Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» ~=?{The future is here, TastyExploit officially open to the public}?=~
Tue Mar 02, 2010 11:00 pm by Dami

» My first aa script
Tue Mar 02, 2010 7:00 am by wafflemaster

» the real story behind Maverin
Tue Mar 02, 2010 1:33 am by SoundOfDeat

» Random spam
Mon Mar 01, 2010 11:52 pm by Danny1994

» [Request] EMS v56 Exe
Mon Mar 01, 2010 12:39 am by Dami

» [Blacklist] NX-Trading Blacklist.
Mon Mar 01, 2010 12:38 am by Danny1994

» I have a question regarding the meso farmer
Sat Feb 27, 2010 10:30 pm by Dami

» What are you listening to now?
Sat Feb 27, 2010 7:57 pm by Noname111111

» Video(s) Of The Day
Sat Feb 27, 2010 7:37 pm by Noname111111

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
Affiliates
free forum
 



[C++] Coding your own MS AC[DLL + EXE]

Go down

[C++] Coding your own MS AC[DLL + EXE]

Post by Dami on Fri Oct 30, 2009 4:16 am

By WafflesFTW

This tutorial assumes you have a basic understanding of how to code a basic program in C++ and attempts to bring you to the level to code a bot. When you master the techniques here, coding an actual bot will be a piece of cake. Simply create different threads for each bot function and make those spam particular keys. (z for autoloot, etc). I've included the source code for both a DLL version and a EXE version at the bottom of this file, so you can get a better understanding of how both work. I won't explain the DLL one, because it really isn't much different and you aren't making use of the benefits of the DLL. The comments within the code should be sufficient.


Basically, DL Microsoft Visual C++ 2008 express edition. Create a New Win32 Project, Empty, and place resource.h in headers, resource.rc in resources, and main.cpp in c plus plus files.

Well where to start?
I find that the resource file is the easiest to make first. I make them using a program called "ResEdit" but for the sake of this tutorial, simply use the source code I have provided as it will simply matters and is beyond the scope of the tutorial.


Code:
//
// Dialog resources
//
LANGUAGE LANG_ENGLISH, SUBLANG_DEFAULT
IDD_DIALOG1 DIALOGEX 0, 0, 191, 208
STYLE DS_3DLOOK | DS_CENTER | DS_MODALFRAME | DS_SHELLFONT | WS_VISIBLE | WS_BORDER | WS_CAPTION | WS_DLGFRAME | WS_POPUP | WS_SYSMENU
CAPTION "WaffleTrainer"
FONT 8, "Ms Shell Dlg 2", 400, 0, 1
BEGIN
    AUTOCHECKBOX    "Auto Click(F8)", AutoClick, 11, 157, 70, 14
END

Now we shall create the resource.h file.
What this does is simply inform the compiler of the values of certain things held inside the Dialog Resource file. Again, this is beyond the scope of this tutorial so just copy paste this code.
Code:
#include "resource.h"
#include <windows.h>
#include <commctrl.h>
#include <richedit.h>
//
#ifndef IDC_STATIC
#define IDC_STATIC (-1)
#endif

#define IDD_DIALOG1                            100
#define AutoClick                              1003
Now, to the actual program. The resource scripts simply create the GUI in a Win32 C++ program using dialogs. I find dialogs are simpler to use and teach than actual windows as windows are much more complicated and are not necessary unless creating higher, market level application.

The first thing we shall add will be the include files. These files contain function information along with API information that we will use throughout the program.
Code:
#include "windows.h"
#include "resource.h"
#include "stdio.h"
Notice the "resources.h" file. This lets our cpp file know about the resource we have created.


Now the first part of actual code. When Windows interacts with a program, there are two main things that occur. There is your execution code which is held inside the windows function "WinMain" and there are also messages which get sent to your program in case an event like a mouse click occurs. These messages are processed within the programs "WindowProc", or within dialogs in a "DialogProc" function.

The first part of the code that we shall work on is the WinMain function, or the instructions that directly get executed when the program is started.
Code:
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
    LPSTR lpCmdLine, int nCmdShow)
This is the basic function type and arguments given to a WinMain function. The type is not so much important right now, but the "WINAPI" modifier is simply another term (or typedef) of "_stdcall." I wouldn't worry about this now, but simply assume that this modifier tells the compiler that this program function will interact with windows. The parameters to the function are simple. HINSTANCE simply tells us which instance the program is. It is a Handle to the INSTANCE of the program. The previnstance parameter is obsolete so do not worry about that one. lpCmdLine/nCmdShow are very useful but are not relavent to this tut as of yet, so don't worry about those as well.


Next, inside the function, we have to tell windows what to do when the program is called.

Inside the function we are going to define a variable of type MSG. The MSG struct contains information that will be bombarded to our programs and we need a way to process that information. Hence we shall create a variable of type MSG and make it go to our message processing code.
This can be accomplished with:

Code:
MSG msg;
while(GetMessage(&msg, 0, 0, 0) == TRUE)
    {
      TranslateMessage(&msg);
      DispatchMessage(&msg);
    }
Now that we have the basic bones of our program set up, we can start to create the important stuff within it. The first priority on our list is to create the Dialog, which is the GUI, of the program so people can see it and interact with it. This is accomplished via the API, CreateDialog.
Code:
hWnd = CreateDialog(
      hInstance,
      MAKEINTRESOURCE(IDD_DIALOG1),
      0,
      (DLGPROC)DialogProc
      );
Now for the explanation. hWnd, is a variable which has the Handle to the WiNDow of the GUI. It basically gives us a way to interact with this window. Since we need to access our window OUTSIDE of the WinMain function, it is necessary to declare hWnd as a global variable outside the scope of WinMain. This is accomplished by:
HWND hWnd; //Place it right underneath the includes.

Now to explain the parameters of the function. To find more API information go to www.msdn.com. hInstance, as before, simply tells the function for which version of the program to make the window for, in the case the program is executed multiple times. The second parameter is an integer value representing the value of the dialog we created. Remember resource.h? Well IDD_DIALOG1's value there is the next argument, since the API needs to know which dialog to load. We can make this constant into an integer by using the MAKEINTRESOURCE macro, which essentially puts that number in that spot. Do not worry about the third parameter. The fourth parameters simply names the function that we are going to use to process the messages bombarded on this program. We typecast the function to type(DLGPROC) before hand so the compiler knows it’s a valid function.

Now we have created the GUI. Phew, what an amount of work. Next, we will register the hotkey for the autoclicker to use.

RegisterHotKey(hWnd, 76, NULL, VK_F8);

Again, RegisterHotKey needs to know which window to register it to(hWnd), a unique identifier seperating it from other hotkeys(76), and the key to be registered(VK_F8). For more information on the arguments check out MSDN.

Finally, we need to know where Maplestory is in order for us to send input to it. This is accomplished using the API FindWindow.
Code:
hFindWindowLoop = CreateThread(NULL,
      0,
      FindWindowLoopFunction,
      MSHWND,
      0,
      &FindWindowLoopThreadID
      );

What is a thread? Think of creating a thread as making another string of execution. Its basically like starting another program that will go on, except that the program has access to the original's memory. This basically creates a thread whose string of execution will be accessed by the function called FindWindowLoopFunction. Again for more info on the API, look it up on MSDN. The 4th argument is simply a parameter to the function. In this case we need to know the handle to the window of MS which we shall term MSHWND.

So, lets take a step back for a moment and admire our handiwork so far.

Code:
#include "windows.h"
#include "resource.h"
#include "stdio.h"
HWND hWnd;
HWND MSHWND = NULL;

//Main Windows Loop Function
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
    LPSTR lpCmdLine, int nCmdShow)
{
   MSG msg;
   
   //Create the GUI
   hWnd = CreateDialog(
      hInstance,
      MAKEINTRESOURCE(IDD_DIALOG1),
      0,
      (DLGPROC)DialogProc
      );
   //Register Hotkeys

   
   RegisterHotKey(hWnd, 76, NULL, VK_F8)
         
   //Get the hWnd of MapleStory
   hFindWindowLoop = CreateThread(NULL,
      0,
      FindWindowLoopFunction,
      MSHWND,
      0,
      &FindWindowLoopThreadID
      );
   
   //Message Loop
   while(GetMessage(&msg, 0, 0, 0) == TRUE)
    {
      TranslateMessage(&msg);
      DispatchMessage(&msg);
    }


  return static_cast<int>(msg.wParam); //Tells the progrma to close.
}

Alright, no more daydreaming. Now we have to create the function which will tell us what the handle to MS's window is.
Code:
DWORD WINAPI FindWindowLoopFunction(LPVOID lpParam){
  while(!MShWnd)
      MShWnd = FindWindow(L"MapleStoryClass", L"MapleStory");
  return 0;
}

Again, don't worry about the type for now. Don't worry about the parameter either. What this does, is tells us the HWND of Maplestory. While the MSHWND is unknown(MS hasn't been executed), keep on using the FindWindow API to get the Handle to the WiNDow of MapleStory. It terminates after maplestory has been executed and the handle can be found. Again, MSDN is your friend if you want to look deeper on this API (FindWindow). My project is made using Unicode, hence the L before the quotes.

Alright, so the basic foundation has been set. Now its time to actually process the messages sent to the program. Since we made DialogProc the function to process messages, we shall define that function now.

LRESULT WINAPI DialogProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)

The arguments to the function are simply the components of the message. The message is the thing that is sent when some thing occurs and WPARAM and LPARAM hold certain information about the message. This will become clear as we progress.

Code:
switch(message)
   {
   case WM_COMMAND:
      {
      switch(HIWORD(wParam))
      {
      case BN_CLICKED:
         switch(LOWORD(wParam))
         {
         case AutoClick:
            if (IsDlgButtonChecked(hWnd, AutoClick) == BST_CHECKED)
               hAutoClickFunctionOn = CreateThread(NULL, 0, AutoClickFunction, NULL, 0, &AutoClickFunctionOnID);      
            if(IsDlgButtonChecked(hWnd, AutoClick) == BST_UNCHECKED && hAutoClickFunctionOn != FALSE)
               AutoClickOnOff = FALSE;
            return TRUE;
         default:
            return FALSE;
         }   
      default:
         return FALSE;         
      }
      return FALSE;
      }

   //Processing Hotkey Presses
   case WM_HOTKEY:      
      switch(wParam)
      {
      case 76:
         {
            if(SendDlgItemMessage(hWnd, AutoClick, BM_GETSTATE, 0, 0) == BST_CHECKED)
            {
               SendDlgItemMessage(hWnd, AutoClick, BM_SETCHECK, BST_UNCHECKED, 0);
               AutoClickOnOff = FALSE;
            }
            else
            {
               SendDlgItemMessage(hWnd, AutoClick, BM_SETCHECK, BST_CHECKED, 0);
               hAutoClickFunctionOn = CreateThread(NULL, 0, AutoClickFunction, NULL, 0, &AutoClickFunctionOnID);   
            }
         }
         return TRUE;
      }
      return FALSE;

   case WM_DESTROY:
      {
        PostQuitMessage(0);
        return TRUE;
      }
   
   case WM_CLOSE:
      {
        DestroyWindow (hWnd);
        return TRUE;
      }
   default:
      return FALSE;
   }
Alright, time to dissect this monstrocity. Whenever something is clicked, the WM_COMMAND message is sent to the program. The Higher "word" of this messages's wParam tells us what specifically happened. This would contain the value specified by BN_CLICKED if a checkbox was clicked. Now we have to find out which checkbox is clicked. This is stored in the Lower "word" of the wParam. If our AutoClick Checkbox was clicked, that means we gotta start or stop clicking.

if (IsDlgButtonChecked(hWnd, AutoClick) == BST_CHECKED)
This basically asks the checkbox if it is checked. If it is, then we shall create a new thread in order to process auto clicks. This is accomplished via
hAutoClickFunctionOn = CreateThread(NULL, 0, AutoClickFunction, NULL, 0, &AutoClickFunctionOnID);

If it isn't, we gotta turn the damn thing off. Just follow me on this one. This can be accomplished with:
AutoClickOnOff = FALSE;

The WM_HOTKEY command does pretty much the same thing, but processes hotkeys. I don't feel like going into it now, but if you followed along before, it should be just as clear. Just use MSDN and common sense.

Now the moment you all have been waiting for. Making the clicks happen.

Well we want this to happen within the AutoClickFunction that we had specified with CreateThread.
Code:
DWORD WINAPI AutoClickFunction(LPVOID lpParam)
{
   AutoClickOnOff = TRUE;
   POINT CursorCoords;   
   while(AutoClickOnOff == TRUE)   
   {
      GetCursorPos(&CursorCoords);
           PostMessageX(MSHWND, WM_LBUTTONDBLCLK, MK_LBUTTON,             MAKELPARAM(CursorCoords.x, CursorCoords.y));
      Sleep(10);
           PostMessageX(MSHWND, WM_LBUTTONUP, MK_LBUTTON,                MAKELPARAM(CursorCoords.x, CursorCoords.y));
      Sleep(10);
   }
   return 0;
}

Basically, what this does, is makes the AutoClick variable true. We then define a variable of type POINT. This is necessary due to the API GetCursorPos. What GetCursorPos does is takes the address of a variable and puts the current position of the mouse into it. The x value is stored within the struct as x and the y value as y. Next we create a loop; while we want the loop on(AutoClickOnOff) is equal to true, we are gonna click. Now you know why we set it to false when we don't want it to click. Next we get the position of the cursor. Then we spam maplestory's message loop with messages of our own. Our messages read, left mouse click and left mouse up. For more info on this, look up the API PostMessage. The X simply indicates a different function. We need a different function because the original is hooked by gameguard, or for our sakes, doesn't work/is detected. How do we bypass this? Well GG's hook is placed on the first 5 bytes of the API. Its called "jmp GGhookfunction" That takes up five bytes. Well what we have to do is rewrite those bytes so that GG can't redirect the function. Hence:
Code:
BOOL WINAPI PostMessageX(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam);


DWORD dwPostMessage = (DWORD)GetProcAddress( GetModuleHandle( L"user32.dll" ), "PostMessageA" ) + 5;

__declspec(naked) BOOL WINAPI PostMessageX(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
{
  __asm{
      push ebp
      mov  ebp, esp
      jmp dwPostMessage
  };
};

The first line is simply a function declaration. The second line simply gets the address of the function PostMessage and then finds the address of the function after the "jmp GGHook" and stores that into the variable dwPostMessage. Next, we create a function, our own, with exactly the same arguments called PostMessageX. Inside this function we rewrite the five bytes that GG rewrote with its jump to prevent it from crashing, and then jump to the part of the API outside GG's jump. I might explain this better at a later date.

And there we have it. We are done!

Final source code:

Code:
#include "windows.h"
#include "resource.h"
#include "stdio.h"
//Variables
HWND hWnd;
HWND MSHWND = NULL;
DWORD FindWindowLoopThreadID;
DWORD AutoClickFunctionOnID;
HANDLE hMainWindowThreadProc;
HANDLE hFindWindowLoop;
BOOL AutoClickOnOff;
HANDLE hAutoClickFunctionOn = FALSE;

//Prototypes
BOOL WINAPI PostMessageX(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam);
DWORD dwPostMessage = (DWORD)GetProcAddress( GetModuleHandle( L"user32.dll" ), "PostMessageA" ) + 5;
DWORD WINAPI MainWindowThreadProc(LPVOID lpParam);
DWORD WINAPI FindWindowLoopFunction(LPVOID lpParam);
DWORD WINAPI AutoClickFunction(LPVOID lpParam);
LRESULT WINAPI DialogProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam);

//Main Windows Loop Function
int WINAPI WinMain(HINSTANCE hInstance, HINSTANCE hPrevInstance,
    LPSTR lpCmdLine, int nCmdShow)
{
   MSG msg;
   
   //Create the GUI
   hWnd = CreateDialog(
      hInstance,
      MAKEINTRESOURCE(IDD_DIALOG1),
      0,
      (DLGPROC)DialogProc
      );
   //Register Hotkeys

   
   RegisterHotKey(hWnd, 76, NULL, VK_F8);
         
   //Get the hWnd of MapleStory
   hFindWindowLoop = CreateThread(NULL,
      0,
      FindWindowLoopFunction,
      MSHWND,
      0,
      &FindWindowLoopThreadID
      );
   
   //Message Loop
   while(GetMessage(&msg, 0, 0, 0) == TRUE)
    {
      TranslateMessage(&msg);
      DispatchMessage(&msg);
    }


  return static_cast<int>(msg.wParam); //Tells the progrma to close.
}
LRESULT WINAPI DialogProc(HWND hWnd, UINT message, WPARAM wParam, LPARAM lParam)
{
switch(message)
   {
   case WM_COMMAND:
      {
      switch(HIWORD(wParam))
      {
      case BN_CLICKED:
         switch(LOWORD(wParam))
         {
         case AutoClick:
            if (IsDlgButtonChecked(hWnd, AutoClick) == BST_CHECKED)
               hAutoClickFunctionOn = CreateThread(NULL, 0, AutoClickFunction, NULL, 0, &AutoClickFunctionOnID);      
            if(IsDlgButtonChecked(hWnd, AutoClick) == BST_UNCHECKED && hAutoClickFunctionOn != FALSE)
               AutoClickOnOff = FALSE;
            return TRUE;
         default:
            return FALSE;
         }   
      default:
         return FALSE;         
      }
      return FALSE;
      }

   //Processing Hotkey Presses
   case WM_HOTKEY:      
      switch(wParam)
      {
      case 76:
         {
            if(SendDlgItemMessage(hWnd, AutoClick, BM_GETSTATE, 0, 0) == BST_CHECKED)
            {
               SendDlgItemMessage(hWnd, AutoClick, BM_SETCHECK, BST_UNCHECKED, 0);
               AutoClickOnOff = FALSE;
            }
            else
            {
               SendDlgItemMessage(hWnd, AutoClick, BM_SETCHECK, BST_CHECKED, 0);
               hAutoClickFunctionOn = CreateThread(NULL, 0, AutoClickFunction, NULL, 0, &AutoClickFunctionOnID);   
            }
         }
         return TRUE;
      }
      return FALSE;

   case WM_DESTROY:
      {
        PostQuitMessage(0);
        return TRUE;
      }
   
   case WM_CLOSE:
      {
        DestroyWindow (hWnd);
        return TRUE;
      }
   default:
      return FALSE;
   }
}

DWORD WINAPI FindWindowLoopFunction(LPVOID lpParam){
   while(!MSHWND)
      MSHWND = FindWindow(L"MapleStoryClass", L"MapleStory");
   MessageBox(0, L"Found", L"Found", MB_OK);
   return 0;
}

__declspec(naked) BOOL WINAPI PostMessageX(HWND hWnd, UINT Msg, WPARAM wParam, LPARAM lParam)
{
  __asm{
      push ebp
      mov  ebp, esp
      jmp dwPostMessage
  };
}
DWORD WINAPI AutoClickFunction(LPVOID lpParam)
{
   AutoClickOnOff = TRUE;
   POINT CursorCoords;   
   if(GetCursorPos(&CursorCoords) != 0)
   while(AutoClickOnOff == TRUE)   
   {
      GetCursorPos(&CursorCoords);
        PostMessageX(MSHWND, WM_LBUTTONDBLCLK, MK_LBUTTON, MAKELPARAM(CursorCoords.x, CursorCoords.y));
      Sleep(10);
        PostMessageX(MSHWND, WM_LBUTTONUP, MK_LBUTTON, MAKELPARAM(CursorCoords.x, CursorCoords.y));
      Sleep(10);
   }
   return 0;
}

It took me a while to make this so no hate please. If you have questions, post them or look them up at MSDN.

Source code link: megaupload.com RUXBLBJ3
DLL Source code link: megaupload.com U6CFYPQ9
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 29
Location : Finland

Back to top Go down

Back to top

- Similar topics
» Coding

 
Permissions in this forum:
You cannot reply to topics in this forum