Using DLL's to inject values without CE.

[Matsy]

Heyhey, As this is my first post on this forum, I'd like to make it a good one, so here are some basic instructions to use hacks, without needing to use CE (If you are getting the point of this guide, You'll be able to make Bots with this method too Using SendInput or the Window Dialog)

This requires basic C++ knowledge, and at least the knowledge on how to make a simple DLL.

At the PROCESS_ATTACH of the DLL, You want to create a thread (Because otherwise the game will hang if you use your functions, which is not good.). You can create the thread using CreateThread() and making a callback function to what you want. So like:

CreateThread(NULL,0,(LPTHREAD_START_ROUTINE)TheFunctions,NULL,NULL);

And then make a function called TheFunctions (You could also rename it).

If you inject the DLL this way, you have access to the virtual memory of WoW. (Might need a VirtualQuery somewhere).

Then you could edit the memory using memory pointers and can easily edit the values, like:

*(BYTE *)0x00000000 = 0x90;

This nops the byte at 0x000000000;

You could find something that is useful with this.

If you manage to inject this DLL into WoW, and use the Mountain Climb addresses / value (Make sure these are in Hexadecimal, it will also work, and there's much less chance of detection).

Cheers,
Matsy

This post is copyright by the user posting it and MMOwned.com - World of Warcraft Exploits,Hacks, Bots and Guides, where it was posted. You may not copy or reproduce this information on any other site without written permission from both the poster and MMOwned.com

[bobzor]

Ok, if someone can tell me WHOT THE HELL he is taking about i might try to read it

[lagarto]

Nice done, but.. have you tried if is Indetect ? or is detect like CE ?

[UnknOwned]

Im not sure about your "inject a dll into wow" - why would you inject a dll when it loses it's "dll" tag when you just pump the code which makes it a code injection and not a "dll" injection.
There are a few memory values that are detected by HASH meaning that you have to inject some code at the call for the pointer to make it undetectable. Some of them are just protected by value compersion contra the server.
And lastly the serverside check for position changes which will kill Tele/RunSpeed hackers.
Injecting code into wow is great however it is easy for warden to detect. Even cheat engine can be used to inject asemple code into wow and that is 99% the same.

I wouldn't recommend injecting code into wow... not tested yet, but im sure it will result in a ban if you inject code at importaint calls.

[Matsy]

That's the thing. It works. It could be used as a way to replace CE (Everything you can do with CE, you can do with this method too, but then more stealth)

And, DLL Injection is the method of pushing code from a DLL in an application. Which is what you're doing. (If you open it with OllyDBG, You can still see your DLL in the module list, which is what matters).

This is more likely able to prevent a ban, than to result in a ban. Because this is one of the most stealth methods you'll get for easy modifying of game data.

Cheat Engine can be detected. And the code in it could be detected too. With this way, it looks like WoW is doing the modifications, and only the code can be detected. So you're a lot more secure.

"There are a few memory values that are detected by HASH meaning that you have to inject some code at the call for the pointer to make it undetectable. Some of them are just protected by value compersion contra the server."

You could replace the hash of the check with a clean one, so the server doesn't know you actually changed the values.

This is not easy for warden to detect, not at all.

[UnknOwned]

That's the thing. It works. It could be used as a way to replace CE (Everything you can do with CE, you can do with this method too, but then more stealth)

And, DLL Injection is the method of pushing code from a DLL in an application. Which is what you're doing. (If you open it with OllyDBG, You can still see your DLL in the module list, which is what matters).

This is more likely able to prevent a ban, than to result in a ban. Because this is one of the most stealth methods you'll get for easy modifying of game data.

Ok, thought you ment inprogress-editing of an app.
This is a nasty and time consuming process since scan.dll checks the wow.exe before initiall startup. So if you inject some code into certain parts you might end up in a autoClose or Ban, unless you find all the checks.

But im sure if you manage to succed you will be able to hack alot without warden being able to detect it.

Cheat Engine can be detected. And the code in it could be detected too. With this way, it looks like WoW is doing the modifications, and only the code can be detected. So you're a lot more secure.

You are a bit wrong on that part.
Cheat Engine itself is very secure, much more secure than 10 lines of home made c++ code. Reason why cheatengine is detected is that it is compiled and that Blizzard does have acces to the compiled version. By just adding some offset checks you can easily see if cheatengine are running even with processguard on since it can check persitent dll files too.
If you recompile CheatEngine after moving around the code and addning new empty functions to move around the offsets you will be able to make a 100% secure cheatengine. And why reinvent the wheel by making a new program when you got all you need allready?

You could replace the hash of the check with a clean one, so the server doesn't know you actually changed the values."

This is not easy for warden to detect, not at all.

Yes..
You can also set your changes to afflict the checks to by injecting code with cheatengine, and that would be just as detectable as a basic c++ code.


Overall i 100% agree that it is much more secure to program your own apps for doing hacks and home made injection methods is the "real deal" but it does require alot of efford, and since cheatengine is opensource and overall a great tool for doing stuff it would save alot of time just modding the delphi code.

[Matsy]

Well. Delphi isn't really assembly-friendly. Hence why I chose C++. Modifying the CE source means depending on an open-source project, which I'm not really fond of. But it's a good idea for some easy modifying projects, ofcourse. But if you have long procedures, you'll be faster, and much more efficient doing it with C++.

You are a bit wrong on that part.
Cheat Engine itself is very secure, much more secure than 10 lines of home made c++ code. Reason why cheatengine is detected is that it is compiled and that Blizzard does have acces to the compiled version. By just adding some offset checks you can easily see if cheatengine are running even with processguard on since it can check persitent dll files too.
If you recompile CheatEngine after moving around the code and addning new empty functions to move around the offsets you will be able to make a 100% secure cheatengine. And why reinvent the wheel by making a new program when you got all you need allready?

I wasn't wrong, not at all. The things that are detected about CE are its functions and its layout. All things the DLL doesnt have. And, Modifying a CE so hacks gets undetected, is a lot of work. The way a DLL works will never change, the way the program works might.

[Omni]

after you compile your .dll you can use any DLL injector to slap it onto the wow.exe process.

The harder and cleaner way to force a DLL into a process is to modify an existing DLL and place it in the WoW directory. For example lets say wow uses D3D.dll for graphics rendering purposes (in all honesty i dont know if it does, but for the sake of argument..). Now normally WoW would boot and load the dll from: "C:/windows/system32/D3D.dll" because d3d.dll is a rather common dll and many programs use it. However if you place the d3d.dll in the WoW directory it will load that one instead of the one located in your system32 folder. Basically it checks the exe's directory first, THEN goes to the common dll's folder such as /system32/.
Anyways you can edit and re-compile DLL's and have them load your own code as well. I used this method to go undetected in MapleStory and GunBound hacking for well over a year (it was kept extremely secret from the public maplestory hacking scene).

If you want me to further explain something in my post let me know.