Basic tut on using C++ for GunZ

ollydbg: http://www.ollydbg.de
PDB Dumps: http://forum.ragezone.com/f311/match...3/#post5027927
GunZOld + test.txt: http://forum.ragezone.com/f245/relea...st-txt-219398/

I used Microsoft Visual C++ 2008. You can use a different compiler, you'd just have to change the assemblys syntax.

This "tutorial" is not intended to be used to "attack" or "make hacks" for other servers. It is intended to help other server developers/owners.
Don't ask me "what is an int?" or whatnot. If you want to understand this, go learn C++.

Note: I won't explain everything, I will not go into detail on a lot, and will be wrong. Just enough for you to get a kick-start on C++ developing for GunZ.
I may not be correct on everything, and my explanations are rather horrid.

@Phail and Guy, I know you will criticize me a lot what I typed. But try to keep it to a minimum please. :D
I've been up for 3 fucking days, but I'm positive you don't care. lol.

Most basic GunZ function; ZChatOutput

Code:

typedef void(__cdecl *ZChatOutputType) (const char*, int, int, DWORD); ZChatOutputType ZChatOutput = (ZChatOutputType)0x0042BAE0; //FAKE Address *points to jjang*

typedef: a keyword used to define another type. In this case, void.
__cdecl: __cdecl is a calling convention. (More information later)
*: is used as a pointer in this case, not to multiply. :p

The arguments:
const char*: The message to display
int: Where to place it
int: The type of color
DWORD: The color of the message

Usage of ZChatOutput:

Code:

ZChatOutput("Hello world!", 2, 0, 0xFFFFFF);

You might be asking, "How do I find the addresses?"
Using ollydbg, test.txt, and GunZOld.exe.

Fire up ollydbg, open GunZOld.exe in ollydbg.
Open test.txt, and find ZChatOutput: 427A40: ZChatOutput
The "427A40" is the address in GunZOld.exe. Copy that address, open the ollydbg window, and hit "CTRL + G" paste it in the text box, and hit OK.
It should be something like this:

Code:

00427A40 /$ E8 9B3D0700 CALL GunzOld.0049B7E0 00427A45 |. 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10] 00427A49 |. 8B5424 0C MOV EDX,DWORD PTR SS:[ESP+C] 00427A4D |. 51 PUSH ECX ; /Arg4 00427A4E |. 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+C] ; | 00427A52 |. 52 PUSH EDX ; |Arg3 00427A53 |. 8B5424 0C MOV EDX,DWORD PTR SS:[ESP+C] ; | 00427A57 |. 51 PUSH ECX ; |Arg2 00427A58 |. 52 PUSH EDX ; |Arg1 00427A59 |. 8D88 80030000 LEA ECX,DWORD PTR DS:[EAX+380] ; | 00427A5F |. E8 8CFBFFFF CALL GunzOld.004275F0 ; \GunzOld.004275F0 00427A64 \. C3 RETN

Since the addresses have changed, we can NOT copy "Calls", "MOV + [address]", or anything with an address.
Open up a new ollydbg window, and open "theduel.exe"
Highlight from: "MOV ECX, DWORD PTR SS:[ESP+10]" - to "PUSH EDX"
right click -> binary -> binary copy

Open the "theduel.exe" ollydbg, press "CTRL + B" and paste it in the "HEX + 00" box.
NOTE: It may not look exactly like eachother, so search underneath/above it and compare between each runnable in ollydbg.

This is what I have in "theduel.exe":

Code:

0042A230 /$ E8 AB1A0800 CALL theduel.004ABCE0 0042A235 |. 8B4C24 10 MOV ECX,DWORD PTR SS:[ESP+10] 0042A239 |. 8B5424 0C MOV EDX,DWORD PTR SS:[ESP+C] 0042A23D |. 51 PUSH ECX ; /Arg4 0042A23E |. 8B4C24 0C MOV ECX,DWORD PTR SS:[ESP+C] ; | 0042A242 |. 52 PUSH EDX ; |Arg3 0042A243 |. 8B5424 0C MOV EDX,DWORD PTR SS:[ESP+C] ; | 0042A247 |. 51 PUSH ECX ; |Arg2 0042A248 |. 52 PUSH EDX ; |Arg1 0042A249 |. 8D88 80030000 LEA ECX,DWORD PTR DS:[EAX+380] ; | 0042A24F |. E8 9CFBFFFF CALL theduel.00429DF0 ; \theduel.00429DF0 0042A254 \. C3 RETN

It appears to look alike, but to make sure, compare GunZOld & theduel's block underneath it:

GunZOld:

Code:

00427A70 /$ 53 PUSH EBX 00427A71 |. 55 PUSH EBP 00427A72 |. 56 PUSH ESI 00427A73 |. 57 PUSH EDI 00427A74 |. 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+14] 00427A78 |. 8BF1 MOV ESI,ECX 00427A7A |. 8D6E 28 LEA EBP,DWORD PTR DS:[ESI+28] 00427A7D |. 57 PUSH EDI 00427A7E |. 55 PUSH EBP 00427A7F |. E8 9AD81200 CALL GunzOld.0055531E 00427A84 |. 83C4 08 ADD ESP,8 00427A87 |. 33DB XOR EBX,EBX 00427A89 |. 85C0 TEST EAX,EAX

Theduel:

Code:

0042A260 /$ 53 PUSH EBX 0042A261 |. 55 PUSH EBP 0042A262 |. 56 PUSH ESI 0042A263 |. 57 PUSH EDI 0042A264 |. 8B7C24 14 MOV EDI,DWORD PTR SS:[ESP+14] 0042A268 |. 8BF1 MOV ESI,ECX 0042A26A |. 8D6E 28 LEA EBP,DWORD PTR DS:[ESI+28] 0042A26D |. 57 PUSH EDI 0042A26E |. 55 PUSH EBP 0042A26F |. E8 AA681500 CALL theduel.00580B1E 0042A274 |. 83C4 08 ADD ESP,8 0042A277 |. 33DB XOR EBX,EBX 0042A279 |. 85C0 TEST EAX,EAX

They appear to be the same, so scroll back up to 0042A230 - And we have ZChatOutput's address!!
(Their are more ways to find addresses, but I like this way.)

"Now what?"
Here is the complete source code:

Code:

#include <windows.h> typedef void(__cdecl *ZChatType) (const char*, int, int, DWORD); ZChatType ZChat = (ZChatType)0x0042A230; void MyThread() { for(;;Sleep(20)) //Infinite Loop { if(GetAsyncKeyState (VK_MENU) && GetAsyncKeyState ('L')) // IF THE KEY ALT (was pressed) AND THE KEY L (was pressed) { ZChatOutput("Hello World!", 2, 0, 0xFFFFFF); Sleep(250); //To make sure it doesn't run while them keys were pressed. } } } extern "C" { __declspec(dllexport) BOOL __stdcall DllMain(HINSTANCE hInst,DWORD reason,LPVOID lpv) { DisableThreadLibraryCalls(hInst); if (reason == DLL_PROCESS_ATTACH) { MessageBox(NULL, L"Injected", L"HI", MB_OK); CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&MyThread, NULL, 0, NULL); //Remember our void? "MyThread" ?? } return true; } }

^Thanks again Phail. :D ... And Brandon XD

Compile, inject, fix any errors (if any) and test.
Congratulations.

Let's take a bigger step, using assembly's syntax inside of C++. ZGameClient::OnAnnounce
Looks different, that's because ZGameClient::OnAnnounce is used as a class, not a function.
So attempting to use the "__cdecl" will not work, we will need to use "__asm" keyword to call this.

Code:

DWORD OnAnnounceAdd = 0x0042BAE0; DWORD ZGetGameClientAdd = 0x0042BAE0; void OnAnnounce(unsigned int nType, char* szMsg) { __asm { MOV ECX, ZGetGameClientAdd MOV EAX, OnAnnounceAdd PUSH szMsg PUSH nType CALL EAX } } /* MOV ECX, ZGetGameClientAdd - COPY ZGetGameClientAdd into the ECX register MOV EAX, OnAnnounceAdd - COPY OnAnnounceAdd into the EAX register PUSH szMsg - PUSH'ing szMsg into the stack PUSH nType - PUSH'ing nType into the stack CALL EAX - CALL what's in the EAX register So, when we call EAX, we also call what we push'd. (Learn ASM) */

How did I know the parameters? The GunZ PDB Dump, searching for the functions name.
Copy this: ZGameClient::OnAnnounce - and open GunZ PDB Dump.txt in wordpad.
Press "CTRL + F" and paste that, and search.

First, you will find something like this:

Code:

?OnAnnounce@ZGameClient@@IAEXIPAD@Z(protected: void __thiscall ZGameClient::OnAnnounce(unsigned int,char *))

Gives us all we need, but hit F3 two more times.
You should see something like this:

Code:

Function : static, [0x000afd70][0x0001:0x000aed70], len = 00000030, protected: void __thiscall ZGameClient::OnAnnounce(unsigned int,char *) FuncDebugStart : static, [0x000afd71][0x0001:0x000aed71] FuncDebugEnd : static, [0x000afd9a][0x0001:0x000aed9a] Data : enregistered edx, Object Ptr, Type: class ZGameClient * const, this Data : ebp Relative, [0x00000004], Param, Type: unsigned int, nType Data : ebp Relative, [0x00000008], Param, Type: char *, szMsg

Ok, we have a better view on what we should use as parameters for this function.

(Remember, my explanations are rather horrid. And I may not be correct on everything.)

Quote:

Originally Posted by Theoretical

Your definitions for calling conventions are incorrect my good sir.
The "__cdecl" - we can call, when the function is NOT apart in a class.
The "__thiscall" - we can call using ASM.
The "__stdcall" - used for calling functions that apart of graphics/winapi/directx/etc.

__cdecl -> Arguments are pushed from right to left, and the calling function cleans it up.
__thiscall -> Arguments are pushed from right to left, and the called function cleans the stack up. ECX = "this" aka class pointer.
__stdcall -> Arguments are pushed from right to left, and the called function cleans the stack up.

^ Thanks Phail.

=====
I'm done. Took me an hour or so to write this.
Enjoy what you i gave, please correct me if I am wrong. (I like critisizm, but keep it to a minimum please.)

Re: Basic tut on using C++ for GunZ

Very Nice Tutorial, Thanks ;D

Re: Basic tut on using C++ for GunZ

nice tutorial, i sadly got 3 errors, undefined identifier "ZChatOutput" is one of them
ZChatType ZChat = (ZChatType)0042A230;
they count the 2 as an illegal token O-o
MessageBox(NULL, L"Injected", L"HI", MB_OK);
apparently doesnt match something outside of the code O-o
i tried 2 different compilers, same errors, is it because im saving it as a .cpp?

Re: Basic tut on using C++ for GunZ

Thanks for that Monckey, you need to make it an offset. Just by adding
"0x" infront of the address.

I used Microsoft Visual C++ 2008. It will NOT compile on other compilers unless you change the ASM syntax.

I also used an "L" (wide char) due to the size of the message.
You don't need the messagebox, try

Code:

Beep(750, 750);

instead.

Re: Basic tut on using C++ for GunZ

Your definitions for calling conventions are incorrect my good sir.
The "__cdecl" - we can call, when the function is NOT apart in a class.
The "__thiscall" - we can call using ASM.
The "__stdcall" - used for calling functions that apart of graphics/winapi/directx/etc.

__cdecl -> Arguments are pushed from right to left, and the calling function cleans it up.
__thiscall -> Arguments are pushed from right to left, and the called function cleans the stack up. ECX = "this" aka class pointer.
__stdcall -> Arguments are pushed from right to left, and the called function cleans the stack up.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by Theoretical

Your definitions for calling conventions are incorrect my good sir.
The "__cdecl" - we can call, when the function is NOT apart in a class.
The "__thiscall" - we can call using ASM.
The "__stdcall" - used for calling functions that apart of graphics/winapi/directx/etc.

__cdecl -> Arguments are pushed from right to left, and the calling function cleans it up.
__thiscall -> Arguments are pushed from right to left, and the called function cleans the stack up. ECX = "this" aka class pointer.
__stdcall -> Arguments are pushed from right to left, and the called function cleans the stack up.

ECX/RCX is only "this" pointer with MSVS, when using thiscall.

And don't forget, x64-MSVS doesn't have any of these calling conventions.

Also, you forgot __fastcall.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by Theoretical

Your definitions for calling conventions are incorrect my good sir.
The "__cdecl" - we can call, when the function is NOT apart in a class.
The "__thiscall" - we can call using ASM.
The "__stdcall" - used for calling functions that apart of graphics/winapi/directx/etc.

__cdecl -> Arguments are pushed from right to left, and the calling function cleans it up.
__thiscall -> Arguments are pushed from right to left, and the called function cleans the stack up. ECX = "this" aka class pointer.
__stdcall -> Arguments are pushed from right to left, and the called function cleans the stack up.

Thanks for explaining this, I never knew what those meant.

For PenguinGuy's tutorial, I knew the rest from the start. :)

Re: Basic tut on using C++ for GunZ

Quote:

typedef: a keyword used to define another type. In this case, void.

Wrong - you're defining a function with a return value of void (None).

Code:

for(;;Sleep(20)) //To make it run forever! OR while(1) OR while(true) .... Sleep(20); //Without this, it'll hog CPU resources. It will cause it to lag extremely bad.

You're launching a call to Sleep with the same parameter twice; that's redundant.

Quote:

So attempting to use the "__cdecl" will not work, we will need to use "__asm" keyword to call this.

You don't have to use inline ASM; the ECX register can be modified using a statically linked .ASM file, the SetThreadContext function, VEH, etc etc.

Also, EAX did not have to modified.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by Guy

Wrong - you're defining a function with a return value of void (None).

I only know what I read from tutorials/documentations, snooping around the GunZ client/PDB dumps & hack source codes.

I do know void returns nothing, but I don't seem to understand what you mean.

Code:

typedef char* pntChar;

Am I correct?

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by PenguinGuy

I only know what I read from tutorials/documentations, snooping around the GunZ client/PDB dumps & hack source codes.

I do know void returns nothing, but I don't seem to understand what you mean.

Code:

typedef char* pntChar;

Am I correct?

The above is a type definition for a pointer, yes. However, what you saw before was a function pointer - function type pointers, when defined using typedef, can be given specific parameters.

Code:

typedef void(__cdecl *ZChatOutputType) (const char*, int, int, DWORD);

These are the parameters: (const char*, int, int, DWORD);

The function uses the __cdecl calling convention, and it's pointing to the function in memory. It returns nothing (void).

Re: Basic tut on using C++ for GunZ

Oh! I see what you were saying. Thanks!
And for the loop, is it preferred to do it this way?

Code:

while( true )

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by PenguinGuy

Oh! I see what you were saying. Thanks!
And for the loop, is it preferred to do it this way?

Code:

while( true )

Code:

while ( true )

is the same as

Code:

while ( 1 )

You can also use a boolean in a while statement.

Code:

while ( var )

Code:

var = true; // This will make the statement true, and run. var = false; // This will not make it run.

Re: Basic tut on using C++ for GunZ

I know they are the same.
But I think he suggested I should use

Code:

while( true )

instead.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by PenguinGuy

I know they are the same.
But I think he suggested I should use

Code:

while( true )

instead.

He was talking about the fact that you did (;;Sleep(20)) AND Sleep(20); in the same void. Usually you would use Sleep(20); if you were using while(1)

Re: Basic tut on using C++ for GunZ

for(;;Sleep(10))
{
}

Is more preferred because it uses less clock cycles.

Re: Basic tut on using C++ for GunZ

some one has a big ego "The God of Developing"

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by Brandon-Bmx

He was talking about the fact that you did (;;Sleep(20)) AND Sleep(20); in the same void. Usually you would use Sleep(20); if you were using while(1)

Lol, forgot that other sleep was in their.
Thanks.

@Gregon, I don't see any ego. He took his own time to point out somethings that are wrong or that can be improved, and I appreciate that. A lot.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by PenguinGuy

Oh! I see what you were saying. Thanks!
And for the loop, is it preferred to do it this way?

Code:

while( true )

Quote:

Originally Posted by Theoretical

for(;;Sleep(10))
{
}

Is more preferred because it uses less clock cycles.

Any optimizer would fix that - rather than shave off a clock cycle or two, increase readability, imo.

Re: Basic tut on using C++ for GunZ

nice you know C+++ i need you on my server add me on MSN : Restles.gur@hotmail.com cya.

Re: Basic tut on using C++ for GunZ

I HIT THANKS! and nice TUT

Re: Basic tut on using C++ for GunZ

Very nice tutorial. Can you also give a sample of if you typ "/hi" in chat.
That there will come another text "Hello".

I can maybe use that XD

Re: Basic tut on using C++ for GunZ

@00niels00
Ofcourse it can;)

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by 00niels00

Very nice tutorial. Can you also give a sample of if you typ "/hi" in chat.
That there will come another text "Hello".

I can maybe use that XD

Hook ZChat::Input or use 0x3A6 or 0x3A8 (I forget which offset) for chat input. Of course, return it as a char. E.X;

Code:

char* ChatInput( ) { return( char* ) ( ZGetGameInterface( ) + 0x3A6 /*Or 0x3A8*/ ); }

To clear your last input, I believe all you have to do is:

Code:

void Clear( ) { (* (char* ) ( ZGetGameInterface( ) + 0x3A6 /*Or 0x3A8*/ ) ) = '\n'; }

That's chat input, but I had problems having ZChatOutput display a message after input. Previously I used:

Code:

memcmp( ChatInput( ), "/hi", 3 ) == 0 ) { /*do stuffs */ }

Here's another method to receive and use an argument in a input.

Code:

if( memicmp( ChatInput( ), "/silentchat ", 11 ) == 0 ) { char playerName; char msg; sscanf( ChatInput( ), "/silentchat %s %s", &playerName, &msg ); ZPostWhisper( "From: Me", playername, msg ); ClearInput( ); }

(Code not tested)
Edit: Forgot the ClearInput :P: If you forget to add the "ClearInput", you will not be able to input another command.

Edit2: I plan on updating this tutorial tonight or tomorrow night on finding an using pointers, adding/removing functions in "theduel.exe", and creating custom commands in C++ and ASM.

Re: Basic tut on using C++ for GunZ

You might want to detour ZChat::Input instead.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by Linear88

You might want to detour ZChat::Input instead.

It's still pretty much the same out-come. Detouring ZChat::Input could be better.
Detouring is something I try to avoid. With little modification to ZChat::Input, you can complete your task without the use of the detours library. Or just use the above method.

Re: Basic tut on using C++ for GunZ

Hello. How change server port 7777 to 4545 and how change same port on client side? Thank you.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by gpadmin

Hello. How change server port 7777 to 4545 and how change same port on client side? Thank you.

Make a separate topic, don't post it here.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by PenguinGuy

Hook ZChat::Input or use 0x3A6 or 0x3A8 (I forget which offset) for chat input. Of course, return it as a char. E.X;

Code:

char* ChatInput( ) { return( char* ) ( ZGetGameInterface( ) + 0x3A6 /*Or 0x3A8*/ ); }

To clear your last input, I believe all you have to do is:

Code:

void Clear( ) { (* (char* ) ( ZGetGameInterface( ) + 0x3A6 /*Or 0x3A8*/ ) ) = '\n'; }

That's chat input, but I had problems having ZChatOutput display a message after input. Previously I used:

Code:

memcmp( ChatInput( ), "/hi", 3 ) == 0 ) { /*do stuffs */ }

Here's another method to receive and use an argument in a input.

Code:

if( memicmp( ChatInput( ), "/silentchat ", 11 ) == 0 ) { char playerName; char msg; sscanf( ChatInput( ), "/silentchat %s %s", &playerName, &msg ); ZPostWhisper( "From: Me", playername, msg ); ClearInput( ); }

(Code not tested)
Edit: Forgot the ClearInput :P: If you forget to add the "ClearInput", you will not be able to input another command.

Edit2: I plan on updating this tutorial tonight or tomorrow night on finding an using pointers, adding/removing functions in "theduel.exe", and creating custom commands in C++ and ASM.

Thanks for this. :laugh:

Ok this is the script:

Code:

#include <windows.h> typedef void(__cdecl *ZChatType) (const char*, int, int, DWORD); ZChatType ZChatOutput = (ZChatType)0x0042A230; void Chat2() { for(;;Sleep(20)) //Infinite Loop { char* ChatInput( ) { return( char* ) ( ZGetGameInterface( ) + 0x3A6 /*Or 0x3A8*/ ); } if( memcmp( ChatInput( ), "/hi", 3 ) == 0 ) { ZChatOutput("Hello!", 2, 0, 0xFFFFFF); Sleep(250); } } } extern "C" { __declspec(dllexport) BOOL __stdcall DllMain(HINSTANCE hInst,DWORD reason,LPVOID lpv) { DisableThreadLibraryCalls(hInst); if (reason == DLL_PROCESS_ATTACH) { MessageBox(NULL, L"I love Music!", L"Niels:", MB_OK); CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&Chat2, NULL, 0, NULL); //Remember our void? "MyThread" ?? } return true; } }

And I get this error:

Code:

1>c:\documents and settings\administrator\mijn documenten\visual studio 2008\projects\chat2\chat2\main.cpp(13) : error C2601: 'ChatInput' : local function definitions are illegal 1> c:\documents and settings\administrator\mijn documenten\visual studio 2008\projects\chat2\chat2\main.cpp(11): this line contains a '{' which has not yet been matched 1>c:\documents and settings\administrator\mijn documenten\visual studio 2008\projects\chat2\chat2\main.cpp(14) : error C3861: 'ZGetGameInterface': identifier not found 1>Build log was saved at "file://c:\Documents and Settings\Administrator\Mijn documenten\Visual Studio 2008\Projects\Chat2\Chat2\Debug\BuildLog.htm" 1>Chat2 - 2 error(s), 0 warning(s)

It´s probaly because of the ZGetGameInterface.
How to make it load the interface of in-game(Not lobby or room)

I posted it here because I think it get faster a respond to it.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by 00niels00

Thanks for this. :laugh:

Ok this is the script:

Code:

#include <windows.h> typedef void(__cdecl *ZChatType) (const char*, int, int, DWORD); ZChatType ZChatOutput = (ZChatType)0x0042A230; void Chat2() { for(;;Sleep(20)) //Infinite Loop { char* ChatInput( ) { return( char* ) ( ZGetGameInterface( ) + 0x3A6 /*Or 0x3A8*/ ); } if( memcmp( ChatInput( ), "/hi", 3 ) == 0 ) { ZChatOutput("Hello!", 2, 0, 0xFFFFFF); Sleep(250); } } } extern "C" { __declspec(dllexport) BOOL __stdcall DllMain(HINSTANCE hInst,DWORD reason,LPVOID lpv) { DisableThreadLibraryCalls(hInst); if (reason == DLL_PROCESS_ATTACH) { MessageBox(NULL, L"I love Music!", L"Niels:", MB_OK); CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&Chat2, NULL, 0, NULL); //Remember our void? "MyThread" ?? } return true; } }

And I get this error:

Code:

1>c:\documents and settings\administrator\mijn documenten\visual studio 2008\projects\chat2\chat2\main.cpp(13) : error C2601: 'ChatInput' : local function definitions are illegal 1> c:\documents and settings\administrator\mijn documenten\visual studio 2008\projects\chat2\chat2\main.cpp(11): this line contains a '{' which has not yet been matched 1>c:\documents and settings\administrator\mijn documenten\visual studio 2008\projects\chat2\chat2\main.cpp(14) : error C3861: 'ZGetGameInterface': identifier not found 1>Build log was saved at "file://c:\Documents and Settings\Administrator\Mijn documenten\Visual Studio 2008\Projects\Chat2\Chat2\Debug\BuildLog.htm" 1>Chat2 - 2 error(s), 0 warning(s)

It´s probaly because of the ZGetGameInterface.
How to make it load the interface of in-game(Not lobby or room)

I posted it here because I think it get faster a respond to it.

Check line 11.

Also your code needs indentation for readability.

And, you need to define the address of ZGetGameInterface.

I corrected the indentation for you:

Spoiler:

Code:

#include <windows.h> typedef void(__cdecl *ZChatType) (const char*, int, int, DWORD); ZChatType ZChatOutput = (ZChatType)0x0042A230; void Chat2() { for(;;Sleep(20)) //Infinite Loop { char* ChatInput( ) { return( char* ) ( ZGetGameInterface( ) + 0x3A6 /*Or 0x3A8*/ ); } if( memcmp( ChatInput( ), "/hi", 3 ) == 0 ) { ZChatOutput("Hello!", 2, 0, 0xFFFFFF); Sleep(250); } } } extern "C" { __declspec(dllexport) BOOL __stdcall DllMain(HINSTANCE hInst,DWORD reason,LPVOID lpv) { DisableThreadLibraryCalls(hInst); if (reason == DLL_PROCESS_ATTACH) { MessageBox(NULL, L"I love Music!", L"Niels:", MB_OK); CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&Chat2, NULL, 0, NULL); //Remember our void? "MyThread" ?? } return true; } }

Re: Basic tut on using C++ for GunZ

Code:

#include <windows.h> #include "ZFuncs.h" char* ChatInput( ) { return( char* ) ( ZGetGameInterface( ) + 0x3A6 /*Or 0x3A8*/ ); } void MyThread() { for(;;Sleep(20)) { if( memcmp( ChatInput( ), "/dood", 4 ) == 0 ) { ZCharacter::SetHP(0); ZCharacter::SetAP(0); Sleep(250); } } } extern "C" { __declspec(dllexport) BOOL __stdcall DllMain(HINSTANCE hInst,DWORD reason,LPVOID lpv) { DisableThreadLibraryCalls(hInst); if (reason == DLL_PROCESS_ATTACH) { MessageBox(NULL, L"Injected", L"HI", MB_OK); CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&MyThread, NULL, 0, NULL); //Remember our void? "MyThread" ?? } return true; } }

Ok thats the code I've now. I compiled it and injected it. But gunz just crashes how do I fix that.

I use the Zfuncs from heroin.dll.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by 00niels00

Code:

#include <windows.h> #include "ZFuncs.h" char* ChatInput( ) { return( char* ) ( ZGetGameInterface( ) + 0x3A6 /*Or 0x3A8*/ ); } void MyThread() { for(;;Sleep(20)) { if( memcmp( ChatInput( ), "/dood", 4 ) == 0 ) { ZCharacter::SetHP( 0 ); ZCharacter::SetAP( 0 ); } } } extern "C" { __declspec(dllexport) BOOL __stdcall DllMain(HINSTANCE hInst,DWORD reason,LPVOID lpv) { DisableThreadLibraryCalls(hInst); if (reason == DLL_PROCESS_ATTACH) { MessageBox(NULL, L"Injected", L"HI", MB_OK); CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)&MyThread, NULL, 0, NULL); //Remember our void? "MyThread" ?? } return true; } }

Ok thats the code I've now. I compiled it and injected it. But gunz just crashes how do I fix that.

I use the Zfuncs from heroin.dll.

Code:

#include <windows.h> #include "ZFuncs.h" char* ChatInput( ) { return( char* ) ( ZGetGameInterface( ) + 0x3A8 ); } void Clear( ) { (* (char* ) ( ZGetGameInterface( ) + 0x3A8 ) ) = '\n'; } void MyThread( ) { for( ;;Sleep( 20 ) ) { if( memcmp( ChatInput( ), "/dood", 4 ) == 0 ) { ZCharacter::SetHP(0); ZCharacter::SetAP(0); Clear( ); //You have to clear you're last input, or you can't input another command. } } } extern "C" { __declspec( dllexport ) BOOL __stdcall DllMain( HINSTANCE hInst, DWORD dwReason, LPVOID lpv ) { DisableThreadLibraryCalls( hInst ); if ( dwReason == DLL_PROCESS_ATTACH ) { Beep( 500, 500 ); CreateThread( NULL, 0, ( LPTHREAD_START_ROUTINE )&MyThread, NULL, 0, NULL ); } return true; } }

Try that.

Re: Basic tut on using C++ for GunZ

Thnx for the tut.

Re: Basic tut on using C++ for GunZ

Ok it still chrashes. Probaly because it tries to execute. And can't find it.

So I tought like this:

PHP Code:

#include <windows.h> #include "ZFuncs.h" char* ChatInput( ) { return( char* ) ( ZGetGameInterface( ) + 0x3A8 ); } void Clear( ) { (* (char* ) ( ZGetGameInterface( ) + 0x3A8 ) ) = '\n'; } void MyThread( ) { for( ;;Sleep( 20 ) ) { if (ZGetGameInterface!=0x0) { if( memcmp( ChatInput( ), "/dood", 4 ) == 0 ) { ZCharacter::SetHP(0); ZCharacter::SetAP(0); Clear( ); //You have to clear you're last input, or you can't input another command. } } } } extern "C" { __declspec( dllexport ) BOOL __stdcall DllMain( HINSTANCE hInst, DWORD dwReason, LPVOID lpv ) { DisableThreadLibraryCalls( hInst ); if ( dwReason == DLL_PROCESS_ATTACH ) { Beep( 500, 500 ); CreateThread( NULL, 0, ( LPTHREAD_START_ROUTINE )&MyThread, NULL, 0, NULL ); } return true; } }

But it still doesn't work.

Maybe is the handling of the ZGetGameInterface wrong

PHP Code:

DWORD ZGetGameInterface() { DWORD ReturnVal; if (ZGetGameInterfaceAddress!=0x0) { __asm { MOV EAX, ZGetGameInterfaceAddress CALL EAX MOV ReturnVal, EAX } }else{ return 0x0; } return ReturnVal; }

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by 00niels00

Ok it still chrashes. Probaly because it tries to execute. And can't find it.

So I tought like this:

PHP Code:

#include <windows.h> #include "ZFuncs.h" char* ChatInput( ) { return( char* ) ( ZGetGameInterface( ) + 0x3A8 ); } void Clear( ) { (* (char* ) ( ZGetGameInterface( ) + 0x3A8 ) ) = '\n'; } void MyThread( ) { for( ;;Sleep( 20 ) ) { if (ZGetGameInterface!=0x0) { if( memcmp( ChatInput( ), "/dood", 4 ) == 0 ) { ZCharacter::SetHP(0); ZCharacter::SetAP(0); Clear( ); //You have to clear you're last input, or you can't input another command. } } } } extern "C" { __declspec( dllexport ) BOOL __stdcall DllMain( HINSTANCE hInst, DWORD dwReason, LPVOID lpv ) { DisableThreadLibraryCalls( hInst ); if ( dwReason == DLL_PROCESS_ATTACH ) { Beep( 500, 500 ); CreateThread( NULL, 0, ( LPTHREAD_START_ROUTINE )&MyThread, NULL, 0, NULL ); } return true; } }

But it still doesn't work.

Maybe is the handling of the ZGetGameInterface wrong

PHP Code:

DWORD ZGetGameInterface() { DWORD ReturnVal; if (ZGetGameInterfaceAddress!=0x0) { __asm { MOV EAX, ZGetGameInterfaceAddress CALL EAX MOV ReturnVal, EAX } }else{ return 0x0; } return ReturnVal; }

That is the structure for pChar(), if I am correct.

I have provided the definition for ZGetGameInterface().

Code:

typedef DWORD(__cdecl *ZGetGameInterfaceType)(); ZGetGameInterfaceType ZGetGameInterface = (ZGetGameInterfaceType)0x004ABCF0;

Enjoy.

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by Linear88

That is the structure for pChar(), if I am correct.

I have provided the definition for ZGetGameInterface().

Code:

typedef DWORD(__cdecl *ZGetGameInterfaceType)(); ZGetGameInterfaceType ZGetGameInterface = (ZGetGameInterfaceType)0x004ABCF0;

Enjoy.

No, that is ZGetGameInterface. Snail's did it straight through inline ASM. Probably the sig. searcher isn't finding the address for ZGetGameInteface.

Re: Basic tut on using C++ for GunZ

Microssoft visual c++ is the same of Hex Work Shop?

Re: Basic tut on using C++ for GunZ

Trying to translate Zchatoutput to Delphi :
C++:

Code:

typedef void(__cdecl *ZChatOutputType) (const char*, int, int, DWORD); ZChatOutputType ZChatOutput = (ZChatOutputType)0x0042BAE0; //FAKE Address *points to jjang*

my Delphi attempt:

Code:

const ADDRESS = $0042BAE0; // some fakeaddress type TZChatoutput = procedure (char : Pchar; int1 : integer; int2 :integer; MyWord:Dword); var GunZChat:TZChatoutput = TZChatOutput(ADDRESS); begin GunZChat('bounty-hunta :O',2,1,$FFFFFF); end;

going to need the real zchatoutput to test this ..

Re: Basic tut on using C++ for GunZ

Quote:

Originally Posted by marcoslvl

Microssoft visual c++ is the same of Hex Work Shop?

You wish. (Also, don't bump topic older than 3 weeks, I've noticed that happening: You might get infracted.)

@bounty-hunter: 0042A230

Re: Basic tut on using C++ for GunZ

Thanks linear, hope my code works xD