[Source Code] CrossFire Wallhack Windows XP and Windows 7

Discussion in 'C and C++' started by Linux2, Jul 4, 2016.

  1. [Source Code] CrossFire Wallhack Windows XP and Windows 7


    Code:
    
    
    #include <windows.h>
    #include <d3d9.h>
    #include <d3dx9.h>
    
    #pragma comment(lib, "d3d9.lib")
    #pragma comment(lib, "d3dx9.lib")
    
    DWORD DIPD3D9, retDIPD3D9;
    
    __declspec( naked ) HRESULT WINAPI DIPMidfunction( )
    {
        static LPDIRECT3DDEVICE9 pDevice;
    
        __asm
        {
            MOV EDI, EDI
            PUSH EBP
            MOV EBP, ESP
            MOV EAX, DWORD PTR SS:[EBP + 0x8]
            MOV DWORD PTR DS: [PDEV], EAX
        }
    
        pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );
        
        __asm
        {
            POP EBP
            JMP retDIPD3D9
        }
    }
    
    VOID *DetourCreate( BYTE *src, CONST BYTE *dst, CONST INT len )
    {
        BYTE *jmp =( BYTE * ) malloc( len + 5 );
        DWORD dwBack;
    
        VirtualProtect( src, len, PAGE_READWRITE, &dwBack );
        memcpy( jmp, src, len );    
        jmp += len;
        jmp [0] = 0xE9;
        *( DWORD * )( jmp + 1 ) = ( DWORD )( src + len - jmp ) - 5;
    
        src [0] = 0xE9;
        *( DWORD * )( src + 1 ) = ( DWORD )( dst - src ) - 5;
        for( INT i = 5; i < len; i++ )
            src[i] = 0x90;
        VirtualProtect( src, len, dwBack, &dwBack );
    
        return ( jmp - len );
    }
    
    BOOL bCompare( CONST BYTE *pData, CONST BYTE *bMask, CONST CHAR *szMask )
    {
        for( ; *szMask; ++szMask, ++pData, ++bMask )
            if( *szMask == 'x' && *pData != *bMask )   
            return false;
        
        return ( *szMask ) == NULL;
    }
    
    DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
    {
        for( DWORD i = 0; i < dwLen; i++ )
            if( bCompare( ( BYTE * )( dwAddress + i ), bMask, szMask ) )  
            return ( DWORD )( dwAddress + i );
        
        return 0;
    }
    
    DWORD WINAPI StartRoutine( LPVOID )
    {
        while( TRUE )
        {
            DWORD hD3D = ( DWORD )LoadLibrary( "d3d9.dll" );
    
            if( !DIPD3D9 )
            {
                // Windows XP
                DIPD3D9 = FindPattern( hD3D,
                    0x128000,
                    ( PBYTE )"\x8B\xFF\x55\x8B\xEC\x5D\xE9\x00\x00\x00\x00\xCC\xCC\xCC\xCC\xCC\x8B\xFF\x55\x8B\xEC\x51",
                    "xxxxxxx????xxxxxxxxxxx" );
                if( DIPD3D9 )
                {
                    retDIPD3D9 DIPD3D9 = + 0x6;
                    DetourCreate( ( PBYTE )DIPD3D9, ( PBYTE )DIPMidfunction, 5 );
                }
            }
    
            if( !DIPD3D9 )
            {
                // Windows 7
                DIPD3D9 = FindPattern( hD3D,
                    0x128000,
                    ( PBYTE )"\xC3\x90\x90\x90\x90\x90\x8B\xFF\x55\x8B\xEC\x5D\xEB\x05\x90\x90\x90\x90\x90\x8B\xFF\x55\x8B\xEC\x6A\xFF",
                    "xxxxxxxxxxxxxxxxxxxxxxxxxx" );
                if( DIPD3D9 )
                {
                    retDIPD3D9 = (DIPD3D9 + 0x6) + 0x6;
                    DetourCreate( ( PBYTE )( DIPD3D9 + 0x6 ), ( PBYTE )DIPMidfunction, 5 );
                }
            }
            }
     
            return 0;
    }
    
    BOOL WINAPI DllMain( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
    { 
        if( dwReason == DLL_PROCESS_ATTACH )
        {
            DisableThreadLibraryCalls( hDll );
            MessageBox( 0, "WE11ington", "HOOK DIP", 0 );
                CreateThread( 0, 0, (LPTHREAD_START_ROUTINE)StartRoutine, 0, 0, 0 );        
        }
    
        return TRUE;
    }
    
    
    
    
     

Share This Page