Writing your own C++ Trainer

Subject: Writing your own C++ Trainer Thu Dec 20, 2012 10:22 am

Here is a tutorial teaching your the very basics of making a trainer, namely how to find a process and write shit into it at the correct address. what it doesn't cover is making a GUI-based (graphic user interface) trainer with hotkey hooks that work when the program is in the background.

you need a C++ compiler, like MS Visual C++ or whatever, to compile the attached source code. copy it and save as OMFG_thanks_dude_for_this_tut.cpp or something.

Code:: /* --------- TUTORIAL: Making your first Trainer -------- */

#include <windows.h>
#include <conio.h>
#include <dos.h>
#include <tlhelp32.h>
#include <stdio.h>

int stamina; // will store the stamina value

bool dostamina = false;    // determines if user activated stamina freezing

LPVOID stamina_addr = (void*) 0x007F1110;    // memory address of the stamina value in the WarRock process

void screen() // output
{
system("cls"); // clear the screen
printf("Hello World! This is my first WarRock trainer! \n\n");

if(dostamina) printf("[1] - freeze stamina [ENABLED]\n"); // if user enabled stamina freeze, let him know!
else printf("[1] - freeze stamina [disabled]\n");       // same if it's disabled
}

int main(int argc, char* argv[])
{
HANDLE hProcessSnap; // will store a snapshot of all processes
HANDLE hProcess = NULL; // we will use this one for the WarRock process
PROCESSENTRY32 pe32; // stores basic info of a process, using this one to read the ProcessID from

hProcessSnap = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ); // make process snapshot

pe32.dwSize = sizeof( PROCESSENTRY32 );    // correct size

Process32First(hProcessSnap, &pe32); // read info about the first process into pe32

do // loop to find the WarRock process
{
   if(strcmp(pe32.szExeFile, "WarRock.exe") == 0) // if WarRock was found
   {
      hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, pe32.th32ProcessID); // open it, assigning to the hProcess handle
      break; // break the loop
   }
}
while(Process32Next(hProcessSnap, &pe32)); // loop continued until Process32Next deliver NULL or its interrupted with the "break" above

CloseHandle( hProcessSnap ); // close the handle (just fuckin do it)

if(hProcess == NULL) // self explanatory tbh
{
   printf("WarRock not found\n\n");
   getch(); // wait for a key press. otherwise the app will just close so fast when the process is not found, you wont know wtf happened.
}
else
{
   screen(); // print the display

   char key = ' '; // make a key variable to store pressed keys

   while(key != VK_ESCAPE) // loop until user presses Escape
   {

      if(kbhit())    // if a key was pressed
      {
         key = getch(); // it is saved into "key"

         switch(key)    // here the commands are handled depending on the key that was pressed
         {          // case '1': ... break; case '2': ... break; and so on
         case '1':
            dostamina = !dostamina;    // flip the dostamina value true<->false to enable/disable it
            ReadProcessMemory(hProcess, stamina_addr, &stamina, 4, NULL); // read the stamina value from the memory into the "stamina" variable
            break;
         }

         screen(); // print the display after each key press

      }

      if(dostamina) // if stamina freeze is activated
         WriteProcessMemory(hProcess, stamina_addr, &stamina, 4, NULL); // write the stamina value that was saved before with the key press into memory
   }

   CloseHandle(hProcess); // close the handle

}

return 0; // THE END
}