Crossfire North America
Code:
DIP: 0x004B782D
Return: 0x004B7835
Crossfire Europe
Code:
DIP: 0x004B5FED
Return: 0x004B5FF5
Base Source for Crossfire North America & Europe
Code:
#include <windows.h>
#include <d3d9.h>
#include <d3dx9.h>
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")
/*-------------------- 09.27.2012 --------------------*/
/* Credits: WE11ington & Gangnam Boy */
/*----------------------------------------------------*/
#define CFNA
//#define CFEU
/*------------------- Crossfire NA -------------------*/
#ifdef CFNA
#define DIPEngine 0x004B782D
DWORD retDIPEngine = ( DIPEngine + 0x8 );
#endif
/*------------------- Crossfire EU -------------------*/
#ifdef CFEU
#define DIPEngine 0x004B5FED
DWORD retDIPEngine = ( DIPEngine + 0x8 );
#endif
INT chams;
INT color;
LPDIRECT3DDEVICE9 pDevice;
#define Red D3DCOLOR_ARGB( 255, 255, 000, 000 )
#define Green D3DCOLOR_ARGB( 255, 000, 255, 000 )
#define Blue D3DCOLOR_ARGB( 255, 000, 000, 255 )
#define Black D3DCOLOR_ARGB( 255, 000, 000, 000 )
__declspec( naked ) HRESULT WINAPI DIPMidfunction ( )
{
__asm
{
MOV EDX, DWORD PTR DS:[EAX]
MOV EDX, DWORD PTR DS:[EDX + 0x148]
MOV DWORD PTR DS:[pDevice], EAX
PUSHAD
}
if( GetAsyncKeyState(VK_NUMPAD1)&1 )
chams = !chams;
if( GetAsyncKeyState(VK_NUMPAD2)&1 )
color++;
if( color > 4 )
color = 0;
if( chams )
{
pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );
if( color == 1 ) pDevice->SetRenderState( D3DRS_AMBIENT, Red );
if( color == 2 ) pDevice->SetRenderState( D3DRS_AMBIENT, Green );
if( color == 3 ) pDevice->SetRenderState( D3DRS_AMBIENT, Blue );
if( color == 4 ) pDevice->SetRenderState( D3DRS_AMBIENT, Black );
}
__asm
{
POPAD
JMP retDIPEngine
}
}
VOID *DetourCreate ( BYTE *src, CONST BYTE *dst, CONST INT len )
{
BYTE *jmp =( BYTE * ) malloc( len + 5 );
DWORD dwBack;
VirtualProtect( src, len, PAGE_READWRITE, &dwBack );
memcpy( jmp, src, len );
jmp += len;
jmp[0] = 0xE9;
*( DWORD * )( jmp + 1 ) = ( DWORD )( src + len - jmp ) - 5;
src[0] = 0xE9;
*( DWORD * )( src + 1 ) = ( DWORD )( dst - src ) - 5;
for( INT i = 5; i < len; i++ )
src[i] = 0x90;
VirtualProtect( src, len, dwBack, &dwBack );
return( jmp - len );
}
DWORD WINAPI StartRoutine ( LPVOID )
{
while( TRUE )
{
if( memcmp( ( VOID * )DIPEngine, ( VOID * )( PBYTE )"\x8B\x10", 2 ) == 0 )
DetourCreate( ( PBYTE )DIPEngine, ( PBYTE )DIPMidfunction, 8 );
Sleep( 50 );
}
return FALSE;
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
if( dwReason == DLL_PROCESS_ATTACH )
{
DisableThreadLibraryCalls( hDll );
MessageBox( 0, "Midfunction Hook Engine", "Crossfire", 0 );
CreateThread( 0, 0, (LPTHREAD_START_ROUTINE)StartRoutine, 0, 0, 0 );
}
return TRUE;
}
Crossfire Philippines
Code:
Endscene: 0x0045762F
Return: 0x00457637
DIP: 0x004B3C4D
Return: 0x004B3C55
Base Source for Crossfire PH
Code:
#include <windows.h>
#include <d3d9.h>
#include <d3dx9.h>
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")
/*-------------------- 09.27.2012 --------------------*/
/* Credits: WE11ington & Gangnam Boy */
/*----------------------------------------------------*/
/*------------------- Crossfire PH -------------------*/
#define EndSceneEngine 0x0045762F
#define DIPEngine 0x004B3C4D
DWORD retEndSceneEngine = ( EndSceneEngine + 0x8 );
DWORD retDIPEngine = ( DIPEngine + 0x8 );
INT chams;
INT color;
LPD3DXFONT Font;
LPDIRECT3DDEVICE9 pDevice;
#define Red D3DCOLOR_ARGB( 255, 255, 000, 000 )
#define Green D3DCOLOR_ARGB( 255, 000, 255, 000 )
#define Blue D3DCOLOR_ARGB( 255, 000, 000, 255 )
#define Black D3DCOLOR_ARGB( 255, 000, 000, 000 )
VOID StartFont ( )
{
if( Font )
{
Font->Release();
Font = NULL;
}
if( !Font ) D3DXCreateFont( pDevice,14,0,FW_NORMAL,1,0,DEFAULT_CHARSET,OUT_DEFAULT_PRECIS,DEFAULT_QUALITY,DEFAULT_PITCH | FF_DONTCARE,"Arial",&Font );
}
VOID WriteText ( INT x, INT y, DWORD color, CHAR *text )
{
RECT rect;
SetRect( &rect, x, y, x, y );
Font->DrawText( NULL, text, -1, &rect, DT_NOCLIP | DT_LEFT, color );
}
__declspec( naked ) HRESULT WINAPI EndSceneMidfunction ( )
{
__asm
{
MOV ECX, DWORD PTR DS:[EAX]
MOV EDX, DWORD PTR DS:[ECX + 0xA8]
MOV DWORD PTR DS:[pDevice], EAX
PUSHAD
}
StartFont( );
if( Font )
WriteText( 300, 300, Red, "CrossFire: Hook EndScene Engine" );
__asm
{
POPAD
JMP retEndSceneEngine
}
}
__declspec( naked ) HRESULT WINAPI DIPMidfunction ( )
{
__asm
{
MOV EDX, DWORD PTR DS:[EAX]
MOV EDX, DWORD PTR DS:[EDX + 0x148]
MOV DWORD PTR DS:[pDevice], EAX
PUSHAD
}
if( GetAsyncKeyState(VK_NUMPAD1)&1 )
chams = !chams;
if( GetAsyncKeyState(VK_NUMPAD2)&1 )
color++;
if( color > 4 )
color = 0;
if( chams )
{
pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );
if( color == 1 ) pDevice->SetRenderState( D3DRS_AMBIENT, Red );
if( color == 2 ) pDevice->SetRenderState( D3DRS_AMBIENT, Green );
if( color == 3 ) pDevice->SetRenderState( D3DRS_AMBIENT, Blue );
if( color == 4 ) pDevice->SetRenderState( D3DRS_AMBIENT, Black );
}
__asm
{
POPAD
JMP retDIPEngine
}
}
VOID *DetourCreate ( BYTE *src, CONST BYTE *dst, CONST INT len )
{
BYTE *jmp =( BYTE * ) malloc( len + 5 );
DWORD dwBack;
VirtualProtect( src, len, PAGE_READWRITE, &dwBack );
memcpy( jmp, src, len );
jmp += len;
jmp[0] = 0xE9;
*( DWORD * )( jmp + 1 ) = ( DWORD )( src + len - jmp ) - 5;
src[0] = 0xE9;
*( DWORD * )( src + 1 ) = ( DWORD )( dst - src ) - 5;
for( INT i = 5; i < len; i++ )
src[i] = 0x90;
VirtualProtect( src, len, dwBack, &dwBack );
return( jmp - len );
}
DWORD WINAPI StartRoutine ( LPVOID )
{
while( TRUE )
{
if( memcmp( ( VOID * )EndSceneEngine, ( VOID * )( PBYTE )"\x8B\x08", 2 ) == 0
|| memcmp( ( VOID * )DIPEngine, ( VOID * )( PBYTE )"\x8B\x10", 2 ) == 0 ) {
Sleep( 100 );
DetourCreate( ( PBYTE )EndSceneEngine, ( PBYTE )EndSceneMidfunction, 8 );
DetourCreate( ( PBYTE )DIPEngine, ( PBYTE )DIPMidfunction, 8 );
}
Sleep( 50 );
}
return FALSE;
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
if( dwReason == DLL_PROCESS_ATTACH )
{
DisableThreadLibraryCalls( hDll );
MessageBox( 0, "Midfunction Hook Engine", "Crossfire", 0 );
CreateThread( 0, 0, (LPTHREAD_START_ROUTINE)StartRoutine, 0, 0, 0 );
}
return TRUE;
}
Credits:
@WE11ington - old source
@Gangnam Boy - update
@z8games
@gamerage
@gameclub
@xtrap
Happy Patching !