#include <cstdlib> #include <iostream> #include <windows.h> #include <Tlhelp32.h> using namespace std; #define PATCH(i,w,l) WriteProcessMemory(hProc,reinterpret_cast<LPVOID>(gameBase+i),w,l,&dSize) void patchW3X(); void patchwar25b(HANDLE hProc, DWORD gameBase, DWORD dSize); DWORD GetPIDForProcess(char* process); void EnableDebugPriv(); DWORD GetDLLBase(char* DllName, DWORD tPid); int main(int argc, char *argv[]) { SetConsoleTitle("W3X Basic MH v1 for 1.25b [by DarkSupremo]"); patchW3X(); system("PAUSE"); return EXIT_SUCCESS; } //------------------------------------------------------------------------------------------------------------- void patchW3X() { DWORD PID = 0; puts("-------------------------------------------------------------------------------"); puts("This is a Basic MH for 1.25b designed to who want learn how to code a mh!"); puts("Please, if you will use this code on your project, give me the credits too!"); puts("Program developed by DarkSupremo [www.GarenaMaster.com]"); puts("-------------------------------------------------------------------------------/n"); puts("Searching for Warcraft 3..."); while(FindWindowA("Warcraft III", NULL) == NULL) { Sleep(500); } puts("Searching for Warcraft 3 PID..."); if(GetPIDForProcess("war3.exe") != NULL) PID = GetPIDForProcess("war3.exe"); if(GetPIDForProcess("War3.exe") != NULL) PID = GetPIDForProcess("War3.exe"); puts("Enabling Debug privilege..."); EnableDebugPriv(); puts("Opening Warcraft 3 Process..."); HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, false, PID); if(hProc) { puts("Searching Base Address of Game.dll"); DWORD gameBase = GetDLLBase("Game.dll", PID); DWORD dSize = 0; puts("Patching war3..."); patchwar25b(hProc, gameBase, dSize); } } //------------------------------------------------------------------------------------------------------------- void patchwar25b(HANDLE hProc, DWORD gameBase, DWORD dSize) { //1.25b //Reveal units on Mainmap / Invisibles: Main & Mini puts("/nPatching fallowing features:/n"); //Cam Distance Hack, configured to 2300 puts("- Cam Distance Hack, configured to 2300"); unsigned long oldprotector25b; float realdistance = 2300; // set the distance here! DWORD camAddr = gameBase + 0x93645C; VirtualProtectEx(hProc, (void*)camAddr, 4, PAGE_EXECUTE_READWRITE, &oldprotector25b); PATCH(0x93645C, &realdistance, sizeof(float)); VirtualProtectEx(hProc, (void*)camAddr, 4, oldprotector25b, &oldprotector25b); //Delay reducer, configured to 100ms puts("- Delay reducer, configured to 100ms"); int delayreducer = 100; // set the ms here! PATCH(0x65DC21, &delayreducer, sizeof(int)); PATCH(0x65DC22, "/x00/x00/x00",3); PATCH(0x660CE1, &delayreducer, sizeof(int)); PATCH(0x660CE2, "/x00/x00/x00",3); // Reveal units on Mainmap / Invisibles: Main & Mini puts("- Reveal units on Mainmap / Invisibles: Main & Mini"); PATCH(0x39DE4C,"/x75",1); PATCH(0x3A12C0,"/x90/x90",2); PATCH(0x3A136B,"/x90/x90",2); PATCH(0x35628E, "/x90/x90/x90",3); PATCH(0x361621, "/x3B/xC0/x0F/x85",4); PATCH(0x3997AB, "/x90/x90/x90/x90/x90/x90",6); PATCH(0x3997BE, "/x90/x90/x90/x90/x90/x90/x90/x90/x33/xC0/x40",11); //Remove FOG on Mainmap puts("- Remove FOG on Mainmap"); PATCH(0x74C7E9,"/xB2/x00/x90/x90/x90/x90",6); //Reveal units on Minimap puts("- Reveal units on Minimap "); PATCH(0x36120B,"/xB8/x00",2); //Remove FOG on Minimap puts("- Remove FOG on Minimap"); PATCH(0x3562F5,"/x90/x90",2); //Enable Trade / Resource View puts("- Enable Trade / Resource View"); PATCH(0x34DB72,"/xB8/xC8/x00/x00/x00/x90",6); PATCH(0x34DB7A,"/xB8/x64/x00/x00/x00/x90",6); PATCH(0x35F81A,"/x90/x90",2); //Make units clickable puts("- Make units clickable"); PATCH(0x284F6C,"/x90/x90",2); PATCH(0x284F82,"/xEB",1); //Reveal Illusions puts("- Reveal Illusions"); PATCH(0x28282C,"/x40/xC3",2); //Show Runes puts("- Show Runes"); PATCH(0x3A12AB,"/xEB",1); //Show Skills / Cooldowns puts("- Show Skills / Cooldowns"); PATCH(0x2024AC,"/x90/x90/x90/x90/x90/x90",6); PATCH(0x28DFAE,"/xEB",1); PATCH(0x34F078,"/x90/x90",2); PATCH(0x34F0B8,"/x74/x00",2); //Bypass dota -ah puts("- Bypass dota -ah"); PATCH(0x3C616C,"/xB8/xFF/x00/x00/x00/xEB",6); PATCH(0x3CB642,"/xEB",1); //Ally Hero icon //puts("Ally Hero icon"); //PATCH(0x370990,"/xE8/x3B/x28",3); //PATCH(0x370995,"/x85/xC0",2); // PATCH(0x370998,"/x84",1); // PATCH(0x37099D,"/xEB/xC9/x90/x90/x90/x90",6); //Enemy Hero icon puts("- Enemy Hero icon"); PATCH(0x370990,"/xE8/x3B/x28",3); PATCH(0x370995,"/x85/xC0",2); PATCH(0x370998,"/x85",1); PATCH(0x37099D,"/xEB/xC9/x90/x90/x90/x90",6); //All Hero icon //puts("All Hero icon"); //PATCH(0x370995,"/xEB/x06",2); // PATCH(0x37099D,"/xEB/xC9/x90/x90/x90/x90",6); //Show Pings signal puts("- Show Pings signal"); PATCH(0x43EC66,"/x3B/xC0/x0F/x85/xC0/x00/x00/x00",8); PATCH(0x43EC79,"/x3B/xC0/x0F/x85/xAD/x00/x00/x00",8); //[SAFE MODE] Reveal units on Main Map / Invisibles (Slow Motion) /* puts("- [SAFE MODE] Reveal units on Main Map / Invisibles (Slow Motion)"); PATCH(0x74C7E9,"/x8A/x90/x6C/x7E/xAB/x6F",6); PATCH(0x3562F5,"/x88/x01",2); PATCH(0x39DE4C,"/x74/x62",2); PATCH(0x3A12C0,"/xEB/x09",2); PATCH(0x3A136B,"/x23/xCA",2); PATCH(0x36120B,"/xB8/x01/x00/x00/x00",5); PATCH(0x284F6C,"/x74/x2A",2); PATCH(0x284F82,"/x75",1); PATCH(0x399868,"/xEB",1); /* //Disable ALL /* puts("- Disabling all features...!"); PATCH(0x74C7E9,"/x8A/x90/x6C/x7E/xAB/x6F",6); PATCH(0x3562F5,"/x88/x01",2); PATCH(0x35628E, "/x66/x85/xC0",3); // 6685C0 PATCH(0x361621, "/x85/xC0/x0F/x84",4); // 85C00F84 PATCH(0x3997AB, "/x8B/x97/x98/x01/x00/x00",6); // 8B9798010000 PATCH(0x3997BE, "/x0F/xB7/x00/x55/x50/x56/xE8/xF7/x7B/x00/x00",11); // 0FB700555056E8F77B0000 PATCH(0x39DE4C,"/x74/x62",2); PATCH(0x3A12C0,"/xEB/x09",2); PATCH(0x3A136B,"/x23/xCA",2); PATCH(0x36120B,"/xB8/x01/x00/x00/x00",5); PATCH(0x284F6C,"/x74/x2A",2); PATCH(0x284F82,"/x75",1); PATCH(0x34DB72,"/x8B/x87/x6c/x01/x00/x00",6); PATCH(0x34DB7A,"/x8B/x87/x68/x01/x00/x00",6); PATCH(0x35F81A,"/xEB/x08",2); PATCH(0x3CB642,"/x74",1); PATCH(0x28282C,"/xC3/xCC",2); PATCH(0x399868,"/x74",1); PATCH(0x3A12AB,"/x75",1); PATCH(0x2024AC,"/x0F/x84/x5F/x01/x00/x00",6); PATCH(0x28DFAE,"/x75",1); PATCH(0x34F078,"/x74/x08",2); PATCH(0x34F0B8,"/x74/x08",2); PATCH(0x3C616C,"/x3D/xFF/x00/x00/x00/x76",6); PATCH(0x3CB642,"/x74",1); PATCH(0x43EC66,"/x85",1); PATCH(0x43EC79,"/x85",1); PATCH(0x370990,"/xE8/xFB/x29/x03/x00/x85/xC0/x0F/x84/x8F/x02/x00/x00/x8B/x85/x80/x01/x00/x00",19); */ puts("Done!"); } //------------------------------------------------------------------------------------------------------------- DWORD GetPIDForProcess(char* process) { BOOL working=0; PROCESSENTRY32 lppe= {0}; DWORD targetPid=0; HANDLE hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS ,0); if (hSnapshot) { lppe.dwSize=sizeof(lppe); working=Process32First(hSnapshot,&lppe); while (working) { if(strcmp(lppe.szExeFile,process)==0) { targetPid=lppe.th32ProcessID; break; } working=Process32Next(hSnapshot,&lppe); } } CloseHandle( hSnapshot ); return targetPid; } //------------------------------------------------------------------------------------------------------------- // enable the privilege necessary to patch the process void EnableDebugPriv() { HANDLE hToken; LUID sedebugnameValue; TOKEN_PRIVILEGES tkp; if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken)) puts("Failed to Enable Debug Options!"); if (!LookupPrivilegeValue(NULL, SE_DEBUG_NAME, &sedebugnameValue)) { CloseHandle(hToken); puts("Failed to Enable Debug Options!"); system("PAUSE"); } tkp.PrivilegeCount = 1; tkp.Privileges[0].Luid = sedebugnameValue; tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; if (!AdjustTokenPrivileges(hToken, FALSE, &tkp, sizeof tkp, NULL, NULL)) CloseHandle( hToken ); } //------------------------------------------------------------------------------------------------------------- //Gets the base of our dll DWORD GetDLLBase(char* DllName, DWORD tPid) { HANDLE snapMod; MODULEENTRY32 me32; if (tPid == 0) return 0; snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, tPid); me32.dwSize = sizeof(MODULEENTRY32); if (Module32First(snapMod, &me32)){ do{ if (strcmp(DllName,me32.szModule) == 0){ CloseHandle(snapMod); return (DWORD) me32.modBaseAddr; } }while(Module32Next(snapMod,&me32)); } CloseHandle(snapMod); return 0; }