[Source Code] Wallhack Windows 7 Crossfire

Discussion in 'C and C++' started by Linux2, Jul 4, 2016.

  1. [Source Code] Wallhack Windows 7 Crossfire

    Code:
    
    #include <Windows.h>
    #include <stdio.h>
    #include <d3d9.h>
    #include <d3dx9.h>
    
    DWORD DIP_hook = NULL;
    DWORD DIP_return = NULL;
    bool WallHack = true;
    void myDIP(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount)
    {
        IDirect3DVertexBuffer9* pStreamData = NULL;
        UINT iOffsetInBytes,iStride;
        pDevice->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride);
        if(WallHack)
        {
            if ((iStride==40)||(iStride==44))
            {
                pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE );
                pDevice->SetRenderState(D3DRS_LIGHTING, false);
            }
        }
    }
    _declspec(naked) void Dip_Hook_Win7()
    {
        __asm
        {
            //Call myDIP
            MOV EAX, DWORD PTR [ESP+40];
            PUSH EAX;
            MOV EAX, DWORD PTR [ESP+40];
            PUSH EAX;
            MOV EAX, DWORD PTR [ESP+40];
            PUSH EAX;
            MOV EAX, DWORD PTR [ESP+40];
            PUSH EAX;
            MOV EAX, DWORD PTR [ESP+40];
            PUSH EAX;
            MOV EAX, DWORD PTR [ESP+40];
            PUSH EAX;
            MOV EAX, DWORD PTR [ESP+40];
            PUSH EAX;
            CALL myDIP;
            ADD ESP, 28;
            MOV EAX,DWORD PTR FS:[0];
            PUSH EAX;
            SUB ESP,0x20;
            JMP DIP_return;
        }
    }
    bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
    {
        for(;*szMask;++szMask,++pData,++bMask)
            if(*szMask=='x' && *pData!=*bMask)   return 0;
        return (*szMask) == NULL;
    }
    DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
    {
        for(DWORD i=0; i<dwLen; i++)
            if (bCompare((BYTE*)(dwAddress+i),bMask,szMask))  return (DWORD)(dwAddress+i);
        return 0;
    }
    void MakeJMP( BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen )
    {
        DWORD dwOldProtect, dwBkup, dwRelAddr;
       
        VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
        dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;
        *pAddress = 0xE9;
       
        *((DWORD *)(pAddress + 0x1)) = dwRelAddr;
        for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;
        VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);
       
        return;
    }
    void D3Dhook()
    {
        LoadLibraryA("d3d9.dll");
        DWORD D3D9, adr, *VTable;
        do
        {
            D3D9 = (DWORD)LoadLibraryA("d3d9.dll");
            Sleep(100);
        } while (D3D9 == NULL);
        adr = FindPattern(D3D9, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
       
        if (adr)
        {
            memcpy(&VTable,(void *)(adr+2),4);
            MakeJMP((BYTE *)0x4FF51658, (DWORD)Dip_Hook_Win7, 0x6);
            DWORD dwJMPback = 0x4FF51659;
          
        }
    }
    extern "C" __declspec(dllexport) BOOL APIENTRY DllMain(HINSTANCE hDll, DWORD dwReason, LPVOID lpvReserved)
    {
        if (dwReason == DLL_PROCESS_ATTACH)
        {
            DisableThreadLibraryCalls(hDll);
           
            D3Dhook();
        }else if(dwReason == DLL_PROCESS_DETACH){}
        return TRUE;
    }  
    
    


     
  2. Boss, anong IDE ginamit mo? try ko eh compile gamit ang eclipse.
     
  3. Visual Studio 2015
     
  4. previous VS versions (e.g. 2012, 2010, 2008, ..) will also work
     

Share This Page