#include <windows> #include <iostream> #include <TlHelp32.h> using namespace std; int GetProcessIdByName ( string ProcessName ); float GetCurrentSpeed( HANDLE h ); void IncreaseSpeed(HANDLE h,float speed); void GetDebugPrivilege(); int main(int argc, char*argv[]) { GetDebugPrivilege(); int pid = GetProcessIdByName("WoW.exe"); if ( pid == -1 ) { cout<<"You havent start WOW\n"; } HANDLE h = OpenProcess(PROCESS_ALL_ACCESS,0,pid); if ( h == 0) { cout<<"OpenProcess error: " << GetLastError() << "\n"; system("PAUSE"); return 0; } /*/ Speehack: "WoW.exe"+0084E4BC +0x24 +0x78c +0x27c Normal running speed = 7.0 Walk speed = 2.5 while(1) { for(int i=0;i<256;i++) { if(GetAsyncKeyState(i)==-32767) { cout<<i<<"\n"; } } } /*/ SetConsoleTitle("Bass World of Warcraft Speedhack :-)"); cout<<"+ = Increase speed\n"; cout<<"- = Decrease speed\n"; cout<<"DEL key = Restore normal run speed\n"; float speed = 7.0; // normal run speed while(1) { if(GetAsyncKeyState(107)==-32767) // 107 = + { speed = GetCurrentSpeed(h); speed = speed + 1; IncreaseSpeed(h,speed); } if(GetAsyncKeyState(109)==-32767) // 109 = - { speed = GetCurrentSpeed(h); speed = speed - 1; IncreaseSpeed(h,speed); } // This sets the character back on normal run speed if(GetAsyncKeyState(46)==-32767) // 109 = - { speed = GetCurrentSpeed(h); speed = 7; IncreaseSpeed(h,speed); } IncreaseSpeed(h,speed); } } //--------------------------------------------------------------------------- void GetDebugPrivilege() { TOKEN_PRIVILEGES priv; HANDLE hThis, hToken; LUID luid; hThis = GetCurrentProcess(); OpenProcessToken(hThis, TOKEN_ADJUST_PRIVILEGES, &hToken); LookupPrivilegeValue(0, "seDebugPrivilege", &luid); priv.PrivilegeCount = 1; priv.Privileges[0].Luid = luid; priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, false, &priv, 0, 0, 0); CloseHandle(hToken); CloseHandle(hThis); } float GetCurrentSpeed( HANDLE h ) { unsigned addr = 0x00400000+0x0084E4BC; // 0x00400000 = WoW.exe (base) unsigned NextAddr=0; bool r = ReadProcessMemory(h,reinterpret_cast<void*>(addr),&NextAddr, sizeof(unsigned) ,0); addr = NextAddr + 0x24; ReadProcessMemory(h,reinterpret_cast<void*>(addr),&NextAddr, sizeof(unsigned) ,0); //cout<<hex<<"0x24: "<< NextAddr<<"\n"; addr = NextAddr + 0x78c; ReadProcessMemory(h,reinterpret_cast<void*>(addr),&NextAddr, sizeof(unsigned) ,0); //cout<<hex<<"0x78c: "<< NextAddr<<"\n"; float CurrentSpeed=0.0; addr = NextAddr + 0x27c; ReadProcessMemory(h,reinterpret_cast<void*>(addr),&CurrentSpeed, sizeof(float) ,0); return CurrentSpeed; } void IncreaseSpeed(HANDLE h, float speed) { unsigned addr = 0x00400000+0x0084E4BC; // 0x00400000 = WoW.exe (base) unsigned NextAddr=0; ReadProcessMemory(h,reinterpret_cast<void*>(addr),&NextAddr, sizeof(unsigned) ,0); addr = NextAddr + 0x24; ReadProcessMemory(h,reinterpret_cast<void*>(addr),&NextAddr, sizeof(unsigned) ,0); //cout<<hex<<"0x24: "<< NextAddr<<"\n"; addr = NextAddr + 0x78c; ReadProcessMemory(h,reinterpret_cast<void*>(addr),&NextAddr, sizeof(unsigned) ,0); //cout<<hex<<"0x78c: "<< NextAddr<<"\n"; addr = NextAddr + 0x27c; WriteProcessMemory(h,reinterpret_cast<void*>(addr),&speed,sizeof(float), 0); } int GetProcessIdByName ( string ProcessName ) { HANDLE h = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS,0); PROCESSENTRY32 lppe; lppe.dwSize = sizeof(PROCESSENTRY32); Process32First( h, &lppe ); do { if ( strcmp(lppe.szExeFile,"WoW.exe") == false ) { return lppe.th32ProcessID; } } while ( Process32Next (h, &lppe) == true ); return -1; }