Originally Posted by
CaPeVaLdOfOrMiNiOn
Google translation... Sorry I Brazilian
1. Make a DLL in C Project in devcpp
2. Save all files all
3. Create a file named addys.h
4. Change name:
dllmain.c -> cbase2.c
dll.h -> cbase2.h
5. Fill with the following code:
cbase2.c
Code:
#include "cbase2.h"
#include "addys.h"
LPTSTR i3engine = "PointBlank.i3Exec"; // handle PointBlank.i3Exec
DWORD adrWSOn, adrWSOff, OldProtection; // deklarasi variabel
BYTE RET[] = {0xC3}; //deklarasi byte untuk RET
BYTE PUSH_EBP[]= {0x55}; //deklarasi byte untuk PUSH_EBP
/*
Karena memwrite sudah terdeteksi HACKSHIELD, maka saya berupaya membuatkan
fungsi alternative selain memwrite dan undetected bernama MEMpatch
*/
//Check Apakah address tersebut di protect ?
void UnProtectAndModify(DWORD Offset, DWORD Pointer, DWORD Length){
VirtualProtect((void *)Offset, Length, PAGE_EXECUTE_READWRITE, &OldProtection); // check apakah address tsb dikunci / protected ? kalau iya, lakukan unprotect
RtlMoveMemory((void *)Offset, (const void*)Pointer, Length); // ubah address tsb menjadi writeable, dan lakukan patch dengan MEMpatch
VirtualProtect((void *)Offset, Length, OldProtection, &OldProtection); // protect lagi address tsb biar gk kena satpam
}
// Lakukan patch terhadap memory
void MEMpatch( BYTE *Offset, BYTE *ByteArray, DWORD Length){
UnProtectAndModify((DWORD)Offset , (DWORD)ByteArray , 1);
}
DWORD WINAPI InitAllHacks(LPVOID param) // thread telah dipatch. undetected 6 desember 2010
{
while (1) { // jika thread telah aktif
if (GetAsyncKeyState(VK_INSERT)&1) { // jika hotkey ditekan.
DWORD dwI3CubeExec = (DWORD)GetModuleHandleA(i3engine); // dapatkan entry point module i3exec
if (dwI3CubeExec > 0) { // jika PointBlank.i3exec telah di inject ke PointBlank.exe
adrWSOn = dwI3CubeExec + (DWORD)ADR_WALLSHOT_NOBT;
MEMpatch((BYTE*)adrWSOn, RET, sizeof(RET)); // lakukan hack terhadap memory
MessageBeep(1); // Beritahukan jika cheat telah sukses di eksekusi
}
}
if (GetAsyncKeyState(VK_DELETE)&1) { // jika hotkey ditekan.
DWORD dwI3CubeExec = (DWORD)GetModuleHandleA(i3engine); // dapatkan entry point module i3exec
if (dwI3CubeExec > 0) { // jika PointBlank.i3exec telah di inject ke PointBlank.exe
adrWSOff = dwI3CubeExec + (DWORD)ADR_WALLSHOT_NOBT;
MEMpatch((BYTE*)adrWSOff, PUSH_EBP, sizeof(PUSH_EBP)); // lakukan hack terhadap memory
MessageBeep(1); // Beritahukan jika Hack telah sukses di eksekusi
}
}
Sleep(10); // jeda untuk menghindari overheat / kelebihan beban
}
return (0); // kembalikan nilai ke 0 agar thread menjadi loop selama-nya
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll); // mencegah boros memori. SAVE Resource <img src="https://s0.wp.com/wp-includes/images/smilies/icon_biggrin.gif?m=1218663747g" alt=":D" class="wp-smiley">
if (dwReason == DLL_PROCESS_ATTACH) { // jika dll ter-attach
MessageBox, MB_OK | MB_ICONINFORMATION); // berikan salam pembuka jika dll telah ter-attach ke PROCESS
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)InitAllHacks, 0, 0, 0); // jalanin thread-nya
}
return TRUE; // mencoba berulang kali sampai thread ter-attach
}
cbase2.h
Code:
# Ifndef __RCD_BASE2_H
# Define __RCD_BASE2_H
# Define WIN32_LEAN_AND_MEAN / / Exclude rarely-Used stuff from Windows headers
# Include
DWORD WINAPI InitAllHacks ( LPVOID param);
# Endif
6. Run RCDLogger 3.0 and c & p addys that have been found to file "addys.h"
7. Click Execute | Rebuild All
8. Make sure there are no errors, try to inject etc which ye made to the PB
9. Making DLL Hack Done!
NB: If you are not working etc. please run the RCD Logger 3 and c & p again offsets that have been found, if you've detected, etc. Try changing the code that is in part:
- Loop (InitAllHacks)
- Memory editing (MEMpatch)
- Hook (Loop, GetAsyncKeyState, CreateThread, et al)
Hook that has been detected Hackshield usually occurs in the Loop, is:
- GetAsyncKeyState to call the function ex:
i f (GetAsyncKeyState (VK_F12) & 1)
{
MajorMissionHack ();
Sleep (500);
}
And also
if (:: GetAsyncKeyState (VK_F12) & 1) DoMisiMayorHack ();
CREDIT:
RCD and CaPeVaLdOfOrMiNiOn
ok let's talk about this : a clue from pointblank hack
in point 6 : 6.RCDLogger 3.0 and c & p addys that have been found to file "addys.h"
problem 1:
RCDLogger 3.0 not supported project blackout.
useful of RCDLogger :
to catch offset data in pointblank.
example
we will make a dll hack wallshot (bullet trough the wall) for pointblank
logger with RCD Logger 3.1,logger time in pointblank: 2/18/2011 12:25am
Code:
<=>=================================================<=>
<=>======= RCD Logger 3.1 || Created by RCD =======<=>
<=>==Thx to : hrd, ukira, NoName, IrvanRFO, Gecko===<=>
<=>====SN4CK3R, oleh yuschuk, darkbyte, P47R1CK,====<=>
<=>=====N3rion, dono, NE0X, Y0da, MPGH, and....=====<=>
<=>========Last : for Zepetto and Gemscool :beer:===<=>
<=>=================================================<=>
<=>=================LOGGING STARTED=================<=>
<=>Name | Result <=>
<=>=================================================<=>
<=>Minimize1 | 0x4B773 <=>
<=>Minimize2 | 0x4B7AB <=>
<=>Wallshot | 0x29A4E0 <=>
<=>WallshotNoBT | 0xF91A0000 <=>
<=>Ammo | 0x1469F0 <=>
<=>Bomberman | 0xF91A0000 <=>
<=>Unl.Grenade | 0x249179 <=>
<=>=================END OF LOGGING==================<=>
//BEGIN C&P KE ADDYS
//ADDYS GENERATED BY RCD LOGGER 3.1
#define OFS_MINIMIZE1 0x4B773
#define OFS_MINIMIZE2 0x4B7AB
#define ADR_WALLSHOT 0x29A4E0
#define ADR_WALLSHOT_NOBT 0xF91A0000
#define ADR_AMMO 0x1469F0
#define OFS_BOMBERMAN 0xF91A0000
#define OFS_UNLGRENADE 0x249179
//END C&P KE ADDYS
insert red value to addys.h
Code:
/*
Name: RCDBase2
Copyright: RCD
Author: RCD
Date: 18/12/10 14:27
Description: Base dasar agar lebih mudah membuat Hack dengan RCDLogger3
ChangLog : Perubahan pada beberapa string yang telah terdeteksi
*/
// PASTE hasil logging RCD Logger ke sini !
//BEGIN C&P KE ADDYS
//ADDYS GENERATED BY RCD LOGGER 3
#define ADR_WALLSHOT 0x29A4E0
#define ADR_WALLSHOT_NOBT 0xF91A0000
//END C&P KE ADDYS
cbase2.c
Code:
/*
Name: RCDBase2
Copyright: RCD
Author: RCD
Date: 20/12/10 14:27
Description: Base dasar agar lebih mudah membuat Hack dengan RCDLogger3
ChangLog : Perubahan pada beberapa string yang telah terdeteksi
*/
#include "cbase2.h"
#include "addys.h"
LPTSTR i3engine = "PointBlank.i3Exec"; // handle PointBlank.i3Exec
DWORD adrWSOn, adrWSOff, OldProtection; // deklarasi variabel
BYTE RET[] = {0xC3}; //deklarasi byte untuk RET
BYTE PUSH_EBP[]= {0x55}; //deklarasi byte untuk PUSH_EBP
/*
Karena memwrite sudah terdeteksi HACKSHIELD, maka saya berupaya membuatkan
fungsi alternative selain memwrite dan undetected bernama MEMpatch
*/
//Check Apakah address tersebut di protect ?
void UnProtectAndModify(DWORD Offset, DWORD Pointer, DWORD Length){
VirtualProtect((void *)Offset, Length, PAGE_EXECUTE_READWRITE, &OldProtection); // check apakah address tsb dikunci / protected ? kalau iya, lakukan unprotect
RtlMoveMemory((void *)Offset, (const void*)Pointer, Length); // ubah address tsb menjadi writeable, dan lakukan patch dengan MEMpatch
VirtualProtect((void *)Offset, Length, OldProtection, &OldProtection); // protect lagi address tsb biar gk kena satpam
}
// Lakukan patch terhadap memory
void MEMpatch( BYTE *Offset, BYTE *ByteArray, DWORD Length){
UnProtectAndModify((DWORD)Offset , (DWORD)ByteArray , 1);
}
DWORD WINAPI InitAllHacks(LPVOID param) // thread telah dipatch. undetected 20 desember 2010
{
while (1) { // jika thread telah aktif
if (GetAsyncKeyState(VK_HOME)&1) { // jika hotkey ditekan.
DWORD dwI3CubeExec = (DWORD)GetModuleHandleA(i3engine); // dapatkan entry point module i3exec
if (dwI3CubeExec > 0) { // jika PointBlank.i3exec telah di inject ke PointBlank.exe
adrWSOn = dwI3CubeExec + (DWORD)ADR_WALLSHOT_NOBT;
MEMpatch((BYTE*)adrWSOn, RET, sizeof(RET)); // lakukan hack terhadap memory
MessageBeep(1); // Beritahukan jika cheat telah sukses di eksekusi
}
}
if (GetAsyncKeyState(VK_END)&1) { // jika hotkey ditekan.
DWORD dwI3CubeExec = (DWORD)GetModuleHandleA(i3engine); // dapatkan entry point module i3exec
if (dwI3CubeExec > 0) { // jika PointBlank.i3exec telah di inject ke PointBlank.exe
adrWSOff = dwI3CubeExec + (DWORD)ADR_WALLSHOT_NOBT;
MEMpatch((BYTE*)adrWSOff, PUSH_EBP, sizeof(PUSH_EBP)); // lakukan hack terhadap memory
MessageBeep(1); // Beritahukan jika Hack telah sukses di eksekusi
}
}
Sleep(10); // jeda untuk menghindari overheat / kelebihan beban
}
return (0); // kembalikan nilai ke 0 agar thread menjadi loop selama-nya
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll); // mencegah boros memori. SAVE Resource :D
if (dwReason == DLL_PROCESS_ATTACH) { // jika dll ter-attach
MessageBox (0,"|WallShot On= HOME | WallShot Off = END | Thanks To RCD", MB_OK | MB_ICONINFORMATION); // berikan salam pembuka jika dll telah ter-attach ke PROCESS
CreateThread(0, 0, (LPTHREAD_START_ROUTINE)InitAllHacks, 0, 0, 0); // jalanin thread-nya
}
return TRUE; // mencoba berulang kali sampai thread ter-attach
}
cbase2.h
Code:
/*
Name: RCDBase2
Copyright: RCD
Author: RCD
Date: 18/12/10 14:27
Description: Base dasar agar lebih mudah membuat Hack dengan RCDLogger3
ChangLog : Perubahan pada beberapa string yang telah terdeteksi
*/
#ifndef __RCD_BASE2_H
#define __RCD_BASE2_H
#define WIN32_LEAN_AND_MEAN // Exclude rarely-used stuff from Windows headers
#include <windows.h>
DWORD WINAPI InitAllHacks(LPVOID param);
#endif
solution 1: need to create a logger.exe
problem 2
in file: cbase2.c
#include "cbase2.h"
#include "addys.h"
LPTSTR i3engine = "PointBlank.i3Exec"; // handle PointBlank.i3Exec
DWORD adrWSOn, adrWSOff, OldProtection; // deklarasi variabel
BYTE RET[] = {0xC3}; //deklarasi byte untuk RET
BYTE PUSH_EBP[]= {0x55}; //deklarasi byte untuk PUSH_EBP
solution 2:
you must change to PBlackout
all credit to :
Richard Yusan A.K.A RCD