[Source] Round Ender Code

**Kenshin13** · 09-20-2012

This is the code that is used to end the game in: TEKNOMW3 1.4.382 ONLY
Thanks -InSaNe- for the origional hint which led me to find Hooch's code. So thanks Hooch for the Magic Number Pattern/Mask

Code:

#include <Windows.h>
#include <iostream>

//PATTERN INFO FOR MAGIC NUMBER
#define MAGIC_NUMBER_PATTERN    "\xa1\x00\x00\x00\x00\x8d\x94\x24\x04\x08\x00\x00\x52\x56\x50\x68\x00\x00\x00\x00\xe8\x00\x00\x00\x00\x8b\x8c\x24\x18\x0c\x00\x00\x50\x51\xe8\x00\x00\x00\x00\x83\xc4\x18"
#define MAGIC_NUMBER_MASK        "x????xxxxxxxxxxx????x????xxxxxxxxxx????xxx" // +1  

//Definitions for PROCESSCOMMAND
typedef int (__cdecl *ProcessCommandCode)(int *defArg, char *Command);
ProcessCommandCode ProcessCommand = (ProcessCommandCode)0x00429920;

//Required for FIND PATTERN
bool bDataCompare( const BYTE* pData, const BYTE* bMask, const char* szMask ) 
	{ 
	for( ; *szMask; ++szMask, ++pData, ++bMask ) 
		if( *szMask == 'x' && *pData != *bMask )  
			return false; 
	return ( *szMask ) == NULL; 
	} 

//General FIND PATTERN Function
DWORD FindPattern( DWORD baseAddress, DWORD sizeOfModule, BYTE *bMask, char* szMask ) 
	{ 
	for( DWORD i=0; i < sizeOfModule; i++ ) 
		if( bDataCompare( ( BYTE* )( baseAddress + i ), bMask, szMask) ) 
			return ( DWORD )( baseAddress + i ); 
	return NULL; 
	} 

//Make Sure Module is injected into the right process or do nothing.
bool IsModuleReady()
	{
	if( GetModuleHandleA( "iw5mp.exe" ) != NULL )
		return true;

	return false;
	}

//FindMagicNumber
DWORD WINAPI GetMagicNumberAddress()
	{
	while( !IsModuleReady()) Sleep(50);
	DWORD *MagicNumber = (DWORD*)*(DWORD*)(FindPattern((DWORD)GetModuleHandleA("iw5mp.exe"), 0xFFFFFFFF, (BYTE*)MAGIC_NUMBER_PATTERN, MAGIC_NUMBER_MASK) + 1);
	return *MagicNumber;

	}

//RoundEnder Activates on END Button
DWORD WINAPI EndRound(LPVOID threadArgs)
	{
	char buffer[32];
	while(1)
		{
		if(GetAsyncKeyState(VK_END))
			{
			sprintf(buffer, "mr %d -1 endround;", (DWORD)GetMagicNumberAddress());
			ProcessCommand(0, buffer);
			Sleep(200);
			}
		}
	return 0;
	}

//Main() Function
BOOL APIENTRY DllMain(HANDLE hDllHandle, DWORD dwReason, LPVOID lpreserved)
	{
	DWORD threadID;
	switch(dwReason)
		{
	case DLL_PROCESS_ATTACH:
		CreateThread(NULL, 0, EndRound, NULL, 0, &threadID); //Create Round End Thread.
	case DLL_PROCESS_DETACH:
		break;
		}
	return true;
	}

**noname65** · 09-20-2012

Originally Posted by Kenshin13

This is the code that is used to end the game in: TEKNOMW3 1.4.382 ONLY
Thanks -InSaNe- for the origional hint

CodMaster for the Magic Number Pattern/Mask

Code:

#include <Windows.h>
#include <iostream>

//PATTERN INFO FOR MAGIC NUMBER
#define MAGIC_NUMBER_PATTERN    "\xa1\x00\x00\x00\x00\x8d\x94\x24\x04\x08\x00\x00\x52\x56\x50\x68\x00\x00\x00\x00\xe8\x00\x00\x00\x00\x8b\x8c\x24\x18\x0c\x00\x00\x50\x51\xe8\x00\x00\x00\x00\x83\xc4\x18"
#define MAGIC_NUMBER_MASK        "x????xxxxxxxxxxx????x????xxxxxxxxxx????xxx" // +1  

//Definitions for PROCESSCOMMAND
typedef int (__cdecl *ProcessCommandCode)(int *defArg, char *Command);
ProcessCommandCode ProcessCommand = (ProcessCommandCode)0x00429920;

//Required for FIND PATTERN
bool bDataCompare( const BYTE* pData, const BYTE* bMask, const char* szMask ) 
	{ 
	for( ; *szMask; ++szMask, ++pData, ++bMask ) 
		if( *szMask == 'x' && *pData != *bMask )  
			return false; 
	return ( *szMask ) == NULL; 
	} 

//General FIND PATTERN Function
DWORD FindPattern( DWORD baseAddress, DWORD sizeOfModule, BYTE *bMask, char* szMask ) 
	{ 
	for( DWORD i=0; i < sizeOfModule; i++ ) 
		if( bDataCompare( ( BYTE* )( baseAddress + i ), bMask, szMask) ) 
			return ( DWORD )( baseAddress + i ); 
	return NULL; 
	} 

//Make Sure Module is injected into the right process or do nothing.
bool IsModuleReady()
	{
	if( GetModuleHandleA( "iw5mp.exe" ) != NULL )
		return true;

	return false;
	}

//FindMagicNumber
DWORD WINAPI GetMagicNumberAddress()
	{
	while( !IsModuleReady()) Sleep(50);
	DWORD *MagicNumber = (DWORD*)*(DWORD*)(FindPattern((DWORD)GetModuleHandleA("iw5mp.exe"), 0xFFFFFFFF, (BYTE*)MAGIC_NUMBER_PATTERN, MAGIC_NUMBER_MASK) + 1);
	return *MagicNumber;

	}

//RoundEnder Activates on END Button
DWORD WINAPI EndRound(LPVOID threadArgs)
	{
	char buffer[32];
	while(1)
		{
		if(GetAsyncKeyState(VK_END))
			{
			sprintf(buffer, "mr %d -1 endround;", (DWORD)GetMagicNumberAddress());
			ProcessCommand(0, buffer);
			Sleep(200);
			}
		}
	return 0;
	}

//Main() Function
BOOL APIENTRY DllMain(HANDLE hDllHandle, DWORD dwReason, LPVOID lpreserved)
	{
	DWORD threadID;
	switch(dwReason)
		{
	case DLL_PROCESS_ATTACH:
		CreateThread(NULL, 0, EndRound, NULL, 0, &threadID); //Create Round End Thread.
	case DLL_PROCESS_DETACH:
		break;
		}
	return true;
	}

It would be Helpful if you compile that avoid the name hider code for us because i do not know how to do.

**noname65** · 09-20-2012

attach file with MPGH, then will work.

**barata55** · 09-20-2012

Originally Posted by Kenshin13

This is the code that is used to end the game in: TEKNOMW3 1.4.382 ONLY
Thanks -InSaNe- for the origional hint

CodMaster for the Magic Number Pattern/Mask

Code:

#include <Windows.h>
#include <iostream>

//PATTERN INFO FOR MAGIC NUMBER
#define MAGIC_NUMBER_PATTERN    "\xa1\x00\x00\x00\x00\x8d\x94\x24\x04\x08\x00\x00\x52\x56\x50\x68\x00\x00\x00\x00\xe8\x00\x00\x00\x00\x8b\x8c\x24\x18\x0c\x00\x00\x50\x51\xe8\x00\x00\x00\x00\x83\xc4\x18"
#define MAGIC_NUMBER_MASK        "x????xxxxxxxxxxx????x????xxxxxxxxxx????xxx" // +1  

//Definitions for PROCESSCOMMAND
typedef int (__cdecl *ProcessCommandCode)(int *defArg, char *Command);
ProcessCommandCode ProcessCommand = (ProcessCommandCode)0x00429920;

//Required for FIND PATTERN
bool bDataCompare( const BYTE* pData, const BYTE* bMask, const char* szMask ) 
	{ 
	for( ; *szMask; ++szMask, ++pData, ++bMask ) 
		if( *szMask == 'x' && *pData != *bMask )  
			return false; 
	return ( *szMask ) == NULL; 
	} 

//General FIND PATTERN Function
DWORD FindPattern( DWORD baseAddress, DWORD sizeOfModule, BYTE *bMask, char* szMask ) 
	{ 
	for( DWORD i=0; i < sizeOfModule; i++ ) 
		if( bDataCompare( ( BYTE* )( baseAddress + i ), bMask, szMask) ) 
			return ( DWORD )( baseAddress + i ); 
	return NULL; 
	} 

//Make Sure Module is injected into the right process or do nothing.
bool IsModuleReady()
	{
	if( GetModuleHandleA( "iw5mp.exe" ) != NULL )
		return true;

	return false;
	}

//FindMagicNumber
DWORD WINAPI GetMagicNumberAddress()
	{
	while( !IsModuleReady()) Sleep(50);
	DWORD *MagicNumber = (DWORD*)*(DWORD*)(FindPattern((DWORD)GetModuleHandleA("iw5mp.exe"), 0xFFFFFFFF, (BYTE*)MAGIC_NUMBER_PATTERN, MAGIC_NUMBER_MASK) + 1);
	return *MagicNumber;

	}

//RoundEnder Activates on END Button
DWORD WINAPI EndRound(LPVOID threadArgs)
	{
	char buffer[32];
	while(1)
		{
		if(GetAsyncKeyState(VK_END))
			{
			sprintf(buffer, "mr %d -1 endround;", (DWORD)GetMagicNumberAddress());
			ProcessCommand(0, buffer);
			Sleep(200);
			}
		}
	return 0;
	}

//Main() Function
BOOL APIENTRY DllMain(HANDLE hDllHandle, DWORD dwReason, LPVOID lpreserved)
	{
	DWORD threadID;
	switch(dwReason)
		{
	case DLL_PROCESS_ATTACH:
		CreateThread(NULL, 0, EndRound, NULL, 0, &threadID); //Create Round End Thread.
	case DLL_PROCESS_DETACH:
		break;
		}
	return true;
	}

This code is by Hooch, not Insane or CodMaster, please correct the credits.

Thanks Barata...

**dirt31996** · 09-21-2012

Is this a aimbot?

**Instrumental** · 09-21-2012

yes Hooch is the creator of the following code.

Originally Posted by dirt31996

Is this a aimbot?

no its end round.

**Kenshin13** · 09-21-2012

Yea guys I know Hooch was the main one for this. I just decided to post the source because his wasn't working. Plus it could help some people out. I mistook him for CodMaster and was too lazy to research for it. Thanks @barata55 for doing my homework for me

Oh, here's the DLL that I couldn't upload:

VirusTotal
Jotti's Virus Scan

**MarkHC** · 09-22-2012

/File approved
Use at your own risk

**tret** · 09-23-2012

WHICH BUTTON SHOULD I PRESS TO END THE ROUND??\

**MarkHC** · 09-23-2012

Originally Posted by tret

WHICH BUTTON SHOULD I PRESS TO END THE ROUND??\

END.. I guess

**Kenshin13** · 09-23-2012

Originally Posted by tret

WHICH BUTTON SHOULD I PRESS TO END THE ROUND??\

Yea you press the end button :P simple enough right?

**xxcrusherxx** · 09-25-2012

I love this one lol thanks

**Kenshin13** · 09-25-2012

Yea, used it in my server crasher

Detour style.

**MarkHC** · 09-25-2012

Originally Posted by Kenshin13

Yea, used it in my server crasher

Detour style.

You know you actually doesn't need a detour for this right?

**Kenshin13** · 09-25-2012

Originally Posted by -InSaNe-

You know you actually doesn't need a detour for this right?

LoL bro ik!! I just wanted to test this out.

Thread: [Source] Round Ender Code

Thread Tools

Display

[Source] Round Ender Code

The Following 4 Users Say Thank You to Kenshin13 For This Useful Post:

Similar Threads

[Solved] Is there way way of getting round "key code in use"?

Mozilla Firefox view-source:javascript url Code Execution Exploit:

[Release] ****** DLL Source Code

keylogger source code

HALO 2 (XBOX) Source Code