Well I am going to give you an easy tutorial on a wall Cheat. Im using ET for an example.
Introduction:
This is probably the easiest way of creating a wallhack for ET. The coding part is very simple, but before creating the code we need to find some stuff with OllyDbg.
I'm not going to explain much about the theory, only showing the method what I'm using to create a simple wallhack. =)
Tools:
-OllyDbg
-Microsoft Visual C++
Step 1. - Finding the wallhack offsets
-Start ET.exe, choose your favorite mod and join a non-PB server. I chose ETpro 3.2.6 for this tutorial.
-Attach OllyDbg to ET.exe (File -> Attach)
-Choose cgame_mp_x86.dll from Executable modules (View -> Executable modules -> double click on cgame_mp_x86.dll)
-Now we need to locate the CG_PLAYER offset, if you don't know how to do it by yourself, choose from this list:
etpro 3.2.6 - 0x7EA20
etmain 2.55 - 0x45BB0
etmain 2.56 - 0x45D00
etmain 2.60 - 0x46C80
jaymod 2.1.7 - 0x60510
jaymod 2.1.6 - 0x5BB30
jaymod 2.1.5 - 0x4B5B0
jaymod 2.1.4 - 0x4B440
jaymod 2.1.3 - 0x4B4A0
jaymod 2.1.2 - 0x4A970
jaymod 2.1.1 - 0x592C0
jaymod 2.0.6 - 0x51EDC
jaymod 2.0.5 - 0x51EDC
jaymod 2.0.4 - 0x51F0C
jaymod 2.0.3 - 0x4D350
jaymod 2.0.2 - 0x4D350
jaymod 2.0.1 - 0x4D350
noquarter 1.1.1 - 0x59F70
noquarter 1.1.0 - 0x59ED0
noquarter 1.0.4 - 0x758D0
noquarter 1.0.2 - 0x50300
tce 0.49b - 0x54250
tce 0.49 - 0x2F1A0
tce 0.48 - 0x2D0B0
-Now use ctrl+G to jump in CG_PLAYER location (3007EA20)
You should see something like this (etpro 3.2.6):
-Now keep scrolling down as long you see OR ESI. It can take a while, but just keep looking carefully at the window and you'll find it.
-We found it. Here's screenshot:
-So there are actually 2 OR ESI's which we need to modify. First open notepad.exe and copy/paste the lines there. (Green lines in the image above). We are going to need them in our code later.
-Now change the last number from them both to 8. (= RF_DEPTHHACK)
...
-After you have modified them, copy/paste the lines in notepad again.
-Good, now we have enough information to create a wallhack which can be enabled/disabled.
Original:
offset: 3007EE83, bytes: 83, CE, 20
offset: 3007EEDB, bytes 83, CE, 21
Modified:
offset: 3007EE83, bytes: 83 CE 28
offset: 3007EEDB, bytes: 83 CE 28
Step 2. - Creating the Code
-Well, actually I explained everything needed in the code with comment lines. So here's the code:
- Code:
-
//
//Enemy Territory Mod Specific Wallhack Tutorial
//(c) ///Famous 2009
//
#include <windows.h>
HANDLE ET = GetCurrentProcess(); //Get the process where we make the modifications
/* The data which we are going to write in the process. */
BYTE wallhack_on[] = {0x83, 0xCE, 0x28}; //Bytes with the wallhack effect
BYTE wallhack1_off[] = {0x83, 0xCE, 0x20}; //Original bytes at offset 3007EE83
BYTE wallhack2_off[] = {0x83, 0xCE, 0x21}; //Original bytes at offset 3007EEDB
/* Wallhack thread*/
void Wallhack()
{
for(;; Sleep(50)) //Little delay in key presses
{
if(GetAsyncKeyState(VK_F12)) //On F12 key press, the wallhack goes ON
{
WriteProcessMemory(ET, (void*)0x3007EE83, &wallhack_on, 3, 0); //Function to write the data
WriteProcessMemory(ET, (void*)0x3007EEDB, &wallhack_on, 3, 0); //Function to write the data
}
if(GetAsyncKeyState(VK_F11)) //On F11 key press, the wallhack goes OFF
{
WriteProcessMemory(ET, (void*)0x3007EE83, &wallhack1_off, 3, 0); //Function to write the data
WriteProcessMemory(ET, (void*)0x3007EEDB, &wallhack2_off, 3, 0); //Function to write the data
}
}
}
/* DLL Main */
BOOL WINAPI DllMain (HINSTANCE hModule, DWORD dwAttached, LPVOID lpvReserved)
{
if (dwAttached == DLL_PROCESS_ATTACH)
{
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)&Wallhack, 0, 0, 0); //Start the Wallhack thread on DLL inject
}
return 1;
}