In this tutorial we will write wallhack for Assault Cube on C++20. The first thing to realize is whether it is necessary at all. I can answer, this is for informational and research purposes only!
Important note: This game is FOSS (https://github.com/assaultcube/AC) and we can just download it from GitHub and compile. For this reason, this article is dedicated to this game.
Entire my code figured in this tutorial will be upload to my GitHub public repository.
Let’s get party!
First of all, we need to understand what language the game engine is written in, this is very important for understanding what to do next. The second important detail is which engine does the game use. And the third very important point is to understand which rendering framework is used by the game (for example: DirectX, OpenGL, Vulcan, etc).
In our case, game engine was written on C/C++ and uses OpenGL rendering framework. Game engine called CUBEengine. This is primitive game engine, but looks very authentic. Despite the seemingly outdated graphics, this engine is very well optimized and will run on any machine even with “dial-up” internet connection on-board.
In this tutorial i will use Visual Studio 2022 Community Edition with CMake build system. I used CMake with Visual Studio 2022, and want share my thoughts about this experience in another thread later.
Well, let’s start writing the code. First of all, open Visual Studio 2022 and create a blank CMake Project. We will write in C++ of the 20th standard. Why this particular standard? I want to use a modular architecture for the hierarchical distribution of program components, thereby increasing my understanding of this innovation of the 20th standard.
Blank CMake Project looks like on screenshot above. If we run this code, we got in the output “Hello CMake.” This just stub for our next coding movements. Compile and run your project for check if we moving to the right direction.
Okay, project builds and runs successfully.
Next thing that we need to do, it is a process lookup by process ID. In this tutorial, we writing an external trainer and we hosted in the another process container that dont linked with our target game process.
Create new directory inside your project root directory with name “modules”. In this directory, we will store our external modules.
We need create module file inside our modules folder.
Note: If we are under Visual Studio, we dont need manually add path to our executable to CMakeLists.txt, this will do Visual Studio.
Module extension must be .ixx not a .cpp. This is needed to tell the compiler that this file is in the context of modules.
Contents in our module file:
If we do not specify “module;” at the beginning of the module file while including some non modular headers, we will receive the following warning from the compiler:
warning C5201: a module declaration can appear only at the start of a translation unit unless a global module fragment is usedOkay, we get function that can gather PID from process name. Next, we need attach to the process by it PID. We can do this with WinAPI function “OpenProcess”. This is common function from Win32 API that allows us get handle for target process with selected access.
I decide combine gathering and attaching routine into the one method. This method will search process by it’s name and attaching with needed access level. Module that do this I called “memory.ixx“.
As you can see, this module also contains some another methods for memory operations. We can see read and write snippets. This memory operators uses structures to read and write memory into the foreign process. Using templates in these methods give us more flexibility and code polymorphism that needed for some comfort while programming our main features.
Now, include “Windows.h” into “asscube_external_cmake.h” and obtain handle to our target process “ac_client.exe”.
At this stage, the first part of the tutorial is coming to end. In the next part, we will start reverse engineering our game for retrieve important game engine structures for future using in our ESP.