Jump to content
Heads Up! This website is no longer maintained, if your a member from our era, consider joining the discord to say hello.
Sign in to follow this  
Followers 0

[1.15.3] VB6 Name Spoofing Tutorial

By  ViperSRT3g, in Tutorials

Recommended Posts

 ViperSRT3g    224

ViperSRT3g
Posted

Starcraft v1.15.3 Name Spoofing Tutorial Part 1

Written: 11/23/08

Author: ViperSRT3g

 

This tutorial will go over all the odds and ends of creating a working 1.15.3 Name Spoofer Using Visual Basic 6.

 

Software Needed:

Artmoney

Starcraft

Microsoft Visual Studio 6.0 (Last Version of Visual Basic 6)

 

Steps:

1. Getting your name in Artmoney

2. Creating your Visual Basic Project

3. Using Modules

4. Using Hotkeys

5. Temp Ban Protection

6. Color Spoofing!

 

Viper's VB6 Name Spoofing Tutorial

 

Getting your name in Artmoney

A vital process when making any hack is to find the offsets that you'll be using. So open up Artmoney, and open up Starcraft. Attach Artmoney to Starcraft in the dropdown Select process box. Log onto Bnet.

NSTut01.png

 

We are now at the point where we can begin using Artmoney to find our name spoofing offset. This portion of the tutorial will be nearly exactly the same as Overflow's tutorial on Name Spoofing here: Overflow636's Name Spoofing Tutorial

 

In Artmoney, click the Search button And search for your name.

NSTut02.png

 

You'll be searching for a text type value, and in the value field, you enter your name exactly how it is (Case Sensitive).

NSTut03.png

 

In my search, Artmoney found 4 offsets that contained my name in it.

NSTut04.png

 

4 Offsets is a manageable number, so we can easily figure out which one is our real name spoofing offset. Click the Teal button to bring all the found offsets to the right side of the table so that we can work with them further.

NSTut05.png

 

Now that we have our offsets on the right side of the table, we can now edit them in anyway we see fit.

NSTut06.png

 

For those who do not know, Unicode is the type of byte arrangement that lets ASCII characters extend to support many languages. (Upwards of the 256 default characters) One of the only places in Starcraft where Unicode exists is in the channel chat area. So it is safe to say that our Unicode offset here is NOT our name spoofing offset. So let's delete it.

 

The last three remaining offsets all look very similar. They are not Unicode, they all contain the exact text that we may need, however they are in different regions of Starcraft's memory. The first offset starts off with 059, which basically means it's always in Starcraft's memory. The last two, start off with 190, which means they are only used when on Bnet. That means that our name spoofing offset is located in ONE of the two offsets that start with 190. So we can delete our first offset.

NSTut07.png

 

Now that we are down to just two offsets, it's time to check to see which one will actually change our name. Go ahead and change the value of the first character in each name to a number, using consecutive numbers allows us to see which offset is which. The first offset was changed to 1iperGTSR3g. The Second offset was changed to 2iperGTSR3g as shown below.

NSTut08.png

 

Now join a game in Starcraft to see which number the first letter in our names changed to. As you can see, our first offset is the right one! We can save both offsets however, for the second offset will be useful later. Now that we have our offsets, lets start making our Visual Basic Project!

NSTut09.png

 

 

 

Creating your Visual Basic Project

1. Start up Microsoft Visual Studio 6.0

2. Choose create Standard EXE

3. Click the code button to set the editor to code mode (Similar to Dreamweaver's basic design)

 

Now that we are in the code writing process, we can set up the basics of any Visual Basic application.

The first line in any VB app should be the line "Option Explicit". The reason for this is because if you DON'T use it, you can save any type of value to any type of variable, without your compiler notifying you of this error. This could prove to be very problematic later, so just add it in.

 

Similar to C++, our VB Project will require certain "header files" before we continue. Our project will set up Hotkeys later on, so we will need our GetAsyncKeyState API. Your source coding should look like the following:

 

Option Explicit

Private Declare Function GetAsyncKeyState Lib "user32" (ByVal vKey As Long) As Integer

 

Now that we have our API included with our project, we can go ahead and add the meat and potatoes of our spoofer.

Click the "View Object" button to go back to editing the GUI of our project: NSTut10.png

Add a button to our project by clicking the "CommandButton" tool: NSTut12.png

Add a text box to our project by clicking the "TextBox" tool: NSTut11.png

Your project should look roughly like the following.

NSTut13.png

 

Now that we have our GUI created (Your free to make it look the way you want as much as you like) we can now add the coding in to make them do stuff! Double click the button you added in earlier to go back to the code viewer. The editor will automatically create coding for you when the button is actually pressed. Your coding should have automatically created the following code for you:

 

Private Sub Command1_Click()

End Sub

 

This code will be executed when the button gets clicked. Let's add a call to the function that will actually do the spoofing (Once we add the spoofing process in) Between the "Private Sub Command1_Click()" and "End Sub" lines include the following code:

 

Call Spoof

 

Once we add in the WriteProcessMemory module, we'll be able to set up our spoofing function that will get called when the button is clicked!

 

 

 

Using Modules

I have included the module here: modMemoryDP.bas

Or you may download it via Logos' Siggy here: modMemoryDP.bas

This Module will allow your Visual Basic project to read and write to and from Starcraft's memory!

Now to include the module into your project, simply go to the Project file window. Right click>Add> Module>(Existing if you saved the module)New if your copy pasting

Then simply navigate to where you saved the module, and it will be incorporated into your project!

NSTut14.png

 

We can now create our Spoof process! In our form's code window, we can now include the following text right below our CommandButton text:

 

Private Sub Spoof()
Dim ret As Long 'Initializes the return variable that will help you in debugging
Dim hwnd As Long 'Initializes the variable to hold your process ID number
hwnd = modMemoryDP.FindWindow("SWarClass", "Brood War") 'Uses the module to find Brood War
If hwnd = 0 Then 'If it didnt find Brood War, it will look for Starcraft
	hwnd = FindWindow("SWarClass", "Starcraft") 'Uses the module to find Starcraft
End If
'Writes your name to Starcraft's Memory
ret = modMemoryDP.PokeString(hwnd, &H19044EE8, Text1.Text & vbNullChar)
End Sub

 

If you want, you can use this as a standalone spoofer already, just press F5 or hit the Start button to run your program.

NSTut15.png

 

Let me go in depth however, and explain to you what's being done here.

 

Dim hwnd As Long 'Initializes the variable to hold your process ID number
hwnd = modMemoryDP.FindWindow("SWarClass", "Brood War") 'Uses the module to find Brood War
If hwnd = 0 Then 'If it didnt find Brood War, it will look for Starcraft
	hwnd = FindWindow("SWarClass", "Starcraft") 'Uses the module to find Starcraft
End If

 

This block of code here initializes the variable that will hold the process ID number of the program you intend to read or write memory to. It's purpose here, is to let the module know what program you intend to modify. Which in this case is Starcraft. The code below that, will find Starcraft for you, and if it cannot find Brood War, will look for Starcraft itself. This code right here was taken directly from Logos' CD Key grabber which you can also find here.

 

'Writes your name to Starcraft's Memory
ret = modMemoryDP.PokeString(hwnd, &H19044EE8, Text1.Text & vbNullChar)

 

This block of code is rather self explanatory, it is the line that actually writes to Starcraft's memory allowing you to spoof. If you have not touched anything, it should write "Text1" as your name because the textbox is created with the text "Text1" by default.

The "ret" variable allows you to put debugging processes into your program, such as notifying you if it successfully wrote to Starcraft's memory, without having to actually check in Starcraft.

"&H19044EE8" is the offset to write to. It can be copy pasted from the offset we found in the Artmoney table. "&H" preceding a number in VB6 means a hexadecimal number.

"Text1.Text & vbNullChar" Is the place your spoof is stored in. The "vbNullChar" is an automatic variable in Visual Basic that you do not need to initialize. It's hexadecimal and deximal value in the ASCII character chart is a plain and simple 0x00, or null as it's name implies. It's simply zeroed out memory that Starcraft looks for to let it know that it has reached the end of your name.

All GUI features in VB6 have a name, for our textbox, that name is "Text1" you can change it's name in the Properties form below.

NSTut16.png

 

And all objects have many sub-object properties that fall under them. the ".Text" that is after "Text1" is an example of this. The Properties form displays a bunch of sub-object properties that you may alter, such as the textbox's height and width, it's position on your form, what text it may already contain by default, whether it's going to handle numbers, if it's going to be editable, or if it has a maximum character count. By modifying these, your able to customize your GUI to make it look like anything you can imagine.

 

Another important subject that arose from sub-object properties that has arisen is the actual amount of characters your able to use in a name. The default maximum is 15. However by spoofing, your able to obtain a maximum of 23 actual characters. We'll cover how to exceed this default without being disconnected later in this tutorial. So just to be safe, for now change the "MaxLength" property of the TextBox to 15.

NSTut17.png

 

You now have a standalone Name Spoofer. You may continue on if you want to learn how to make your name spoofer accept hotkeys as well as provide temp ban protection for adding in colors or spoofing to more than the default 15 characters.

 

 

Using Hotkeys

Remember that API we included at the beginning of this tutorial? Well, we'll finally use it in creating hotkeys! GetAsyncKeyState is one of the more common ways of obtaining a hotkey. To use this API however, we'll need to set up a timer in our program.

 

Click the "Timer" tool, and add in a timer to your program.

NSTut18.png

 

Now the timer is different when compared to the other GUI Objects at your disposal. It does not appear when your program is actually running, so it has fewer sub-object properties to edit. The only properties it contains are whether it's running or not, and it's intervals. There's really not much else you can edit about the timer. But it's usefulness is potentially far greater than the other GUI Objects. Once you've created your Timer on your GUI, modify your properties to match the picture:

NSTut19.png

 

Basically the only thing you have to modify is the Interval, the amount of time the timer will wait until it repeats itself. We are setting it to repeat itself every 100 milliseconds. If your observant, you'll notice that many programs use milliseconds as a means to time themselves. Starcraft also uses it, whenever it's waiting for anything. This is because all processes (Programs) on your computer run through your CPU (Processor). Your processor works hard to keep all your programs running smoothly, and when people mention CPU Cycles, they are talking about your processor looping through all your programs and executing whatever your programs may be doing at the time. Well, setting our timer to 100 milliseconds will let your processor know that every 100 milliseconds it will go to your spoofer, and execute anything that your timer may be set to execute. Wasting CPU Cycles will drastically slow your computer down. So try not to create too many of these timers unless they are not running at the same time. (Turning some off if you have multiple timers, or changing their intervals)

 

Now that we have our timer set up, lets add in the coding to let it know that we are pressing a hotkey!

 

Double click the timer's square in the GUI. Then copy the following into your form's code.

 

If GetAsyncKeyState(vbKeyF12) Then
Call Spoof
End If

 

Your timer's execution code should already have been generated for you, making the entire extra code block look like this:

 

Private Sub Timer1_Timer()
If GetAsyncKeyState(vbKeyF12) Then
Call Spoof
End If
End Sub

 

This means that every 100 milliseconds, your timer will check to see if the hotkey F12 has been pressed. Now you notice, that the code that executes when the hotkey is pressed looks exactly like when you click the button on your GUI. This is because it's still calling the same exact code that spoofs your name! This is good VB6 practice, to make your code as separated as possible. If we were to use bad practice, we would have put the Spoof coding into the button's click execution. Which means we'd have to also put the same exact code into our timer's code. But since we separated them, things remain clean and simple. Wouldn't you rather have one line of code that does the same thing as 7? Now if you run your program, your able to press F12 instead of click the button to spoof your name!

 

 

 

Temp Ban Protection

If you REALLY want to make a name spoofer that can spoof with more than 15 characters, or spoof with color, you'll have to continue reading this huge tutorial. :( Otherwise, you've just made yourself a perfectly working spoofer. If your more ambitious, or want to learn VB6 as much as possible, continue reading.

 

Temp Ban Protection is a term that means you simply won't get kicked off of Bnet when you come back to a channel after spoofing to a name that contains 16 or more characters, or contains colors. When a name spoofer fails to provide this protection for you, Bnet will temporarily IP Ban you from the server you spoofed on for about 10-15 minutes. It's an inconvenience that everyone hates, and can be prevented by restoring your spoof AFTER you join a game. This means you'll write your original name back to that first offset we found in Artmoney. This is where that second offset comes in handy. That second offset is the name you logged onto Bnet with. It changes everytime you log on, however it always changes to exactly what you logged on with. It's the same variable Starcraft uses when your at the log in screen and your name is already entered into the Username field. By using the module's peekString function, we are able to read from Starcraft's memory, and either store this information in your program, or write the read memory to Starcraft again. Because this is a tutorial, we will go over both just to cover more ground.

 

As you can imagine, we are going to set up another code block for Temp Ban Protection, called TempBanProtect. It's preferable that we put it next to the Spoof block since the two blocks perform similar and related actions.

 

Private Sub TempBanProtect()
Dim ret As Long
Dim hwnd As Long
hwnd = modMemoryDP.FindWindow("SWarClass", "Brood War")
If hwnd = 0 Then hwnd = FindWindow("SWarClass", "Starcraft")
Dim namebuffer As String 'Initializes the variable that will hold your original name
namebuffer = modMemoryDP.PeekString(hwnd, &H19045178, 25, False) 'Peek = Read, this reads your original name
ret = modMemoryDP.PokeString(hwnd, &H19044EE8, namebuffer & vbNullChar) 'Poke = Write, this writes your original name as your spoof to reset your name
End Sub

 

If you take a look at the code, you'll see lots of similarities to the code found in the Spoof block. There are minor difference though, which I will go over.

 

"Dim namebuffer As String" This initializes the variable that will store your original name.

"namebuffer = modMemoryDP.PeekString(hwnd, &H19044EE8, 25, False)" This will read your name from your second offset in artmoney, and store it in the namebuffer variable. The 25 means it will read 25 bytes starting from the offset 19045178.

 

Now, the only thing left to do is to execute the code. It's not being called by anything, so we must set up another hotkey to call this block. This allows me to show you another bit of VB6 that you will find useful in other things you may design, Else statements. In any programming language, there are If-Then statements. If a condition is met, then a specific set of actions are executed. This can also be applied to many other things such as the the following sentence and what it's talking about. If you've noticed that If-Then statements sound like Starcraft triggers, Then your correct! Starcraft Triggers are simple If-Then Statements. Now when you add in Else into the mix, things become slightly more complicated. If-Then-Else statements provide an alternate set of instructions if the conditions are NOT met. Incorrect usage of Else statements can make your program do funny things.

 

In your Timer's hotkey section, modify it to look like the following.

 

Private Sub Timer1_Timer()
If GetAsyncKeyState(vbKeyF12) Then
Call Spoof
ElseIf GetAsyncKeyState(vbKeyF11) Then
Call TempBanProtect
End If
End Sub

 

The Else Statement used in our coding is a slight modification of an Else statement, basically it's just a second condition that must be met, if the first is not. Another great example of how misuse of an Else statement can screw your program up can be shown here. If you used the following code here:

 

Else: GetAsyncKeyState(vbKeyF11)
Call TempBanProtect

 

Your program would have used the following logic:

If F12 is pressed, then Spoof

Otherwise F12 is not being pressed, then F11 must be so execute TempBanProtect

 

This is obviously not true because we may not be pressing anything at all, and F12 would not be pressed, yet it would assume that F11 is being pressed just because F12 isn't. So be careful when using Else statements.

 

Now that we have Temp Ban Protection inserted into our spoofer, we can increase the MaxLength property of our Text1 object to 24! To use Temp Ban Protection properly you have to press F11 BEFORE leaving a game. If your name is more than 15 characters long and your in a channel, you will get temporarily banned from the server. Or, if your name contains colors you'll be temporarily banned. So by pressing F11 before leaving a game, your spoofer writes over your spoof with your original name, allowing you to rejoin the channel safely. This was an issue with many early spoofers that began to introduce colors.

 

 

Color Spoofing!

 

You have now made a successful spoofer that can handle spoofing to 24 characters, and include colors! How do I include colors you ask? Well, the next step in this tutorial will cover inserting colors into your name. It won't go over how to actually spoof your name to look pretty, it will just show you how to include colors.

 

You can download a big list of colors here: StarcraftSpoofColorsEnhanced.txt

 

It contains a list of all the colors you may use when spoofing your name! It also contains a list of all the colors you can use in the game as well. The in-game colors won't do anything but help you with map making because they are the same exact characters map editors use to add color to text. The lobby colors will work however because that's simply what your name spoofing is for, the game lobby. In past patches, the colors you spoofed to would carry over into the game, that is not the case anymore.

 

Credits:

Many Thanks to LCSBSSRHXXX for his initial Name Spoofing help back in 2007.

Thanks to Logos for bettering the Visual Basic Module for writing to Memory.

And to Zonemikel for making me wanna make a tut ^^

Share this post

Link to post

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now
Sign in to follow this  
Followers 0
Go To Topic Listing Tutorials
×