1. Download file
2. Extract anywhere
3. Set the offset in the first line of “config.ini”. List of offsets can be found here (new offset every patch)
4. Start dota 2
5. Run Hack.exe
6. Enter camera distance (default: 1134)
7. Scroll up and down in game so camera can adjust
Source:
//Made from SimpleWc3Hack for Warcraft 3 Patch 1.23...
#include <windows.h>
#include <Tlhelp32.h>
#include <iostream>
#include <fstream>
#include <sstream>
using namespace std;
DWORD GetPIDForProcess (char* process);
void EnableDebugPriv();
DWORD GetDLLBase(char* DllName, DWORD tPid);
void Repeat();
void Hack(LPVOID address);
LPVOID GetData();
#define PATCH(i,w,l) WriteProcessMemory(hProc,reinterpret_cast<LPVOID>(gameBase+i),w,l,&dSize)
#define NPATCH(i,w,l) WriteProcessMemory(hProc,reinterpret_cast<LPVOID>(i),w,l,&dSize)
int main()
{
cout << "Dota 2 CameraHack by AppleWilliam" << endl << endl;
Hack(GetData());
system("Pause");
return 0;
}
LPVOID GetData()
{
string textLine;
LPVOID data;
ifstream ifs("config.ini", ifstream::in);
if (ifs.good())
{
getline(ifs, textLine);
ifs.close();
istringstream ( textLine ) >> data;
}
return data;
}
void Hack(LPVOID address)
{
char* program = "dota.exe";
int distance;
cout << "Searching for Dota 2..." << endl;
if(GetPIDForProcess(program) == 0)
{
cout << "Dota 2 was not found" << endl;
system("Pause");
exit(0);
}
else
{
EnableDebugPriv();
cout << "Opening Dota 2 Process..." << endl;
HANDLE hProc = OpenProcess(PROCESS_ALL_ACCESS, false, GetPIDForProcess(program));
if(hProc)
{
cout << "Process opened...\nWhat distance?:" << endl;
cin>>distance;
cout<<"Patching...";
DWORD gameBase = GetDLLBase("client.dll",GetPIDForProcess(program));
DWORD dSize = 0;
PATCH(address,&distance,sizeof(distance)); //Patch 6F3A1E9B to nop nop :-)
if(dSize == 0)
{
cout << "FAILED" << endl;
}
else
{
cout << "SUCCESS!\a" << endl;
}
}
else
{
cout << "Dota 2 could not be opened..." << endl;
cout << "FAILED" << endl;
exit(0);
}
}
}
void Repeat()
{
cout<<"Enter 'y' to enter new value || Enter any character to quit\n:";
char x;
cin>>x;
cout<<endl;
if(x=='y')
{
Hack(GetData());
}
exit(0);
}
//Queries the ProcessId of a certain process
DWORD GetPIDForProcess (char* process)
{
BOOL working=0;
PROCESSENTRY32 lppe= {0};
DWORD targetPid=0;
HANDLE hSnapshot=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS ,0);
if (hSnapshot)
{
lppe.dwSize=sizeof(lppe);
working=Process32First(hSnapshot,&lppe);
while (working)
{
if(_stricmp(lppe.szExeFile,process)==0)
{
targetPid=lppe.th32ProcessID;
break;
}
working=Process32Next(hSnapshot,&lppe);
}
}
CloseHandle( hSnapshot );
return targetPid;
}
//Enables to open other processes
void EnableDebugPriv()
{
HANDLE hToken;
LUID sedebugnameValue;
TOKEN_PRIVILEGES tkp;
if ( ! OpenProcessToken( GetCurrentProcess(),
TOKEN_ADJUST_PRIVILEGES | TOKEN_QUERY, &hToken ) )
return;
if ( ! LookupPrivilegeValue( NULL, SE_DEBUG_NAME, &sedebugnameValue ) )
{
CloseHandle( hToken );
return;
}
tkp.PrivilegeCount = 1;
tkp.Privileges[0].Luid = sedebugnameValue;
tkp.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED;
if ( ! AdjustTokenPrivileges( hToken, FALSE, &tkp, sizeof tkp, NULL, NULL ) )
CloseHandle( hToken );
}
//Gets the base of our dll
DWORD GetDLLBase(char* DllName, DWORD tPid)
{
HANDLE snapMod;
MODULEENTRY32 me32;
if (tPid == 0) return 0;
snapMod = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, tPid);
me32.dwSize = sizeof(MODULEENTRY32);
if (Module32First(snapMod, &me32))
{
do
{
if (strcmp(DllName,me32.szModule) == 0)
{
CloseHandle(snapMod);
return (DWORD) me32.modBaseAddr;
}
}
while(Module32Next(snapMod,&me32));
}
CloseHandle(snapMod);
return 0;
}
No comments :
Post a Comment