and write it in VB.
The general idea is as follows:
1. Obtain the process Number Of Warcraft 3.
2. Upgrade Your debug permission (otherwise, writeprocessmemory cannot be used ).
3. Rewrite the IP address of the Warcraft process. The final result is as follows:
The specific code is not pasted. You can download it by yourself. Because I use the 1.20e search address, other versions need to find the corresponding address based on the tutorial.
The fruit forest is written in VB.Source code
Http://user.iriverchina.com/3470/WC3MaphackDEMO.rar
