Search
 
 

Display results as :
 


Rechercher Advanced Search

Latest topics
» ~=?{The future is here, TastyExploit officially open to the public}?=~
Tue Mar 02, 2010 11:00 pm by Dami

» My first aa script
Tue Mar 02, 2010 7:00 am by wafflemaster

» the real story behind Maverin
Tue Mar 02, 2010 1:33 am by SoundOfDeat

» Random spam
Mon Mar 01, 2010 11:52 pm by Danny1994

» [Request] EMS v56 Exe
Mon Mar 01, 2010 12:39 am by Dami

» [Blacklist] NX-Trading Blacklist.
Mon Mar 01, 2010 12:38 am by Danny1994

» I have a question regarding the meso farmer
Sat Feb 27, 2010 10:30 pm by Dami

» What are you listening to now?
Sat Feb 27, 2010 7:57 pm by Noname111111

» Video(s) Of The Day
Sat Feb 27, 2010 7:37 pm by Noname111111

Navigation
 Portal
 Index
 Memberlist
 Profile
 FAQ
 Search
Affiliates
free forum
 



[Tut] How to create a trainer that uses the best of C#/C++

Go down

[Tut] How to create a trainer that uses the best of C#/C++

Post by wafflemaster on Sun Nov 08, 2009 3:16 am

All credits go to El Jeffro of w8baby. I find this very useful when creating trainers, since I can easily make a sick UI (thanks to .NET) and still maintain functionality.

THIS GUIDE ASSUMES YOU KNOW HOW TO CODE AND CAN CREATE YOUR OWN FUNCTION BASED ON A DEscriptION. DO NOT ASK ME TO WRITE THE FUNCTION FOR YOU AS THAT IS MORE WORK FOR ME AND I WILL NOT DO IT

In this tutorial I will show you how to make a trainer that will be both functional and easy to make. To do this I am combining the use of two languages- C# and C++. Although there are many ways to duplicate the effects of the code I have created in this tutorial, I believe this to be a very good way if not the best. Before I begin explaining how to create the desired result I will first explain what it is we will be doing.

We will be using a C++ dll. This gets injected to the target (game) process. This dll will act as the server, and can send and receive streams of bytes from the C# client. We will also be using a C# exe. This exe will act as the client connected to the C++ dll injected into another process. It will show the graphical user interface (GUI) and depending on what control the user interacts with, will send messages in the form of a stream of bytes to the C++ dll. This is managed by an input/output protocol called a “pipe”.
First, the dll must be injected into the game process. A class written by samuri25404 can be found at http://forum.cheatengine.org/viewtopic.php?t=193237.

The code for the dll should include several methods for reading and responding to the messages sent by the exe. The methods I use are included at the bottom (trainermain.cpp)

The second part needed is the C# exe. Create a windows forms application project and add ManagedIPC (included) to the project. You can then use the NamedPipe class I made. Here’s how to do so:

You may have noticed I used
Code:
LPWSTR lpszPipename = TEXT("\\\\.\\pipe\\JTrainer");

in the C++ source. The format for a pipe name must be as the above one, however you can change “JTrainer” to whatever you want to call it for your trainer (and you may want to add a pId string to the end of it in order to support multiple servers, but I won’t explain that in this tutorial.)
You create and initialize the NamedPipe in C# like this:
Code:
NamedPipe trainercomm = new NamedPipe(“\\\\.\\pipe\\JTrainer”); // or whatever you called it

It is a good idea to call trainercomm.isValid(); to check and make sure that the connection exists, otherwise you won’t be able to communicate with your server. If it returns false, reinitialize the variable and keep trying for a few seconds. If you still can’t create the connection, something is wrong. Otherwise, you are ready to define some functions.

Defining functions in C# and C++ are similar. In my example I used a simple format for the stream of bytes being sent to the server from the client. That format is one byte serving as the identifier of the function and a Boolean value saying whether the hack should be on or off. I then defined each identifier like this in C++:

Code:
#define MSG_GOD     0
#define MSG_PKT      1
#define MSG_MOBDIS   2
#define MSG_PNOKB   3
#define MSG_UA      4
#define MSG_REGEN   5
Simple enough. In C#, I defined them

Code:
const byte MSG_GOD     = 0;
        const byte MSG_PKT      = 1;
        const byte MSG_MOBDIS   = 2;
        const byte MSG_PNOKB   = 3;
        const byte MSG_UA      = 4;
        const byte MSG_REGEN    = 5;

Once you have finished defining all the functions you are going to implement you simply need to…well, implement them.

I’m only going to show an example for sending a message to the C++ server from the C# client but it should be straightforward and easy to figure out how to send messages from the C++ server to the C# client (writefile from the server, on the client have a thread calling NamedPipe.Read(); constantly, like the C++ server code).
Here is an example of a simple toggle checkbox:

Code:
byte bytetobool(bool b) // simple method for converting ‘true’ to 1 and ‘false’ to 0
{
 if (b) return 1;
return 0;
}

private void GodmodeCheckbox_CheckChanged(object sender, EventArgs e)
{
  byte[] data = { MSG_GOD, bytetobool(GodmodeCheckbox.Checked) };
  trainercomm.Write(data);
}

That’s basically all, it’s rather simple to figure out I think but if you have questions post them in this thread. I would like to thank Bizarro for helping me with this long ago.

Code:
http://localhostr.com/files/002e22/IPC%20code.rar

Realizing that projects will switch from using easyhack.dll to managedipc.dll, i decided to release the ipc source code, written completely by me.

Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.IO;
using System.Runtime.InteropServices;

/*
 * IPC.cs
 * Author : El Jeffro of w8baby.com forums
 * Interprocess communication wrapper for C# (pipe based)
*/
namespace IPC
{
    class NamedPipe
    {
        private IntPtr m_hPipe;
        private FileStream pipestream;

        public NamedPipe(IntPtr hPipe)
        {
            m_hPipe = hPipe;
            PipeAPI.ConnectNamedPipe(m_hPipe, (IntPtr)0);
            int dwMode = (2 | 1);
            PipeAPI.SetNamedPipeHandleState(m_hPipe, ref dwMode, (IntPtr)0, (IntPtr)0);
            pipestream = new FileStream(m_hPipe, FileAccess.ReadWrite);
        }

        public NamedPipe(string PipeName)
        {
            m_hPipe = PipeAPI.CreateFile(PipeName, 0xC0000000, // GENERIC_READ | GENERIC_WRITE
                0, (IntPtr)0, 3, 0, (IntPtr)0);
            PipeAPI.ConnectNamedPipe(m_hPipe, (IntPtr)null);
            int dwMode = (2 | 1);
            PipeAPI.SetNamedPipeHandleState(m_hPipe, ref dwMode, (IntPtr)0, (IntPtr)0);
            pipestream = new FileStream(m_hPipe, FileAccess.ReadWrite);
        }
        public IntPtr getHandle() { return m_hPipe; }

        public void Write(byte[] data)
        {
            pipestream.Write(data, 0, data.Length);
            pipestream.Flush();
        }
        public int Read(byte[] data, int length)
        {
            return pipestream.Read(data, 0, length);
        }
        public bool isValid() { return (m_hPipe != (IntPtr)(- 1)) && (pipestream != null); }

    }
    #region Pipe WINAPI
    class PipeAPI
    {
        /// <summary>
        /// The CreateFile function creates or opens a file, file stream, directory, physical disk, volume, console buffer, tape drive,
        /// communications resource, mailslot, or named pipe. The function returns a handle that can be used to access an object.
        /// </summary>
        /// <param name="lpFileName"></param>
        /// <param name="dwDesiredAccess"> access to the object, which can be read, write, or both</param>
        /// <param name="dwShareMode">The sharing mode of an object, which can be read, write, both, or none</param>
        /// <param name="SecurityAttributes">A pointer to a SECURITY_ATTRIBUTES structure that determines whether or not the returned handle can
        /// be inherited by child processes. Can be null</param>
        /// <param name="dwCreationDisposition">An action to take on files that exist and do not exist</param>
        /// <param name="dwFlagsAndAttributes">The file attributes and flags. </param>
        /// <param name="hTemplateFile">A handle to a template file with the GENERIC_READ access right. The template file supplies file attributes
        /// and extended attributes for the file that is being created. This parameter can be null</param>
        /// <returns>If the function succeeds, the return value is an open handle to a specified file. If a specified file exists before the function
        /// all and dwCreationDisposition is CREATE_ALWAYS or OPEN_ALWAYS, a call to GetLastError returns ERROR_ALREADY_EXISTS, even when the function
        /// succeeds. If a file does not exist before the call, GetLastError returns 0 (zero).
        /// If the function fails, the return value is INVALID_HANDLE_VALUE. To get extended error information, call GetLastError.
        /// </returns>
        [DllImport("kernel32.dll", CharSet = CharSet.Auto, CallingConvention = CallingConvention.StdCall, SetLastError = true)]
        public static extern IntPtr CreateFile(
              string lpFileName,
              uint dwDesiredAccess,
              uint dwShareMode,
              IntPtr SecurityAttributes,
              uint dwCreationDisposition,
              uint dwFlagsAndAttributes,
              IntPtr hTemplateFile
              );
        [DllImport("kernel32.dll", SetLastError = true)]
        public static extern IntPtr CreateNamedPipe(string lpName, uint dwOpenMode, uint dwPipeMode, uint nMaxInstances, uint nOutBufferSize, uint nInBufferSize, uint nDefaultTimeOut, IntPtr lpSecurityAttributes);

        [DllImport("kernel32.dll")]
        public static extern bool CreatePipe(out IntPtr hReadPipe, out IntPtr hWritePipe, ref SECURITY_ATTRIBUTES lpPipeAttributes, uint nSize);

        [DllImport("kernel32.dll")]
        public static extern bool WriteFile(IntPtr hFile, byte[] lpBuffer,
          uint nNumberOfBytesToWrite, out uint lpNumberOfBytesWritten,
          IntPtr lpOverlapped);

        [DllImport("kernel32.dll")]
        public static extern bool ReadFile(IntPtr hFile, byte[] lpBuffer,
          uint nNumberOfBytesToRead, out uint lpNumberOfBytesRead, IntPtr lpOverlapped);

        [DllImport("Kernel32.dll")]
        public static extern bool SetNamedPipeHandleState(IntPtr hPipe, ref int lpMode, IntPtr lpMaxCollectionCount, IntPtr lpCollectDataTimeout);

        [DllImport("Kernel32.dll")]
        public static extern bool ConnectNamedPipe(IntPtr hPipe, IntPtr lpOverlapped);

        public struct SECURITY_ATTRIBUTES
        {
            public long nLength;
            public long lpSecurityDescriptor;
            public long bInheritHandle;
        }
    }
    #endregion
}

**************************************************
I'll add some more stuff later to make it easier for beginners.

wafflemaster
V.I.P
V.I.P

Posts : 123
Join date : 2009-10-27

Back to top Go down

Re: [Tut] How to create a trainer that uses the best of C#/C++

Post by Dami on Sun Nov 08, 2009 3:55 am

Thanks wafflemaster, i was waiting for to see when is next tutorial posted by someone else than me on general programming section.
avatar
Dami
Dragon
Dragon

Posts : 1414
Join date : 2009-08-10
Age : 28
Location : Finland

Back to top Go down

Re: [Tut] How to create a trainer that uses the best of C#/C++

Post by SoundOfDeat on Mon Nov 09, 2009 12:04 am

Nice tut, very usefull Cool
avatar
SoundOfDeat
Silver Member
Silver Member

Posts : 397
Join date : 2009-11-08
Age : 24
Location : Loging in....

http://damiproductions.darkbb.com

Back to top Go down

Re: [Tut] How to create a trainer that uses the best of C#/C++

Post by Sponsored content


Sponsored content


Back to top Go down

Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum