Huge thanks to my pal for this header [@suzuharuR](https://twitter.com/suzuharuR)
[Usage](#Usage) | [Examples](#fire-minimal-examples) | [Document](https://docs.rs/toy-arms)
This is a toolkit for those who are fed up with coding game hack with C++ but still wanna make it in an elegant way. Since this library wraps many Windows API which frequently used, you can build hack without having to struggle with it. By using this, many part of your stress while coding low level fashion won't come in.
But be informed that this library is primitive and still could contain some buggy code which causes errors. I'd be pleased if you spot them and make PR or issue.
Donating me through GitHub sponsors would be the best way to support me and this project. You can also support me by starring this project, or any kind of PR that either refactoring this project, or adding new feature would pump me up!
But before actually test the example, I'll show you some preparation steps you're supposed to know.
Firstly, include toy-arms in your dependencies' table in Cargo.toml.
As of now toy-arms has 2 features which are internal and external.
internal feature flag is on by default so you have to specify external when you wanna use it.
for internal use: ```toml [dependencies] toy-arms = "0.9.3"
[lib] crate-type = ["cdylib"] ```
for external use:
toml
[dependencies]
toy-arms = {version = "0.9.3", features = ["external"]}
Secondly, sicne most of those tests are targeting the game "csgo.exe(x86)", you may have to build the code in x86 architecture depending on the example.
You can either specify in .cargo/config.toml as following:
toml
[build]
target = "i686-pc-windows-msvc"
Or put --target i686-pc-windows-msvc flag everytime when you build the code.
In this section I'll showcase you various examples for different situations with internal and external features. Find one fits your purpose.
Be informed that all these examples are happened to target CSGO:counter strike global offencive , so be sure to get it and test with it.
Welcome to the examples of internal hack. A dll file will be generated by build these examples, inject it with whatever dll injector you possess.
With this crate, making the injectable dll which is the smallest possible is simple as this:
```rust // A neat macro which defines entry point instead of you. // Also, you dont have to alloc/free console by yourself, console will show up when u compile into debug build. toyarms::createentrypoint!(hackmainthread);
// Main thread fn hackmainthread() { // YOUR STUNNING CODE'S SUPPOSED TO BE HERE; for i in 0..30000 { println!("using toy-arms {}", i); } }
```
This is the code that overwrites the value at DW_FORCE_ATTACK to 0x5 every loop in csgo.exe.
Note that you have to check if the address of DW_FORCE_ATTACK is up-to-date.
```rust use toyarms::VirtualKeyCode; use toyarms::external::Process; use toy_arms::external::{ read, write };
fn main() { // This const has to be up to date. const DWCLIENTSTATE: usize = 0x58CFC4; const DWCLIENTSTATESTATE: usize = 0x108; const DWFORCEATTACK: usize = 0x31FE33C; // Getting process information let process = Process::fromprocessname("csgo.exe"); println!( "process id = {}, \nprocess handle = {:?}", process.processid, process.process_handle );
// You can get module information by using getmoduleinfo let moduleinfo = process.getmoduleinfo("client.dll").unwrap(); println!("{}", moduleinfo.module_name);
// read fetches the value at where the address is pointing.
// U have to specify the type of the value with turbofish
println!(
"{:x}",
read::
loop {
// write helps you tamper with the value.
write::
// Exit this loop by pressing INSERT
if toy_arms::detect_keypress(VirtualKeyCode::VK_INSERT) {
break;
}
} } ```
While this code below will retrieve health value of LocalPlayer object in csgo.exe.
Note that you have to update the offset of DW_LOCAL_PLAYER.
```rust use toyarms::GameObject; use toyarms::{cast, createentrypoint, VirtualKeyCode}; use toyarms::internal::Module; use toyarmsderive::GameObject;
createentrypoint!(hackmain_thread);
// This macro provides from_raw() func that ensures the base address is not null.
struct LocalPlayer { pointer: *const usize, // Denote the base address of LocalPlayer to use it later in get_health() function. }
impl LocalPlayer { unsafe fn get_health(&self) -> u16 { *cast!(self.pointer as usize + 0x100, u16) } }
// This offset has to be up to date. const DWLOCALPLAYER: i32 = 0xDB25DC;
fn hackmainthread() {
let module = Module::frommodulename("client.dll").unwrap();
unsafe {
//let dwlocalplayer = memory.readmut::
```
This is the pattern scanning example where the pattern is for dwForceAttack in csgo.
```rust use toyarms::{ detectkeypress, internal::{ Module }, VirtualKeyCode }; toyarms::createentrypoint!(hackmainthread);
const DWFORCEATTACK_PATTERN: &str = "89 0D ? ? ? ? 8B 0D ? ? ? ? 8B F2 8B C1 83 CE 04";
fn hackmainthread() { let mut once = false;
let client = Module::frommodulename("client.dll").unwrap();
match client.findpattern(DWFORCEATTACKPATTERN) { Some(i) => println!("address: 0x{:x}", i), None => println!("Pattern not found"), }
match client.patternscan( DWFORCEATTACKPATTERN, 2, 0, ) { Some(i) => println!("address: 0x{:x}", i), None => println!("Offset not found"), }
loop { if !once { println!("Press INSERT to exit..."); once = !once; } // To exit this hack loop when you input INSEERT KEY if detectkeypress(VirtualKeyCode::VKINSERT) { break; } } } ```
On the other hand, following code is how tamper with memory externally is like.
This is the code that overwrites the value at DW_FORCE_ATTACK to 0x5 every loop in csgo.exe.
Note that you have to check if the address of DW_FORCE_ATTACK is up-to-date.
```rust use toyarms::VirtualKeyCode; use toyarms::external::Process; use toy_arms::external::{ read, write };
fn main() { // This const has to be up to date. const DWCLIENTSTATE: usize = 0x58CFC4; const DWCLIENTSTATESTATE: usize = 0x108; const DWFORCEATTACK: usize = 0x31FE33C; // Getting process information let process = Process::fromprocessname("csgo.exe"); println!( "process id = {}, \nprocess handle = {:?}", process.processid, process.process_handle );
// You can get module information by using getmoduleinfo let moduleinfo = process.getmoduleinfo("client.dll").unwrap(); println!("{}", moduleinfo.module_name);
// read fetches the value at where the address is pointing.
// U have to specify the type of the value with turbofish
println!(
"{:x}",
read::
loop {
// write helps you tamper with the value.
write::
// Exit this loop by pressing INSERT
if toy_arms::detect_keypress(VirtualKeyCode::VK_INSERT) {
break;
}
} } ```
This is the pattern scanning example where the pattern is for dwForceAttack in csgo.
```rust use toyarms::{ VirtualKeyCode }; use toyarms::external::Process;
const DWFORCEATTACK_PATTERN: &str = "89 0D ? ? ? ? 8B 0D ? ? ? ? 8B F2 8B C1 83 CE 04";
fn main() { let mut once = false;
// Getting process information let process = Process::fromprocessname("csgo.exe"); // You can get module information by using getclient let client = process.getmodule_info("client.dll").unwrap();
let address = client.findpattern(DWFORCEATTACKPATTERN); match address { Some(i) => println!("found pattern at 0x{:x}", i), None => println!("NOTHING FOUND"), }
let offset = client.patternscan( DWFORCEATTACKPATTERN, 2, 0, ); match offset { Some(i) => println!("found offset at 0x{:x}", i), None => println!("NOTHING FOUND"), }
loop { if !once { println!("Press INSERT to exit..."); once = !once; } // Exit this loop by pressing INSERT if toyarms::detectkeydown!(VirtualKeyCode::VK_INSERT) { break; } } } ```
Yes you have! Take a look at examples directory, you'll see more examples!
However, you may need to update offsets which some examples contain with your own hands.
Refer to hazedumper as always for latest offsets of CSGO.
To build examples in x86 arch:
shell
cargo build --example EXAMPLE_NAME --target i686-pc-windows-msvc