Ultimate C++ Guide

[Admin]

Hacktimus Prime
How to make MapleStory Hacks



Source code

What do you need to have:
1. Microsoft Visual C++(Download)
2.Cheat Engine(Download)
3. MapleStory(You probably already have it)

What do you need to know:
1. A little bit of c++
2. Global knowledge of MapleStory
3. How to use Microsoft Visual C++ to make windows forms

What I suggest you know:
1. A good amount of c++
2. A good amount of auto assembly
3. How to use cheat engine

What will this teach you:
1. Some c++ hacking basics
2. Some asm basics
3. How to make a MapleStory trainer

Here we go

STEP 1 THE GUI:

1. Open up Microsoft visual studio c++
2. Press on file->new->project
3. Select windows forms application
4. Name your project and press create
5. Now you will have your windows form project
6. Now customize the form to look however you want your trainer to look

STEP 2 THE HACKS AND CHEAT ENGINE:

1. Open up Cheat Engine
2. Open up MapleStory
3. Login to MapleStory
4. Put the hacks you would like to include to your trainer into cheat engine
How to do 4:
41.Select MapleStory as a process
42. Open up memory view
43. press ctrl+a
44. A window with a text field should come up
45. copy and paste your auto assembly code(Im going to be using a Full Godmode script)
Fullgodmode:

Code:


[Enable]
00961B6C:
db 0F 84

[Disable]
00961B6C:
db 0F 85


46. now on the new window press File->Assign to current cheat table
47. Under cheat engine you should now have a script on ur cheat table


5. Now test ur hack and make sure it works
How to do 5:
51. Open up MapleStory
52. Login and go on a account/character you dont care about
53. Press the checkbox under "active"
54. Your hack should work if you put in the script correctly

6. If your hack worked then go on to the next part


STEP 3 ADDING ACTIVITY TO THE GUI(you need some c++ knowledge for this part)

1. Load up your Microsoft Visual c++ project that has your gui
2. Open up the form that you are using(if you are using forms)
3. Add a checkbox set the text to "Full Godmode"
4. Go to events(the lightning bolt under properties), goto the "Check changed" field, double click it
5. You should now be looking at some code something like

Code:


    private: System::Void checkBox1_CheckedChanged(System::Object^  sender, System::EventArgs^  e) {
            }
    };


6. If you are looking at that then you have successfully just added events to the interface


STEP 4 CONVERTING THE AUTO ASSEMBLY SCRIPTS TO C++(WriteProcessMemory method)
NOTE: this isnt the only way to convert auto assembly scripts to c++


This step isnt going to be written in steps because I have to cover so much code and how to do it. In this I will be teaching how to convert a very easy auto assembly script(full godmode) to c++ using the WriteProcessMemory in bytes method.

Auto Assembly script:

Code:


[Enable]
00961B6C:
db 0F 84

[Disable]
00961B6C:
db 0F 85


Ok thats our auto assembly script, if you do not know auto assembly/asm this probably looks very confusing to you. Let me just go over a simple explanation, this code writes the bytes

Code:

0F 84

to the address

Code:

00961B6C

it is actually very simple the

Code:

db

I think stands for "distribute bytes" but I dont know thats just a guess. All I know is it changes the address's bytes, when the hack is enabled the bytes are

Code:

 0F 84

and when not enabled the bytes are

Code:

0F 85

.


Now to start converting.

The first thing we need to do in c++ is just make a quick function(e.g void()) im going to name mine
"Fullgodmode"

Code:


void Fullgodmode() {
}


Make this function in a new header file or somewhere where you can access it from the form.h file.
Now to initialize the address in c++ for quick access.

Code:


DWORD address = 0x00961B6C;


this pretty much makes a DWORD named "address" that holds the address(00961B6C)

the 0x part:
Your probably wondering why there is a 0x infront of the address, well that is because in c++ everything that has to do with hex values(bytes, address's etc) has to have a 0x infront of it to declare that it is a hex type.

now that we have our address we need to declare the bytes that are being changed. We are going to do this by making a unsigned char that holds the bytes for when the hack is enabled and disabled. This is what it looks like.

Code:


unsigned char fgmOn[8] = "\x0F\x94";
unsigned char fgmOff[8] = "\x0F\x95";


In text we declare hex by putting a "\x" before the byte. Now we have our bytes.

Your Fullgodmode() function should look like this now

Code:


void Fullgodmode() {
    DWORD address = 0x00961B6C;
    unsigned char fgmOn[8] = "\x0F\x94";
    unsigned char fgmOff[8] = "\x0F\x95";
}


Now we need to initialize MapleStory itself so that we may read and write to its process and inject our hacks into the program.

Im going to be covering the easiest way to get the MapleStory process(Through the window)
First of all we have to get the MapleStory window handle,

Code:


HWND mapleWindow = FindWindow(0, "MapleStory");


What this function does is it finds the window with the name "MapleStory" and writes it to the window handle mapleWindow if it does not work mapleWindow will equal 0 so we can do a function like.

Code:


if (mapleWindow == 0) {
    MessageBox(0, "Cannot find MapleStory open", "MapleStory Hack", 0);
    ExitProcess(0);
}


What that does is if the program cannot find the MapleStory window it will show a messagebox that says "Cannot find MapleStory open" and then once you press ok on it your program will exit.

Now this is a confusing part, we need to get the process id of the MapleStory window and then get the process handle from the process id. We do this by first making a DWORD called pID(process id) and then calling the function GetWindowThreadProcessId(HWND hWnd, DWORD processID) then once we do that we make a handle named hProc(handle process) this is what we need. We will get the process by calling OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
All together it looks like this

Code:


    DWORD pID;
    GetWindowThreadProcessId(mapleWindow, &pID);
    HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);


Your code should look like this now

Code:


void Fullgodmode() {
    DWORD address = 0x00961B6C;
    unsigned char fgmOn[8] = "\x0F\x94";
    unsigned char fgmOff[8] = "\x0F\x95";
    HWND mapleWindow = FindWindow(0, "MapleStory");
    if (mapleWindow == 0) {
        MessageBox(0, "Cannot find MapleStory open", "MapleStory Hack", 0);
        ExitProcess(0);
    } else {
        DWORD pID;
        GetWindowThreadProcessId(mapleWindow, &pID);
        HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
    }
}


Now that we have the process handle we can use WriteProcessMemory() to clone the the auto assembly function db.
I am going to explain WriteProcessMemory() very thouroghly(I fail I know I spelt that wrong) because it can be used for alot more then you think. When I first learned about it I thought you could just write a new integer or text to an address. Turns out you can do so much more.

About writeprocessmemory:

Code:


WriteProcessMemory(HANDLE proc, LPVOID address, LPVOID value, SIZE_T size, SIZE_T *numberofbyteswritten);


First of all you can probably guess the "HANDLE proc" part is where we put our process handle that we got in the earlier section(hProc).

Next were going to cover the LPVOID address part. For this part we put in our DWORD address or if you want you can just put in 0x00961B6C instead if you want. If you put in the DWORD address we made earlier you have to cast it as an LPVOID because it is a DWORD right now so it should look like this

Code:


WriteProcessMemory(hProc, (LPVOID)address, LPVOID value, SIZE_T size, SIZE_T *numberofbyteswritten);


Now lets cover the LPVOID value part, this part is the most important because this because this is what you are writing to the address. There are many ways you can use this, if your changing a address that holds a number then you can write an int to it like so

Code:


WriteProcessMemory(hProc, (LPVOID)address, (LPVOID)9999999, SIZE_T size, SIZE_T *numberofbyteswritten);


of course we had to cast it as a LPVOID. You can write almost anything to the address. But the most used is either an int or a byte. In this we are going to be writing a byte to the address. As you saw earlier we wrote a unsigned char that contains our bytes that we are going to use. For this we do not need to cast it so we can do it just like this

Code:


WriteProcessMemory(hProc, (LPVOID)address, fgmOn, SIZE_T size, SIZE_T *numberofbyteswritten);


Now the next part is kindof confusing at first put is not that hard to pickup. For SIZE_T size you cant just do the sizeof() function because that is not what it is. The size in this case is actually the number of bytes being written. In our case it is 2 bytes because "\x0F\x94"("\x1\x2") so we fill in "2" in that section. The next section does not need to be used(I normally just put in NULL) but it can be used to see the number of bytes written.
now writeprocessmemory should look like this

Code:


WriteProcessMemory(hProc, (LPVOID)address, fgmOn, 2, NULL);


That function will write the bytes "\x0F\x94" to the address 0x00961B6C in the process MapleStory.exe from the window MapleStory.


Now we are done converting that simple auto assembly script to c++ your Fullgodmode function should now look like this.

Code:


void Fullgodmode() {
    DWORD address = 0x00961B6C;
    unsigned char fgmOn[8] = "\x0F\x94";
    unsigned char fgmOff[8] = "\x0F\x95";
    HWND mapleWindow = FindWindow(0, "MapleStory");
    if (mapleWindow == 0) {
        MessageBox(0, "Cannot find MapleStory open", "MapleStory Hack", 0);
        ExitProcess(0);
    } else {
        DWORD pID;
        GetWindowThreadProcessId(mapleWindow, &pID);
        HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
        WriteProcessMemory(hProc, (LPVOID)address, fgmOn, 2, NULL);
    }
}


When you run that function it will turn Full Godmode on. Congratulations you have successfully converted that simple auto assembly script to c++.

STEP 5 EXTRA TRAINER STUFF

This step is just going to be all about packing up your trainer and linking everything together.

First thing were going to do is fix the Fullgodmode function so that it also turns full godmode off. We can do this by adding a bool to it like so

Code:


void Fullgodmode(bool on) {}


Now we add in the extra function to see if its on or off and change the bytes being written depending on if its on or off.
This is what it will look like.

Code:


void Fullgodmode(bool on) {
    DWORD address = 0x00961B6C;
    unsigned char fgmOn[8] = "\x0F\x94";
    unsigned char fgmOff[8] = "\x0F\x95";
    HWND mapleWindow = FindWindow(0, "MapleStory");
    if (mapleWindow == 0) {
        MessageBox(0, "Cannot find MapleStory open", "MapleStory Hack", 0);
        ExitProcess(0);
    } else {
        DWORD pID;
        GetWindowThreadProcessId(mapleWindow, &pID);
        HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);
        if (on) {
            WriteProcessMemory(hProc, (LPVOID)address, fgmOn, 2, NULL);
        } else {
            WriteProcessMemory(hProc, (LPVOID)address, fgmOff, 2, NULL);
        }
    }
}


Now if its off it will write the off bytes to the address.


Next part is adding the functionality so that when the checkbox is checked it runs the Fullgodmode function. In our checkbox changed event(private: System::Void checkBox1_CheckedChanged(System::Object^ sender, System::EventArgs^ e)) we need to run the fullgodmode function but we also need to check if the checkbox is checked or not. We can check this by accessing the checkbox class and checking if its checked.

Code:


    this->checkBox1->Checked = false;


So inside the event we just call

Code:


Fullgodmode(this->checkBox1->Checked);


Your event function should now look like this

Code:


    private: System::Void checkBox1_CheckedChanged(System::Object^  sender, System::EventArgs^  e) {
                Fullgodmode(this->checkBox1->Checked);
            }
    };


Now if you open MapleStory then compile and run ur program you should have a fully working trainer with Fullgodmode.
Congratulations you have made a trainer.



Computer broke, got bored, decided to spend around an hour writing a tutorial on my iphone while my computer was getting fixed hope it helps some ppls


HACKTIMUS PRIME


*NEW* C++ Hacking Functions!


This part of the guide is for mostly the people that already know c++ and want to know some of the usefull hacking functions and how to use them.

WriteProcessMemory:
Write process memory can write information to a selected address: WriteProcessMemory


How to get Process ID/Process handle:

Code:


HWND hWnd = FindWindow(0, "MapleStory");//get the window for maplestory
DWORD pID;//dword that holds the process id
GetWindowThreadProcessId(hWnd, &pID);//gets the process id which is used for getting the process handle
HANDLE procHandle = OpenProcess(PROCESS_ALL_ACCESS, pID);//gets you a process handle for maplestory using the process id we got


Killing MapleStory(Killing the process(no ad)):

Code:


bool ExitMapleStory() {
    HWND hWnd = FindWindow(0, "MapleStory");//get maplestory window
    if (hWnd == 0) {
        return false;//return false if maplestory is not found
    } else {
        DWORD pID;//process id
        GetWindowThreadProcessId(hWnd, &pID);//getting the process id
        HANDLE pHandle = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pID);//opening the process
        PostThreadMessage(pID, WM_CLOSE, 0, 0);//posting a message to close maplestory
        WaitForSingleObject(pHandle, 2000);//wait for 2 seconds waiting for maplestory to close

        DWORD exit = 0;//exit code
        GetExitCodeProcess(pHandle, &exit);//get the exit code
        if (exit == STILL_ACTIVE) {
            TerminateProcess(pHandle, 0);//if maplestory doesnt exit destroy the process
        }
        CloseHandle(pHandle);//close the process handle
        return true;
    }
}


More c++ quick functions coming soon -Hacktimus Prime






NEW Making a hack in a Dll!!!!!

This part is going to be on making a dll that exports hack functions to be called from your trainer. The reason for this is so that we may inject the dll into maplestory so we dont need to use WriteProcessMemory we can just put it into the memory using memcpy. So what I want you to do is open up Microsoft Visual c++ and create an empty project.
Now make a new source file and call it main.cpp. This will be our cpp that holds all of our exported functions. Now I want you to follow these steps.
1. Right click your project
2. Press on properties
3. Go to General
4. Change Common Language Runtime Support to "No Common Language Runtime Support"
5. Next set the Character Set to "Use Multi-Byte Character Set"
6. Now change Configuration Type to "Dynamic Library(.dll)"

Now you have a simple dll program, but if you compile it you will get errors because you do not have an entry point. Copy and paste the code below into your main.cpp file.

Code:


#include <windows.h> //include the files you need
#include <string.h>
#include <iostream>
#include <fstream>
using namespace std; //using the proper namespace

BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved) { //the dll main entry point just like int main()
    switch ( dwReason ) { //the switch to check for the dll calls
        case DLL_PROCESS_ATTACH: //if the dll is attached
            DisableThreadLibraryCalls(hModule); //it calls this method to disable library calls
            break;
           
        case DLL_PROCESS_DETACH: //when the program exits and the dll is detached
            ExitProcess(0); //it exits the process to make a smoother exit
            break;
           
        case DLL_THREAD_ATTACH://these are never really called
            break;
        case DLL_THREAD_DETACH:
            break;
    }
    return TRUE; //return true because it is a bool
}


Greate now we have our basic dll, if you compile it now it should compile but give you an error. This error is because dll's are not executables so they cannot be run like normal files. Dont worry just ignore this error your dll still compiled.
Now we want to add in a script, for this im going to use my own not working teleport script :/ this script doesnt work but il just use it as an example:

Code:


extern "C" __declspec(dllexport) void Teleport() {//first we declare it as an external C script so that we may call it easily, next we declare that //it will be exported
MessageBox(0, "Teleport is on", "Teleport", 0);//call a message box to let us know that teleport is on
__asm {//start our inline asm
        mov [esi+0x3B94],0x00
        mov eax,[0x00CBE0A8]
        cmp dword ptr [eax+0x9C8],0x0c
        jne teleNormal

        teleNormal:
        cmp dword ptr [esi+0x00003B94],0x01
        jmp dword ptr [teleHack2]
}
}


Now that script will not work but you pretty much just copy and past your script into the asm part. Now if you compile it right now it will give you inline asm errors. That is because in c++ you cant do stuff like

Code:

mov eax,[00493823]

it doesnt work like that you need to declare it as hex so you put 0x infront like so

Code:

mov eax,[0x00493823]

so for example in our teleport script the first part would have originally been

Code:

mov [esi+3B94],00

but now because we add the hex it is

Code:

mov [esi+0x3B94],0x00

Now if you compile your dll you have a dll that you can call exported functions from