How to make a Bytecode Conversion DLL

So you want to make a bytecode conversion DLL huh?

This requires adequate knowledge of c++ and game hacking in general (but if you click the duolingo link at the bottom, you're guaranteed to make a dll 3 times more efficient)

First download Pelican Dumper VT (to update your exploit because most people on this forum probably don't know how to use IDA or can't be bothered to manually get the addresses every update) 

Next, you have to learn how bytecode conversion works. Explanation VT VT2

Make sure you read the entire thing if you don't already know how it works

You can review the numerous open source bytecode conversion dlls available to the public provided that you don't just copy and paste the entire source without learning anything. This is so that you gain an understanding of the general idea; I would probably release my own DLL source but it isn't finished.

Part 3 - Beginning the Exploit:

Open your visual studio and create a Empty C++ Project. After you've created your project, add a new .cpp file. After you've done that, click on your Project > Properties and then set the output type from .EXE (Windows Application) to .DLL (Dynamic Link Library) and then we can now start our code. While you're there, click c/c++ and disable SDL checks; c/c++ > Precompiled Headers and disable that as well; and set it to x86 instead of x64 in the active solution manager to avoid unnecessary errors.

We need a way to execute the code once it is injected so just copy and paste this into your exploit:

 

BOOL __stdcall DllMain(HINSTANCE Dll, DWORD Reason, LPVOID Reserved) { if (Reason == DLL_PROCESS_ATTACH) { CreateThread(0, 0, (LPTHREAD_START_ROUTINE)main, 0, 0, 0); } return TRUE; }

A bunch of 9 year olds may call you a skid for copying and pasting this code but that's because they're braindead

We also need to bypass checks that Roblox has in place in an attempt to prevent exploiters

Console bypass:

DWORD asdmemes; VirtualProtect((PVOID)&FreeConsole, 1, PAGE_EXECUTE_READWRITE, &asdmemes); *(BYTE*)(&FreeConsole) = 0xC3; AllocConsole(); SetConsoleTitleA("Exploit"); freopen("CONOUT$", "w", stdout); freopen("CONIN$", "r", stdin); HWND ConsoleHandle = GetConsoleWindow(); ::SetWindowPos(ConsoleHandle, HWND_TOP, 0, 0, 0, 0, SWP_DRAWFRAME | SWP_NOMOVE | SWP_NOSIZE | SWP_SHOWWINDOW); ::ShowWindow(ConsoleHandle, SW_NORMAL);

ALSR bypass:

 

#define x(x) (x - 0x400000 + (DWORD)GetModuleHandleA(0))

Retcheck bypass credits to Celery:

Retcheck::init(); // call this once before anything...to initialise it

// Use Retcheck::call to call your functions like
// normal; just make sure to supply its Calling convention

auto r_lua_newthread = reinterpret_cast<void*>(aslr(0x13D8FB0)); // or cast it to its typedef

auto new_rL = std::get<0>(Retcheck::call(r_lua_newthread, "cdecl", { rL }));



// explanation:
auto return_data = Retcheck::call(function, convention, { arg1, arg2, arg3 . . . });

// if the function returns a 32-bit value(byte/short/int/dword/float/etc.) do:
auto small_value = std::get<0>(return_data); // cast it to whatever you need

// if it returns a 64-bit value(__int64/double) do:
auto large_value = std::get<1>(return_data);

// yes ik could've made this part much fancier

How it works: return value is spoofed to return to roblox code which we use against itself. 

then you simple skid calamari :' ) ur welcome folks but actually i would have wrote it all down but wearedevs has a limit as to how long ur thread can be

https://invite.duolingo.com/BDHTZTB5CWWKTADGCGCSFLS7FY

be a cool kid today and learn french adn german with me

for the braindead script kiddies, this was a joke