Code:
%include 'C:\Programme\asm\inc\nasmx.inc'
IMPORT VirtualProtect, 16
IMPORT CreateThread, 24
IMPORT GetModuleHandleA, 4
extern Sleep
entry DllEntry
[section .text]
d3d9hook:
push oldprotect
push 40h
push 10
push dword [addyrc]
call VirtualProtect
mov ecx, dword [addyrc]
mov byte [ecx+1Bh], 90h
mov byte [ecx+1Ch], 90h
mov byte [ecx+24h], 90h
mov byte [ecx+25h], 90h
push szfps
call [addyrc]
add esp, 4
push sznxchams
call [addyrc]
add esp, 4
push szfrunvel
call [addyrc]
add esp, 4
push szsrunvel
call [addyrc]
add esp, 4
push szbrunvel
call [addyrc]
add esp, 4
push szspread1
call [addyrc]
add esp, 4
push szspread2
call [addyrc]
add esp, 4
push szspread3
call [addyrc]
add esp, 4
push szspread4
call [addyrc]
add esp, 4
push szhulk
call [addyrc]
add esp, 4
push szfps
call [addyrc]
add esp, 4
mov ecx, dword [addyrc]
mov byte [ecx+1Bh], 72h
mov byte [ecx+1Ch], 0Eh
mov byte [ecx+24h], 73h
mov byte [ecx+25h], 05h
mov eax, [endsceneaddy]
add eax, 2
mov byte [eax], 55h
mov byte [eax+1], 8Bh
mov byte [eax+2], 0xEC
mov byte [eax+3], 6Ah
mov byte [eax+4], 0xFF
push ebp
mov ebp, esp
push 0FFFFFFFFh
jmp [rchookback]
proc attachrc
locals none
loopwait:
push 10000
call Sleep
mov eax, dword [endsceneaddy]
mov dword [moduled3d9], eax
mov eax, [moduled3d9]
mov dword [rchookback], eax
add dword [rchookback], 7
invoke VirtualProtect, [moduled3d9], 10, 40h, oldprotect
add dword [moduled3d9], 2
mov ecx, dword [moduled3d9]
mov byte [ecx], 0xE9
mov eax, d3d9hook
sub eax, dword [moduled3d9]
sub eax, 5
mov dword [ecx+1], eax
jmp loopwait
endproc
proc findaddys
locals none
loopcshell:
invoke GetModuleHandleA, szCshell
cmp eax, 0
je loopcshell
mov [modulecshell], eax
loopclientfx:
invoke GetModuleHandleA, szClientFX
cmp eax, 0
je loopclientfx
loopd3d9:
invoke GetModuleHandleA, szD3D9
cmp eax, 0
je loopd3d9
mov [moduled3d9], eax
mov ecx, [modulecshell]
looprcbyte:
inc ecx
cmp byte [ecx], 0xA1
jne looprcbyte
cmp byte [ecx+4], 37h
jne looprcbyte
cmp byte [ecx+5], 8Bh
jne looprcbyte
cmp byte [ecx+6], 88h
jne looprcbyte
cmp byte [ecx+11], 68h
jne looprcbyte
cmp byte [ecx+15], 37h
jne looprcbyte
cmp byte [ecx+16], 0xFF
jne looprcbyte
cmp byte [ecx+17], 0xD1
jne looprcbyte
cmp byte [ecx+18], 59h
jne looprcbyte
cmp byte [ecx+19], 0xC2
jne looprcbyte
cmp byte [ecx+20], 10h
jne looprcbyte
cmp byte [ecx+21], 00h
jne looprcbyte
mov ebx, [ecx+7]
mov dword [rcoffset], ebx
mov ebx, [ecx+1]
mov ebx, [ebx]
add ebx, [rcoffset]
mov ecx, [ebx]
mov dword [addyrc], ecx
mov ecx, [moduled3d9]
loopsearchd3d9:
inc ecx
cmp byte [ecx], 0xC7
jne loopsearchd3d9
cmp byte [ecx+1], 06h
jne loopsearchd3d9
cmp byte [ecx+6], 89h
jne loopsearchd3d9
cmp byte [ecx+7], 86h
jne loopsearchd3d9
cmp byte [ecx+12], 89h
jne loopsearchd3d9
cmp byte [ecx+13], 86h
jne loopsearchd3d9
add ecx, 2
mov ebx, [ecx]
add ebx, 168
mov eax, [ebx]
mov dword [endsceneaddy], eax
invoke CreateThread, 0, 0, attachrc, 0, 0, 0
endproc
proc DllEntry, ptrdiff_t hinst, size_t reason, size_t reserved
locals none
mov ecx, 1
cmp [ebp+0Ch], ecx
jne goon
invoke CreateThread, 0, 0, findaddys, 0, 0, 0
goon:
mov eax, 1
endproc
[section .data]
szCshell: declare(NASMX_TCHAR) NASMX_TEXT('cshell.dll'), 0x0
szClientFX: declare(NASMX_TCHAR) NASMX_TEXT('ClientFX.fxd'), 0x0
szD3D9: declare(NASMX_TCHAR) NASMX_TEXT('d3d9.dll'), 0x0
sznxchams: declare(NASMX_TCHAR) NASMX_TEXT('SkelModelStencil -1'), 0x0
szfrunvel: declare(NASMX_TCHAR) NASMX_TEXT('FRunVel 500.000000'), 0x0
szbrunvel: declare(NASMX_TCHAR) NASMX_TEXT('BRunVel 500.000000'), 0x0
szsrunvel: declare(NASMX_TCHAR) NASMX_TEXT('SRunVel 500.000000'), 0x0
szspread1: declare(NASMX_TCHAR) NASMX_TEXT('PerturbRotationEffect 0.000000'), 0x0
szspread2: declare(NASMX_TCHAR) NASMX_TEXT('PerturbIncreaseSpeed 0.000000'), 0x0
szspread3: declare(NASMX_TCHAR) NASMX_TEXT('PerturbWalkPercent 0.000000'), 0x0
szspread4: declare(NASMX_TCHAR) NASMX_TEXT('PerturbFiringIncreaseSpeed 0.000000'), 0x0
szfps: declare(NASMX_TCHAR) NASMX_TEXT('ShowFps 1'), 0x0
szhulk: declare(NASMX_TCHAR) NASMX_TEXT('JumpVel 660.000000'), 0x0
[section .bss]
modulecshell : resd 2
addyrc : resd 2
rcoffset : resd 2
rchookback : resd 2
moduled3d9 : resd 2
oldprotect : resd 2
endsceneaddy : resd 2