APP Release python gta mini hack

belle_delphine.py

belle_delphine.py

Active member
Joined
Jul 28, 2019
Messages
46
Reaction score
11
Location
Sibiu
Python: 
import ctypes, struct, time, wmi



class Pyrate:

    def __init__(self):
        self.pHandle = None
        self.pid = None


    def Attach(self):
        c = wmi.WMI ()

        for process in c.Win32_Process ():
            if process.Name == 'gta_sa.exe':
                prcID = process.ProcessId
        self.pHandle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, prcID)
        print(prcID)

   

    def GetSize(self, Type):
        if Type == "i":  # Int32
            return 4
        elif Type == "f":  # float
            return 4
        elif Type == "?":  # bool
            return 1
        elif Type == "c":  # char
            return 1
        elif Type == "d":  # double
            return 8
        elif Type == "q":  # long long
            return 8


    def ReadMemNum(self, adress, type):
        buffer = (ctypes.c_byte * self.GetSize(type))()
        bytesRead = ctypes.c_ulonglong(0)
        if ctypes.windll.kernel32.ReadProcessMemory(self.pHandle, adress, buffer, len(buffer), ctypes.byref(bytesRead)):
            return struct.unpack(type, buffer)[0]
        else:
            return -1


    def WriteMem(self, adress, Val, type):
        buffer = (ctypes.c_byte * self.GetSize(type))(*struct.pack(type, Val))
        bytesRead = ctypes.c_ulonglong(0)
        if ctypes.windll.kernel32.WriteProcessMemory(self.pHandle, adress, buffer, len(buffer), ctypes.byref(bytesRead)):
            return True
        else:
            return False

    def WriteByte(self, adress, Bytes):
        for i in range(0, len(Bytes)):
            buffer = (ctypes.c_byte * 1)(*[Bytes[i]])
            bytesRead = ctypes.c_ulonglong(0)
            ctypes.windll.kernel32.WriteProcessMemory(self.pHandle, adress + i, buffer, 1, ctypes.byref(bytesRead))



    def GetLastError(self):
        return ("err code: " + str(ctypes.windll.kernel32.GetLastError()))


    def Detach(self):
        ctypes.windll.kernel32.CloseHandle(self.pHandle)


class Address:
    infiniteRun = 0xB7CEE4
    thermalVision = 0xC402B9



class Cheats:
    def __init__(self):
        pass #fn



    def infiniteRun(self):
        if franz.ReadMemNum(Address.infiniteRun, "?") == True: #b
            franz.WriteMem(Address.infiniteRun, False, "?")
        else:
            franz.WriteMem(Address.infiniteRun, True, "?")



    def thermalVision(self):
       
        if franz.ReadMemNum(Address.thermalVision, "i") == 1:
            franz.WriteMem(Address.thermalVision, 0, "i")
        else:
            franz.WriteMem(Address.thermalVision, 1, "i")

   

   





franz = Pyrate()
cheat = Cheats()
franz.Attach()

#break and detach if "del" pressed
while True:
   
    if ctypes.windll.user32.GetKeyState(0x2E) & 0x8000:
        franz.Detach()
        print("detached!")
        break
    time.sleep(0.4)

just a infiniterun and thermalvision cheat in samp using ctypes, im still a beginner so plz no hate
Method Credits: a guy named zniv from another hacking forum

ps: maybe ill do it fancier sometime
 
Last edited:
K

Kelsi235

Active member
Joined
Jun 2, 2019
Messages
53
Reaction score
4
mazahaka said:
Write how to use this, the sense of the code
Click to expand...
scroll through the code and look for WriteMem / WriteByte ReadMem / ReadByte

dont suggest externals tho, internals are simpler and easier to code (.dll to inject <-- internal, mem reading / mem writing with openhandle <---- external)
 
K

Kelsi235

Active member
Joined
Jun 2, 2019
Messages
53
Reaction score
4
also this won't work with every version, I believe offsets r different on r1 r2 r3 dl, i may be wrong
 
belle_delphine.py

belle_delphine.py

Active member
Joined
Jul 28, 2019
Messages
46
Reaction score
11
Location
Sibiu
Kelsi235 said:
also this won't work with every version, I believe offsets r different on r1 r2 r3 dl, i may be wrong
Click to expand...
you can change them anyway, this is just smth kinda a snippet, u can add more funcs etc, but its not something complex, Im still a noob at this things

I tested it on r1 only, externals are crap, hf xd
 
monday

monday

Expert
Joined
Jun 23, 2014
Messages
1,125
Reaction score
149
But it looks like it only changes:
infiniteRun = 0xB7CEE4
thermalVision = 0xC402B9

both being part of gta.exe, so probably samp has nothing to do with it
 
Valiuks

Valiuks

Active member
Joined
Sep 9, 2018
Messages
25
Reaction score
4
tyvm for ur code i started a project and you saved a lot of time. im not an expert, but i think here its a bit improved version. u can read player x y z coordinates

Code: 
import ctypes
import struct
import wmi
import sys
import win32api as wapi
import win32process as wproc
import win32con as wcon


class Memory:

    def __init__(self, name="gta_sa.exe"):
        self.pHandle = None
        self.prcID = None
        self.BaseAddr = None
        self.name = name

    def Attach(self):
        c = wmi.WMI ()

        for process in c.Win32_Process ():
            if process.Name == self.name:
                self.prcID = process.ProcessId
                self.pHandle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, self.prcID)
                print(self.prcID)
                print(f"PID {self.prcID} was found")
                self.getBaseAddr()
                return True
        print(f"Proccess {self.name} was not found")
        return False

    def getBaseAddr(self):
        process_handle = wapi.OpenProcess(wcon.PROCESS_ALL_ACCESS, False, self.prcID)
        module_handles = wproc.EnumProcessModules(process_handle)
        module_handles_count = len(module_handles)
        module_index = 0 
        if module_index > module_handles_count:
            module_index = 0
        module_handle = module_handles[module_index]
        self.BaseAddr = int(module_handle)
        print(f"Base address of {self.name} is {self.BaseAddr}")
        process_handle.close()    
        return self.BaseAddr

    def GetSize(self, Type):
        if Type == "i":  # Int32
            return 4
        elif Type == "f":  # float
            return 4
        elif Type == "?":  # bool
            return 1
        elif Type == "c":  # char
            return 1
        elif Type == "d":  # double
            return 8
        elif Type == "q":  # long long
            return 8

    def ReadMemNum(self, adress, type):
        buffer = (ctypes.c_byte * self.GetSize(type))()
        bytesRead = ctypes.c_ulonglong(0)
        if ctypes.windll.kernel32.ReadProcessMemory(self.pHandle, adress, buffer, len(buffer), ctypes.byref(bytesRead)):
            return struct.unpack(type, buffer)[0]
        else:
            return -1

    def WriteMem(self, adress, Val, type):
        buffer = (ctypes.c_byte * self.GetSize(type))(*struct.pack(type, Val))
        bytesRead = ctypes.c_ulonglong(0)
        if ctypes.windll.kernel32.WriteProcessMemory(self.pHandle, adress, buffer, len(buffer), ctypes.byref(bytesRead)):
            return True
        else:
            return False

    def WriteByte(self, adress, Bytes):
        for i in range(0, len(Bytes)):
            buffer = (ctypes.c_byte * 1)(*[Bytes[i]])
            bytesRead = ctypes.c_ulonglong(0)
            ctypes.windll.kernel32.WriteProcessMemory(self.pHandle, adress + i, buffer, 1, ctypes.byref(bytesRead))

    def GetLastError(self):
        return ("err code: " + str(ctypes.windll.kernel32.GetLastError()))

    def Detach(self):
        ctypes.windll.kernel32.CloseHandle(self.pHandle)



    def PlayerX(self, pointer=0x76F2E4):
        return self.BaseAddr + pointer

    def PlayerY(self, pointer=0x4D73C4):
        return self.BaseAddr + pointer

    def PlayerZ(self, pointer=0x4D73C8):
        return self.BaseAddr + pointer



m = Memory()
m.Attach()

while True:
    x = round(m.ReadMemNum(m.PlayerX(), "f"),2)
    y = round(m.ReadMemNum(m.PlayerY(), "f"),2)
    z = round(m.ReadMemNum(m.PlayerZ(), "f"),2)
    print(x) or whatever u want
    sleep(0.4)
the only thing im confused with memory reading. cheat engine tells u gta_sa + some offset but how about samp.dll? what if u want to read that samp.dll how u suppose to know base address? @monday
 
monday

monday

Expert
Joined
Jun 23, 2014
Messages
1,125
Reaction score
149
You can take a look at example 4 of this:
https://www.programcreek.com/python/example/6380/win32api.OpenProcess

Python: 
def GetProcessIdByName(procname):
        """
        Try and get pid for a process by name.
        """

        ourPid = -1
        procname = procname.lower()

        try:
            ourPid = win32api.GetCurrentProcessId()

        except:
            pass

        pids = win32process.EnumProcesses()
        for pid in pids:
            if ourPid == pid:
                continue

            try:
                hPid = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ, 0, pid)

                try:
                    mids = win32process.EnumProcessModules(hPid)
                    for mid in mids:
                        name = str(win32process.GetModuleFileNameEx(hPid, mid))
                        if name.lower().find(procname) != -1:
                            return pid

                finally:
                    win32api.CloseHandle(hPid)
            except:
                pass

        return None
 
Valiuks

Valiuks

Active member
Joined
Sep 9, 2018
Messages
25
Reaction score
4
monday said:
You can take a look at example 4 of this:
https://www.programcreek.com/python/example/6380/win32api.OpenProcess

Python: 
def GetProcessIdByName(procname):
        """
        Try and get pid for a process by name.
        """

        ourPid = -1
        procname = procname.lower()

        try:
            ourPid = win32api.GetCurrentProcessId()

        except:
            pass

        pids = win32process.EnumProcesses()
        for pid in pids:
            if ourPid == pid:
                continue

            try:
                hPid = win32api.OpenProcess(win32con.PROCESS_QUERY_INFORMATION | win32con.PROCESS_VM_READ, 0, pid)

                try:
                    mids = win32process.EnumProcessModules(hPid)
                    for mid in mids:
                        name = str(win32process.GetModuleFileNameEx(hPid, mid))
                        if name.lower().find(procname) != -1:
                            return pid

                finally:
                    win32api.CloseHandle(hPid)
            except:
                pass

        return None
Click to expand...

sorry if you misunderstood, i need to have something like this http://ugbase.eu/index.php?threads/snippet-close-samp-dialog.20597/

Code: 
:CLOSE_DIALOG
{
    0.3.7 - R3
    0AB1: @CLOSE_DIALOG 1 Button 0 // 0 = Left , 1 = Right
}
IF 0AA2: 10@ = "samp.dll"
THEN
    0A8E: 11@ = 10@ + 0x26E898 // SAMP_DIALOG_INFO_OFFSET
    0A8D: 12@ = readMem 11@ sz 4 vp 0
    0A8E: 11@ = 10@ + 0x6FF40 //SAMP_DIALOG_CLOSE
    0AA8: call_function_method 11@ struct 12@ num_params 1 pop 0 0@ $NOT_USED
END
0AB2: 0

where in cleo you load the library. i figured it out, you need 32bit python and specify working directory as i had errors, i still cant seem to figure it out how to read memory from that loaded samp.dll

https://gyazo.com/1ff53f437e4d0c097c123be56f55e65c

Code: 
import ctypes
import os
os.chdir(r'D:\Torrent\Naujasgta\Naujasgta')
l = ctypes.cdll.LoadLibrary(r'D:\Torrent\Naujasgta\Naujasgta\samp.dll')
print(l)
#OUTPUT: <CDLL 'D:\Torrent\Naujasgta\Naujasgta\samp.dll', handle 10000000 at 0x12ce628>
 
5

54564564

New member
Joined
Jun 14, 2021
Messages
1
Reaction score
0
Location
8787
Valiuks said:
tyvm for ur code i started a project and you saved a lot of time. im not an expert, but i think here its a bit improved version. u can read player x y z coordinates

Code: 
import ctypes
import struct
import wmi
import sys
import win32api as wapi
import win32process as wproc
import win32con as wcon


class Memory:

    def __init__(self, name="gta_sa.exe"):
        self.pHandle = None
        self.prcID = None
        self.BaseAddr = None
        self.name = name

    def Attach(self):
        c = wmi.WMI ()

        for process in c.Win32_Process ():
            if process.Name == self.name:
                self.prcID = process.ProcessId
                self.pHandle = ctypes.windll.kernel32.OpenProcess(0x1F0FFF, False, self.prcID)
                print(self.prcID)
                print(f"PID {self.prcID} was found")
                self.getBaseAddr()
                return True
        print(f"Proccess {self.name} was not found")
        return False

    def getBaseAddr(self):
        process_handle = wapi.OpenProcess(wcon.PROCESS_ALL_ACCESS, False, self.prcID)
        module_handles = wproc.EnumProcessModules(process_handle)
        module_handles_count = len(module_handles)
        module_index = 0
        if module_index > module_handles_count:
            module_index = 0
        module_handle = module_handles[module_index]
        self.BaseAddr = int(module_handle)
        print(f"Base address of {self.name} is {self.BaseAddr}")
        process_handle.close()   
        return self.BaseAddr

    def GetSize(self, Type):
        if Type == "i":  # Int32
            return 4
        elif Type == "f":  # float
            return 4
        elif Type == "?":  # bool
            return 1
        elif Type == "c":  # char
            return 1
        elif Type == "d":  # double
            return 8
        elif Type == "q":  # long long
            return 8

    def ReadMemNum(self, adress, type):
        buffer = (ctypes.c_byte * self.GetSize(type))()
        bytesRead = ctypes.c_ulonglong(0)
        if ctypes.windll.kernel32.ReadProcessMemory(self.pHandle, adress, buffer, len(buffer), ctypes.byref(bytesRead)):
            return struct.unpack(type, buffer)[0]
        else:
            return -1

    def WriteMem(self, adress, Val, type):
        buffer = (ctypes.c_byte * self.GetSize(type))(*struct.pack(type, Val))
        bytesRead = ctypes.c_ulonglong(0)
        if ctypes.windll.kernel32.WriteProcessMemory(self.pHandle, adress, buffer, len(buffer), ctypes.byref(bytesRead)):
            return True
        else:
            return False

    def WriteByte(self, adress, Bytes):
        for i in range(0, len(Bytes)):
            buffer = (ctypes.c_byte * 1)(*[Bytes[i]])
            bytesRead = ctypes.c_ulonglong(0)
            ctypes.windll.kernel32.WriteProcessMemory(self.pHandle, adress + i, buffer, 1, ctypes.byref(bytesRead))

    def GetLastError(self):
        return ("err code: " + str(ctypes.windll.kernel32.GetLastError()))

    def Detach(self):
        ctypes.windll.kernel32.CloseHandle(self.pHandle)



    def PlayerX(self, pointer=0x76F2E4):
        return self.BaseAddr + pointer

    def PlayerY(self, pointer=0x4D73C4):
        return self.BaseAddr + pointer

    def PlayerZ(self, pointer=0x4D73C8):
        return self.BaseAddr + pointer



m = Memory()
m.Attach()

while True:
    x = round(m.ReadMemNum(m.PlayerX(), "f"),2)
    y = round(m.ReadMemNum(m.PlayerY(), "f"),2)
    z = round(m.ReadMemNum(m.PlayerZ(), "f"),2)
    print(x) or whatever u want
    sleep(0.4)
the only thing im confused with memory reading. cheat engine tells u gta_sa + some offset but how about samp.dll? what if u want to read that samp.dll how u suppose to know base address? @monday
Click to expand...

You forgot to import the sleep library in the last line for the sleep method
 
You must log in or register to reply here.
Top