Some Zoom Hacks

**Serpious** · 07-30-2011

Code:

#include <windows.h>
#include <stdio.h>
#include <Tlhelp32.h>

struct OffsetInfo
{
    char* lpszName;            //Name of the patch
    DWORD dwOffset;            //Offset of the patch (Can be 0 -> need UpdateData then)
    BYTE* lpbyData;            //Data of the patch
    DWORD dwLen;            //lengh of the patch data

    BYTE* lpbyUpdateData;    //Bytes to search to get the offset
    char* lpszMask;            //Update mask (x valid byte, ? skip byte)
}

g_sPatchList[]={
			{"LoLHack", 
			0,
			(BYTE*)"\xEB",
			1,
			(BYTE*)"\x76\xF3\x0F\x11\x05\x5F\x5E\xB0\x01\x5b\x59\xc2\x04\x00",
			"x?xxxx????xxxxxxxxx"},
};

LPMODULEENTRY32 GetModuleInfo(DWORD dwPid)
{
    //We will get the module info of the main module
    //Since we do need the base address (which is basically 0x0040000) and the size
    static MODULEENTRY32 s_sModule; 
    HANDLE hSnapshot;

    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,dwPid);
    if( hSnapshot == INVALID_HANDLE_VALUE )
    {
        printf("CreateToolhelp32Snapshot failed: %i\n",GetLastError());
        return NULL;
    }

    s_sModule.dwSize = sizeof(MODULEENTRY32);
    if( Module32First(hSnapshot,&s_sModule) == FALSE )
    {
        CloseHandle(hSnapshot);
        printf("Module32First failed: %i\n",GetLastError());
        return NULL;
    }

    do
    {
        if( strcmp("League of Legends.exe",s_sModule.szModule) == 0 )
        {
            CloseHandle(hSnapshot);
            return &s_sModule;
        }
    }while(Module32Next(hSnapshot,&s_sModule));

    printf("League of legends not detected\n");
    CloseHandle(hSnapshot);
    return NULL;
}

void SetDebugPrivilege()
{
    HANDLE Htoken;
    TOKEN_PRIVILEGES tokprivls;
    if(OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &Htoken))
    {
        tokprivls.PrivilegeCount = 1;
        LookupPrivilegeValue(NULL, "SeDebugPrivilege", &tokprivls.Privileges[0].Luid);
        tokprivls.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        AdjustTokenPrivileges( Htoken, FALSE, &tokprivls, sizeof(tokprivls), NULL, NULL);
        CloseHandle(Htoken);
    }
}


void FindOffset(HANDLE hProcess, LPMODULEENTRY32 lpsModule, int iNumber)
{
    //Gets offsets from patch
    bool bFound;
    DWORD dwLen,dwRead, dwAdjust, dwParser;
    BYTE* lpbyBuffer = new BYTE[lpsModule->modBaseSize];

    dwLen = strlen(g_sPatchList[iNumber].lpszMask);
    //Read the whole main module memory to a local buffer
    ReadProcessMemory(hProcess,(void*)lpsModule->modBaseAddr,(void*)lpbyBuffer,lpsModule->modBaseSize,&dwRead);

    //We'll now parse the local buffer for our searched offset
    for( DWORD i = 0; i < dwRead; ++i )
    {
        if( g_sPatchList[iNumber].lpbyUpdateData[0] == lpbyBuffer[i] )
        {
            bFound = true;
            dwAdjust = 0;
            dwParser = 1;
            for( DWORD a = 1; a < dwLen; ++a )
            {
                //Skip INT3 between functions
                while( lpbyBuffer[i+a+dwAdjust] == 0xCC )
                    ++dwAdjust;

                //If the current char of the mask is "x" and the byte of the game memory is different from our searched byte,
                //then continue with the next offset
                if( g_sPatchList[iNumber].lpszMask[a] == 'x' && g_sPatchList[iNumber].lpbyUpdateData[dwParser++] != lpbyBuffer[i+a+dwAdjust] )
                {
                    bFound = false;
                    break;
                }
            }
            //If all bytes, following the offset, fit with the searched ones and the mask,
            //then add the base address to the current position and safe it in the offset structure
            if( bFound == true )
            {
                g_sPatchList[iNumber].dwOffset = (DWORD)lpsModule->modBaseAddr + i;
                delete[]lpbyBuffer;
                return;
            }
        }
    }
    delete[]lpbyBuffer;
}

int main()
{
    HWND hWindow = 0,hWindowOld = 0;
    DWORD dwWritten, dwPid;
    HANDLE hProcess;
    LPMODULEENTRY32 lpsModule;

    SetConsoleTitle("LoLHack");
    SetDebugPrivilege();
    while(1)
    {
        printf("Looking for LoL\n");
        //Try to find the League of Legends Client window
        //Since the client is only loaded ingame, not while being in the lobby or queue
        //We have to check if the "old" window handle is different from the new one (if a new one exists)
        while( (hWindow = FindWindow(NULL, "League of Legends (TM) Client")) == 0 || hWindow == hWindowOld )
            Sleep(1000);

        hWindowOld = hWindow;
        GetWindowThreadProcessId(hWindow, &dwPid);
        hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
        if( hProcess == NULL )
        {
            printf("Unable to find LoL\n\n");
            continue;
        }
        printf("LoL Detected\n");
        lpsModule = GetModuleInfo(dwPid);

        //Parse the whole PatchList and apply offsets (if possible)
        for( int i = 0; i < sizeof(g_sPatchList)/sizeof(OffsetInfo); ++i )
        {
            //If no offset was specified, then we have to search for it!
            if( g_sPatchList[i].dwOffset == 0)
            {
                if( lpsModule )
                    FindOffset(hProcess, lpsModule, i);
            }

            //If there's still no offset available.. skip it!
            if( g_sPatchList[i].dwOffset )
            {
                WriteProcessMemory(hProcess,(void*)g_sPatchList[i].dwOffset,(void*)g_sPatchList[i].lpbyData,g_sPatchList[i].dwLen,&dwWritten);
                printf("Patched: %s\n",g_sPatchList[i].lpszName);
            }else
                printf("NOT Patched: %s\n",g_sPatchList[i].lpszName);
        }
        CloseHandle(hProcess);
        printf("\n");
    }
    
    return 0;
}

Code:

#include <fstream>
#include <iostream>
#include <conio.h>
using namespace std;
char * buffer;
int counter = 0;
int main()
{
	cout << "Opening file\n";
	fstream lolFile;
	lolFile.open("League of Legends.exe",ios::binary|ios::in|ios::ate|ios::out);
	ifstream::pos_type size;
	size = lolFile.tellg();
	buffer = new char [size];
	lolFile.seekg(0,ios::beg);
	lolFile.read(buffer,size);
	for(int i =0;i < size;i++)
	{
		int temp[4] = {(int)buffer[i],(int)buffer[i+1],(int)buffer[i+2],(int)buffer[i+3]};
		if(temp[0] == 0x00 && temp[1] == 0xffffffa0 && temp[2] == 0x0c && temp[3] == 0x45)
		{
				char bufferz[8] = {0x00,0x40,0x9C,0x45};
				lolFile.seekp(i);
				lolFile.write(bufferz,sizeof(bufferz));
				cout << "Wrote to file\n";
				counter++;
		}
	}
	lolFile.close();
	delete buffer;
	cout << "Writing to file\n";
	cout << "Done patched " << counter << " 2 addresses, press any key to exit.";
	_getch();
}

Enjoy!

**Blinky** · 08-08-2011

What language is this written in? I'm trying to figure out how I make a program out of this code,
Thanks in advice!

**Serpious** · 08-08-2011

Originally Posted by Blinky

What language is this written in? I'm trying to figure out how I make a program out of this code,
Thanks in advice!

You clearly have no programming experience, so why try to compile it?

Just download a already compiled software? Much easier.

**Blinky** · 08-08-2011

Originally Posted by 0x0

You clearly have no programming experience, so why try to compile it?

Just download a already compiled software? Much easier.

You just broke my newborn wannabe programmer heart. Sure it's easier to download a program but there's no fun in that. I'm acually trying to learn something.

I'll bugger off and leave you alone from now on.

**Serpious** · 08-08-2011

Originally Posted by Blinky

You just broke my newborn wannabe programmer heart. Sure it's easier to download a program but there's no fun in that. I'm acually trying to learn something.

I'll bugger off and leave you alone from now on.

Then why do you need to know what this specific software is written in? The idea is not limited to this programming language.

**giack44** · 08-08-2011

How this work?? what the zoom hack do?

**Serpious** · 08-08-2011

Originally Posted by giack44

How this work?? what the zoom hack do?

It enables you to zoom out more ingame.

**pigchop** · 08-11-2011

Originally Posted by 0x0

Code:

#include <windows.h>
#include <stdio.h>
#include <Tlhelp32.h>

struct OffsetInfo
{
    char* lpszName;            //Name of the patch
    DWORD dwOffset;            //Offset of the patch (Can be 0 -> need UpdateData then)
    BYTE* lpbyData;            //Data of the patch
    DWORD dwLen;            //lengh of the patch data

    BYTE* lpbyUpdateData;    //Bytes to search to get the offset
    char* lpszMask;            //Update mask (x valid byte, ? skip byte)
}

g_sPatchList[]={
			{"LoLHack", 
			0,
			(BYTE*)"\xEB",
			1,
			(BYTE*)"\x76\xF3\x0F\x11\x05\x5F\x5E\xB0\x01\x5b\x59\xc2\x04\x00",
			"x?xxxx????xxxxxxxxx"},
};

LPMODULEENTRY32 GetModuleInfo(DWORD dwPid)
{
    //We will get the module info of the main module
    //Since we do need the base address (which is basically 0x0040000) and the size
    static MODULEENTRY32 s_sModule; 
    HANDLE hSnapshot;

    hSnapshot = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE,dwPid);
    if( hSnapshot == INVALID_HANDLE_VALUE )
    {
        printf("CreateToolhelp32Snapshot failed: %i\n",GetLastError());
        return NULL;
    }

    s_sModule.dwSize = sizeof(MODULEENTRY32);
    if( Module32First(hSnapshot,&s_sModule) == FALSE )
    {
        CloseHandle(hSnapshot);
        printf("Module32First failed: %i\n",GetLastError());
        return NULL;
    }

    do
    {
        if( strcmp("League of Legends.exe",s_sModule.szModule) == 0 )
        {
            CloseHandle(hSnapshot);
            return &s_sModule;
        }
    }while(Module32Next(hSnapshot,&s_sModule));

    printf("League of legends not detected\n");
    CloseHandle(hSnapshot);
    return NULL;
}

void SetDebugPrivilege()
{
    HANDLE Htoken;
    TOKEN_PRIVILEGES tokprivls;
    if(OpenProcessToken( GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, &Htoken))
    {
        tokprivls.PrivilegeCount = 1;
        LookupPrivilegeValue(NULL, "SeDebugPrivilege", &tokprivls.Privileges[0].Luid);
        tokprivls.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
        AdjustTokenPrivileges( Htoken, FALSE, &tokprivls, sizeof(tokprivls), NULL, NULL);
        CloseHandle(Htoken);
    }
}


void FindOffset(HANDLE hProcess, LPMODULEENTRY32 lpsModule, int iNumber)
{
    //Gets offsets from patch
    bool bFound;
    DWORD dwLen,dwRead, dwAdjust, dwParser;
    BYTE* lpbyBuffer = new BYTE[lpsModule->modBaseSize];

    dwLen = strlen(g_sPatchList[iNumber].lpszMask);
    //Read the whole main module memory to a local buffer
    ReadProcessMemory(hProcess,(void*)lpsModule->modBaseAddr,(void*)lpbyBuffer,lpsModule->modBaseSize,&dwRead);

    //We'll now parse the local buffer for our searched offset
    for( DWORD i = 0; i < dwRead; ++i )
    {
        if( g_sPatchList[iNumber].lpbyUpdateData[0] == lpbyBuffer[i] )
        {
            bFound = true;
            dwAdjust = 0;
            dwParser = 1;
            for( DWORD a = 1; a < dwLen; ++a )
            {
                //Skip INT3 between functions
                while( lpbyBuffer[i+a+dwAdjust] == 0xCC )
                    ++dwAdjust;

                //If the current char of the mask is "x" and the byte of the game memory is different from our searched byte,
                //then continue with the next offset
                if( g_sPatchList[iNumber].lpszMask[a] == 'x' && g_sPatchList[iNumber].lpbyUpdateData[dwParser++] != lpbyBuffer[i+a+dwAdjust] )
                {
                    bFound = false;
                    break;
                }
            }
            //If all bytes, following the offset, fit with the searched ones and the mask,
            //then add the base address to the current position and safe it in the offset structure
            if( bFound == true )
            {
                g_sPatchList[iNumber].dwOffset = (DWORD)lpsModule->modBaseAddr + i;
                delete[]lpbyBuffer;
                return;
            }
        }
    }
    delete[]lpbyBuffer;
}

int main()
{
    HWND hWindow = 0,hWindowOld = 0;
    DWORD dwWritten, dwPid;
    HANDLE hProcess;
    LPMODULEENTRY32 lpsModule;

    SetConsoleTitle("LoLHack");
    SetDebugPrivilege();
    while(1)
    {
        printf("Looking for LoL\n");
        //Try to find the League of Legends Client window
        //Since the client is only loaded ingame, not while being in the lobby or queue
        //We have to check if the "old" window handle is different from the new one (if a new one exists)
        while( (hWindow = FindWindow(NULL, "League of Legends (TM) Client")) == 0 || hWindow == hWindowOld )
            Sleep(1000);

        hWindowOld = hWindow;
        GetWindowThreadProcessId(hWindow, &dwPid);
        hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPid);
        if( hProcess == NULL )
        {
            printf("Unable to find LoL\n\n");
            continue;
        }
        printf("LoL Detected\n");
        lpsModule = GetModuleInfo(dwPid);

        //Parse the whole PatchList and apply offsets (if possible)
        for( int i = 0; i < sizeof(g_sPatchList)/sizeof(OffsetInfo); ++i )
        {
            //If no offset was specified, then we have to search for it!
            if( g_sPatchList[i].dwOffset == 0)
            {
                if( lpsModule )
                    FindOffset(hProcess, lpsModule, i);
            }

            //If there's still no offset available.. skip it!
            if( g_sPatchList[i].dwOffset )
            {
                WriteProcessMemory(hProcess,(void*)g_sPatchList[i].dwOffset,(void*)g_sPatchList[i].lpbyData,g_sPatchList[i].dwLen,&dwWritten);
                printf("Patched: %s\n",g_sPatchList[i].lpszName);
            }else
                printf("NOT Patched: %s\n",g_sPatchList[i].lpszName);
        }
        CloseHandle(hProcess);
        printf("\n");
    }
    
    return 0;
}

Code:

#include <fstream>
#include <iostream>
#include <conio.h>
using namespace std;
char * buffer;
int counter = 0;
int main()
{
	cout << "Opening file\n";
	fstream lolFile;
	lolFile.open("League of Legends.exe",ios::binary|ios::in|ios::ate|ios::out);
	ifstream::pos_type size;
	size = lolFile.tellg();
	buffer = new char [size];
	lolFile.seekg(0,ios::beg);
	lolFile.read(buffer,size);
	for(int i =0;i < size;i++)
	{
		int temp[4] = {(int)buffer[i],(int)buffer[i+1],(int)buffer[i+2],(int)buffer[i+3]};
		if(temp[0] == 0x00 && temp[1] == 0xffffffa0 && temp[2] == 0x0c && temp[3] == 0x45)
		{
				char bufferz[8] = {0x00,0x40,0x9C,0x45};
				lolFile.seekp(i);
				lolFile.write(bufferz,sizeof(bufferz));
				cout << "Wrote to file\n";
				counter++;
		}
	}
	lolFile.close();
	delete buffer;
	cout << "Writing to file\n";
	cout << "Done patched " << counter << " 2 addresses, press any key to exit.";
	_getch();
}

Enjoy!

So what the hell do we do with the codes?

**Maisteri** · 08-11-2011

You compile them.

**Sychotix** · 08-11-2011

The top one is either C or C++. The bottom one is C++.

And also, 0x0... how are they going to compile the files if they don't know what language they are? He asked a legitimate question... there is no reason for you to try and bash him.

**Serpious** · 08-11-2011

It wasn't my intention to bash him, if he was offended with what I said then I am sorry. Both of them are C++ I thought it was obvious due to the syntax used. Oh well.

**DieTheVillain** · 08-13-2011

if he didnt know what language it was by the #include statements then telling him what language it was so he can go download code::blocks or something wasnt gonna help him learn programming.

**VIPGuild** · 11-22-2011

<---- noob here...

so is there a download or something easier? don't know how to get this to work

**Omegalux** · 11-26-2011

I would also like a guide to getting this to work.

I have no experience in this type of thing. Any help would be appreciated.

**Enemyz** · 12-28-2011

Could anyone make a "guide" to how to get this to work? would be very much appreciated
Thanks in advance.

Shout-Out

User Tag List

Thread: Some Zoom Hacks

Thread Tools

Search Thread

Some Zoom Hacks

Similar Threads

[HACK] Undetected Warcraft 3 yHack (maphack, zoom hack etc..)

LoL Zoom Hack Address

Looking for some specifics hacks :)

Weapon skilling - Need xyz and some speed hack

OwnedCore Forums

casino

CoreCoins

My OwnedCore

About Us

Casino