First of all i m not like those who afraid on giving a hook..i don't care about this i care bout helping people,,
______________________________________________________________
Quote: #include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <d3d9.h>
#include <d3dx9.h>
okay first lets start naked function
Quote: DWORD* DIP_hook = NULL;
DWORD DIP_return = NULL;
bool wallhack = true;
void myDIP(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount)
{
IDirect3DVertexBuffer9* pStreamData = NULL;
UINT iOffsetInBytes,iStride;
pDevice->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride);
if(wallhack)
if ((iStride==40)||(iStride==44))
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE );
pDevice->SetRenderState(D3DRS_ZFUNC, D3DCMP_NEVER);
}
}
_declspec(naked) void dwmyDIP()
{
__asm
{
//Call myDIP
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
CALL myDIP;
ADD ESP, 28;
Then Restore EAX original value:
Quote: MOV EAX,DWORD PTR FS:[0];
Then put back the Original code:
Quote: PUSH EAX;
SUB ESP,0x20;
Then Return ur JMP Back:
Quote: JMP DIP_return;
Then Close ur naked Function:
Quote: }
}
Quote: Then We Use The bCompare() Method
bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask) return 0;
return (*szMask) == NULL;
}
Then We Find The Pattern For Our Wall Hack:
Quote: DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i<dwLen; i++)
if (bCompare((BYTE*)(dwAddress+i),bMask,szMask)) return (DWORD)(dwAddress+i);
return 0;
}
Then We start our 5 Bytes Hunting
Quote: void MakeJMP(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen)
{
DWORD dwOldProtect, dwBkup, dwRelAddr;
Then we give the paged memory read/write permissions:
Quote: VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
Then We calculate the distance between our address and our target location and subtract the 5bytes, which is the size of the JMP:
Quote: dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;
Then We overwrite the byte at pAddress with the jmp opcode (0xE9):
Quote: *pAddress = 0xE9;
Then We overwrite the next 4 bytes (which is the size of a DWORD) with the dwRelAddr:
Quote: *((DWORD *)(pAddress + 0x1)) = dwRelAddr;
Then we overwrite the remaining bytes with the NOP opcode (0x90):
Quote: for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;
Then we restore the paged memory permissions saved in dwOldProtect:
Quote: VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);
Then We close the JMNo Advertisingok:
Quote: return;
}
Then Create Our Hack Thread
Quote: void WallHack()
{
LoadLibraryA("d3d9.dll");
DWORD D3D9, adr, *VTable;
do
{
D3D9 = (DWORD)LoadLibraryA("d3d9.dll");
Sleep(100);
} while (D3D9 == NULL);
adr = FindPattern(D3D9, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x8", "xx????xx????xx");
if (adr) {
memcpy(&VTable,(void *)(adr+2),4);
MakeJMP((BYTE *)0x4FF51658, (DWORD)dwmyDIP, 0x6);
DWORD dwJMPback = 0x4FF51658;
}
}
C.R.E.D.I.T.S
--> ALAS003
( MODERATOR )
______________________________________________________________
Quote: #include <windows.h>
#include <stdio.h>
#include <stdlib.h>
#include <d3d9.h>
#include <d3dx9.h>
okay first lets start naked function
Quote: DWORD* DIP_hook = NULL;
DWORD DIP_return = NULL;
bool wallhack = true;
void myDIP(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount)
{
IDirect3DVertexBuffer9* pStreamData = NULL;
UINT iOffsetInBytes,iStride;
pDevice->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride);
if(wallhack)
if ((iStride==40)||(iStride==44))
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE );
pDevice->SetRenderState(D3DRS_ZFUNC, D3DCMP_NEVER);
}
}
_declspec(naked) void dwmyDIP()
{
__asm
{
//Call myDIP
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
MOV EAX, DWORD PTR [ESP+40];
PUSH EAX;
CALL myDIP;
ADD ESP, 28;
Then Restore EAX original value:
Quote: MOV EAX,DWORD PTR FS:[0];
Then put back the Original code:
Quote: PUSH EAX;
SUB ESP,0x20;
Then Return ur JMP Back:
Quote: JMP DIP_return;
Then Close ur naked Function:
Quote: }
}
Quote: Then We Use The bCompare() Method
bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask) return 0;
return (*szMask) == NULL;
}
Then We Find The Pattern For Our Wall Hack:
Quote: DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i<dwLen; i++)
if (bCompare((BYTE*)(dwAddress+i),bMask,szMask)) return (DWORD)(dwAddress+i);
return 0;
}
Then We start our 5 Bytes Hunting
Quote: void MakeJMP(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen)
{
DWORD dwOldProtect, dwBkup, dwRelAddr;
Then we give the paged memory read/write permissions:
Quote: VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
Then We calculate the distance between our address and our target location and subtract the 5bytes, which is the size of the JMP:
Quote: dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;
Then We overwrite the byte at pAddress with the jmp opcode (0xE9):
Quote: *pAddress = 0xE9;
Then We overwrite the next 4 bytes (which is the size of a DWORD) with the dwRelAddr:
Quote: *((DWORD *)(pAddress + 0x1)) = dwRelAddr;
Then we overwrite the remaining bytes with the NOP opcode (0x90):
Quote: for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;
Then we restore the paged memory permissions saved in dwOldProtect:
Quote: VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);
Then We close the JMNo Advertisingok:
Quote: return;
}
Then Create Our Hack Thread
Quote: void WallHack()
{
LoadLibraryA("d3d9.dll");
DWORD D3D9, adr, *VTable;
do
{
D3D9 = (DWORD)LoadLibraryA("d3d9.dll");
Sleep(100);
} while (D3D9 == NULL);
adr = FindPattern(D3D9, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x8", "xx????xx????xx");
if (adr) {
memcpy(&VTable,(void *)(adr+2),4);
MakeJMP((BYTE *)0x4FF51658, (DWORD)dwmyDIP, 0x6);
DWORD dwJMPback = 0x4FF51658;
}
}
C.R.E.D.I.T.S
--> ALAS003
( MODERATOR )