Home > Others

Warcraft maphack is actually very simple

Source: Internet
Author: User
Developer on Alibaba Coud: Build your first app with APIs, SDKs, and tutorials on the Alibaba Cloud. Read more >

Sorry, there is no such title. It's just a pure title. I hope to understand it...

I wrote this article to sort out the results of maphack and lancraft these days.

I have read the previous articles about maphack and found that maphack is really simple. Just a few functions, enabledebugpriv (), then findwindow (), OpenProcess (), then we need to modify writeprocessmemory (). What is difficult? But it's hard to enable the memory address of some options! As described by our predecessors, CE is used to find them one by one. I want to say that everyone will cry. (Those predecessors who are the first maphack can only express their admiration )......

Speaking of this, I have to shout again "trigger to shadow French". The Open Source spirit of foreigners is really not true. Although the MH of shadow French is not directly open-source, however, the programs released by people are naked, unencrypted, and still use native encoding. Unlike those experts in China, they have added several shells ~ Of course, people's copyright!

Sorry, I am confused. For the vbprogram of native code, use smart check to track and you will find the world so beautiful!

Visual BASIC program debugger smartcheck http://www.pediy.com/tools/Debuggers.htm

The onclick event bool writeprocessmemory (
Handle hprocess,
Lpvoid lpbaseaddress,
Lpvoid lpbuffer,
DWORD nsize,
Lpdword lpnumberofbyteswritten
);
Let's take a look at the C language prototype of this operation.
  1.  ByteData [] = {0xbf, 0x0f, 0x00 };
  2.  BoolSuccess = writeprocessmemory (hopen ,(Lpvoid) 0x6f2a3b92, & Data, 3, null );

The content in lpbuffer is crucial. To find the content in 0x0013f2a0, only useOllydbgNow

Ollydbg DebuggerOllydbg [2008.1.1] http://www.pediy.com/tools/Debuggers.htm From the window on the right of smart check, you can find the offset address of writeprocessmemory (hprocess: 000006b4, DWORD: 6f406b30, PTR: 0013f2a0, DWORD: 00000001, PTR: 0013f29c) for ipvf609. OllydbgOpen maphack, and find 0040f609. If you do not want to debug it, the content of lpbuffer will come out... 0040f5dd. 8b4d 0C mov ECx, dword ptr [EBP + C]
0040f5e0. 8d95 2 cffffff Lea edX, dword ptr [ebp-D4]
0040f5e6. 52 push edX
0040f5e7. 8d85 30 ffffff Lea eax, dword ptr [ebp-D0]
0040f5ed. 8b51 08 mov edX, dword ptr [ECx + 8]
0040f5f0. 6a 01 Push 1
0040f5f2. 50 push eax
0040f5f3. 52 push edX
0040f5f4. 56 push ESI
0040f5f5. c785 2 cffffff 00000000 mov dword ptr [ebp-D4], 0
0040f5ff. c785 30 ffffff 74000000 mov dword ptr [ebp-D0], 74
0040f609. E8 a23cffff call 004032b0mov dword ptr [ebp-D0], 74 lpbuffer points to the content is 0x74 and then based on the gourd painting, to find out all the addresses is not difficult! Here are the addresses of some features required by the samples I have written in MH. //////////////////////////////////////// ///////////////// <Br/> // open and press Ctrl to give money <br/> byte val = 0 x 40; <br/> int LRET = writeprocessmemory (hopen, lpvoid (0x6f0000b35), & Val, 1, 0); <br/> val = 0xb8; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f0000b36), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f0000b37 ), & num_dclick, 4, 0 ); <br/> //////////////////////////////////// /////////////////////// //////////< Br/> // open and click "give money" <br/> val = 0x40; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f0000b3d), & Val, 1, 0); <br/> val = 0xb8; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f0000b3e), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f0000b3f ), & num_click, 4, 0 ); <br/> //////////////////////////////////// /// // <br />// hide the Map <br/> val = 0x39; <br/> LRET = wri Teprocessmemory (hopen, lpvoid (0x6f1494e0), & Val, 1, 0); <br/> val = 0x85; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f1494e3), & Val, 1, 0 ); <br/> //////////////////////////////////// /// // <br // map to view stealth <br/> val = 0x90; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f17d4e8), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f17d4e9 ), & Val, 1, 0); <br/> L Ret = writeprocessmemory (hopen, lpvoid (0x6f17d4ea), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f17d4eb), & Val, 1, 0); <br/> val = 0xb8; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f17d4ec), & Val, 1, 0 ); <br/> val = 0x1; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f17d4ed), & Val, 1, 0 ); <br/> val = 0x0; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f17d4ee), & Val, 1, 0); <br/> LRE T = writeprocessmemory (hopen, lpvoid (0x6f17d4ef), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f17d4f0), & Val, 1, 0 ); <br/> //////////////////////////////////// /// // <br/> // Display Unit ??? <Br/> val = 0x66; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f2a08b1), & Val, 1, 0 ); <br/> val = 0xbf; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f2a08b2), & Val, 1, 0); <br/> val = 0xf; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f2a08b3), & Val, 1, 0); <br/> val = 0x0; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f2a08b4), & Val, 1, 0 ); <br/> //////////////////////////////////// /// // <br/> // View character skills <br/> val = 0x90; <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f12dc1a), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f12dc1b ), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f12dc5a), & Val, 1, 0 ); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f12dc5b), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f5573fe ), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f5573ff), & Val, 1, 0 ); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f557400), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f557401 ), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f557402), & Val, 1, 0 ); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f557403), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f54c0bf ), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f54c0c0), & Val, 1, 0 ); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f54c0c1), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f54c0c2 ), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f54c0c3), & Val, 1, 0 ); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f54c0c4), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f55e15c ), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f55e15d), & Val, 1, 0 ); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f4a11a1), & Val, 1, 0); <br/> LRET = writeprocessmemory (hopen, lpvoid (0x6f4a11a0 ), & Val, 1, 0 ); <br/> //////////////////////////////////// ////////////////////////////////// The example maphack I wrote is attached. I only added some features to facilitate the use of Xianzhi Xiaodao. (prepare and add the analog buttons. Haha, my ghost will be invincible !), It was easy to give money in the early days. This was my initial motivation to write MH. The 10 yuan and 10 yuan were too troublesome, and my hands hurt! The online cross-network segment function is also added (the principle is shown in the next blog), =! Program writing is messy, laugh... http://download.csdn.net/source/1819854

This article is an English version of an article which is originally in the Chinese language on aliyun.com and is provided for information purposes only. This website makes no representation or warranty of any kind, either expressed or implied, as to the accuracy, completeness ownership or reliability of the article or any translations thereof. If you have any concerns or complaints relating to the article, please send an email, providing a detailed description of the concern or complaint, to info-contact@alibabacloud.com. A staff member will contact you within 5 working days. Once verified, infringing content will be removed immediately.

Related Keywords:
websites actually pay what is simple machines forum actually trying to function warcraft expansion warcraft elves warcraft ebook blizzard warcraft

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

What's Trending
Top 10 Tags
datastax versions naming convention zookeeper client class definition md5 microsoft sql server 2005 data structures exception handling error handling
Top 10 Keywords
microsoft download center down wordpress address url site address url wordpress address url windows installer 4 0 download 302 not found web address url definition site address url wordpress db2 integer mac os installation step by step pdf abbreviation for return

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

Get Started for Free

  • Sales Support

    1 on 1 presale consultation

    Chat Contact Sales

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

    Open a Ticket

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.

    Learn More