Code:
#include "Files.h"
#include <windows.h>
/*Global Variables*/
#define ADDR_CONSOLEUNWRAPPED 0x486010
#define ADDR_GAMESTATUS 0x37806FC4
int g_NXCHAMS = 0;
/*Global Variables*/
void PushCommands(const char* Command)//Credits to Master131
{
void* Console = (void*)ADDR_CONSOLEUNWRAPPED;
_asm
{
call get_eip
push Command
add eax, 0xF
push eax
jmp Console
add esp, 0x4
}
return;
_asm
{
get_eip:
mov eax, [esp]
sub eax, 5
ret
}
}
bool IsGameReady()
{
if( GetModuleHandleA( "d3d9.dll" ) != NULL
&& GetModuleHandleA( "ClientFX.fxd" ) != NULL
&& GetModuleHandleA( "CShell.dll" ) != NULL )
return true;
return false;
}
void HackThread(void)
{
while(true)
{
if(*(BYTE*)ADDR_GAMESTATUS == 1)
{
if((g_NXCHAMS > 0) && (GetAsyncKeyState(VK_NUMPAD1) &1))
{
PushCommands("SkelModelStencil 1");
}else{
PushCommands("SkelModelStencil 0");
}
}
Sleep(200);
}
}
DWORD CALLBACK dwMainThread(LPVOID)
{
while (!IsGameReady())
Sleep(75);
HackThread();
return 0;
}
void EraseHeaders(HINSTANCE hModule)
{
PIMAGE_DOS_HEADER pDoH;
PIMAGE_NT_HEADERS pNtH;
DWORD i, ersize, protect;
if (!hModule) return;
// well just to make clear what we doing
pDoH = (PIMAGE_DOS_HEADER)(hModule);
pNtH = (PIMAGE_NT_HEADERS)((LONG)hModule + ((PIMAGE_DOS_HEADER)hModule)->e_lfanew);
ersize = sizeof(IMAGE_DOS_HEADER);
if ( VirtualProtect(pDoH, ersize, PAGE_READWRITE, &protect) )
{
for ( i=0; i < ersize; i++ )
*(BYTE*)((BYTE*)pDoH + i) = 0;
}
ersize = sizeof(IMAGE_NT_HEADERS);
if ( pNtH && VirtualProtect(pNtH, ersize, PAGE_READWRITE, &protect) )
{
for ( i=0; i < ersize; i++ )
*(BYTE*)((BYTE*)pNtH + i) = 0;
}
return;
}
void HideModule(HINSTANCE hModule)
{
DWORD dwPEB_LDR_DATA = 0;
_asm
{
pushad;
pushfd;
mov eax, fs:[30h]
mov eax, [eax+0Ch]
mov dwPEB_LDR_DATA, eax
mov esi, [eax+0Ch]
mov edx, [eax+10h]
LoopInLoadOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+18h]
cmp ecx, hModule
jne SkipA
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp InMemoryOrderModuleList
SkipA:
cmp edx, esi
jne LoopInLoadOrderModuleList
InMemoryOrderModuleList:
mov eax, dwPEB_LDR_DATA
mov esi, [eax+14h]
mov edx, [eax+18h]
LoopInMemoryOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+10h]
cmp ecx, hModule
jne SkipB
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp InInitializationOrderModuleList
SkipB:
cmp edx, esi
jne LoopInMemoryOrderModuleList
InInitializationOrderModuleList:
mov eax, dwPEB_LDR_DATA
mov esi, [eax+1Ch]
mov edx, [eax+20h]
LoopInInitializationOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+08h]
cmp ecx, hModule
jne SkipC
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp Finished
SkipC:
cmp edx, esi
jne LoopInInitializationOrderModuleList
Finished:
popfd;
popad;
}
}
unsigned char APIENTRY DllMain( HMODULE hModule,
DWORD ul_reason_for_call,
LPVOID lpReserved
)
{
if(ul_reason_for_call == DLL_PROCESS_ATTACH)
{
EraseHeaders(hModule);
HideModule(hModule);
CreateThread(NULL, NULL, dwMainThread, NULL, NULL, NULL);
MessageBoxA(NULL, "Basically Made By Comando2056/Flengo", "Should Work", MB_OK);
}
return TRUE;
}