Porque postei isso?
- A pedido de algumas pessoas que estão dando um tempo de hack!
agora use a inteligência para descobrir quem são!Code:void *DetourCreate(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp; DWORD dwback; DWORD jumpto, newjump; VirtualProtect(src, len, PAGE_READWRITE, &dwback); if(src[0] == 0xE9) { jmp = (BYTE*)malloc(10); jumpto = (*(DWORD*)(src + 1)) + ((DWORD)src) + 5; newjump = (jumpto - (DWORD)(jmp + 5)); jmp[0] = 0xE9; *(DWORD*)(jmp + 1) = newjump; jmp += 5; jmp[0] = 0xE9; *(DWORD*)(jmp + 1) = (DWORD)(src - jmp); } else { jmp = (BYTE*)malloc(5 + len); memcpy(jmp, src, len); jmp += len; jmp[0] = 0xE9; *(DWORD*)(jmp + 1) = (DWORD)(src + len - jmp) - 5; } src[0] = 0xE9; *(DWORD*)(src + 1) = (DWORD)(dst - src) - 5; for(int i = 5; i < len; i++) src[i] = 0x90; VirtualProtect(src,len,dwback,&dwback); return(jmp - len); }Code:class cCharacterFX { public: char unknown0[16]; //0x0000 __int32 *Object; //0x0010 char unknown1[44]; //0x0014 __int32 IsPlayer; //0x0040 char unknown2[44]; //0x0044 BYTE Index; //0x0070 char unknown3[15]; //0x0071 float fPitch; //0x0080 float fYaw; //0x0084 char unknown4[1224]; //0x0088 BYTE unknown5; //0x0550 bool bIsDead; //0x0551 bool bSpawnSheild; //0x0552 BYTE unknown6; //0x0553 char unknown7[12]; //0x0554 __int32 *hHitbox; //0x0560 char unknown8[96]; //0x0564 WORD unknown9; //0x05C4 WORD wHealth; //0x05C6 WORD wArmor; //0x05C8 };//Size=0x05CACode:class cPlayerInfo { public: char unknown0[4]; //0x0000 __int32 Index; //0x0004 char unknown1[12]; //0x0008 char pName[20]; //0x0014 char unknown2[4]; //0x0028 __int32 *Object; //0x002C __int32 pKills; //0x0030 __int32 pDeaths; //0x0034 __int32 pKillsaLive; //0x0038 char unknown3[12]; //0x003C __int32 pSuicides; //0x0048 __int32 pKillsAfterJoin; //0x004C __int32 pDoubleKills; //0x0050 __int32 pMultiKills; //0x0054 __int32 pUltraKills; //0x0058 __int32 pFantastic; //0x005C char unknown4[4]; //0x0060 __int32 pHeadShots; //0x0064 __int32 pFTMission; //0x0068 char unknown5[8]; //0x006C __int32 pTeam; //0x0074 char unknown6[4]; //0x0078 __int32 pIsDead; //0x007C char unknown7[307]; //0x0080 __int32 pRank; //0x01B3 char unknown8[80]; //0x01B7 __int32 pFTScore; //0x0207 __int32 pFTSpawn; //0x020B char unknown9[3]; //0x020F __int32 pFTLongestLife; //0x0212 __int32 pFTKill; //0x0216 char unknown10[80]; //0x021A cPlayerInfo* pPrev; //0x026A cPlayerInfo* pNext; //0x026E };//Size=0x0272Endereços S2SCode:class cGameClientShell { public: virtual void Function0(); // virtual void Function1(); // virtual void Function2(); // virtual void Function3(); // virtual void Function4(); // virtual void Function5(); // virtual void Function6(); // virtual void Function7(); // virtual void Function8(); // virtual void Function9(); // virtual void Function10(); // virtual void Function11(); // virtual void Function12(); // virtual void Function13(); // virtual void Function14(); // virtual void Function15(); // virtual void Function16(); // virtual void Function17(); // virtual void Function18(); // virtual void Function19(); // virtual void Function20(); // virtual void Function21(); // virtual void Function22(); // virtual void Function23(); // virtual void Function24(); // virtual void Function25(); // virtual void Function26(); // virtual void Function27(); // virtual void Function28(); // virtual void Function29(); // virtual void Function30(); // virtual void Function31(); // virtual void Function32(); // virtual void Function33(); // virtual void Function34(); // virtual void Function35(); // virtual void Function36(); // virtual void Function37(); // virtual void Function38(); // virtual void Function39(); // virtual void Function40(); // virtual void Function41(); // virtual void Function42(); // virtual void Function43(); // virtual void Function44(); // virtual void Function45(); // virtual void Function46(); // virtual DWORD GetClientInfoMgr(); //0x00B8 virtual DWORD GetInterfaceManager(); //0x00BC virtual DWORD GetPlayerManager(); //0x00C0 virtual void Function50(); // virtual void Function51(); // virtual void Function52(); // virtual void Function53(); // virtual void Function54(); // virtual void Function55(); // virtual void Function56(); // virtual void Function57(); // virtual cSFXMgr* GetSFXMgr(); // };//Size=0x0004
Code:ClientInfoMgr 0x378069B8 SendToServer 0x00474370Créditos:Code:#define ADDR_HACKSHIELD_1 0x0000A048 #define ADDR_HACKSHIELD_2 0x0009A8C2 #define ADDR_HACKSHIELD_3 0x0007EFA4 #define ADDR_HACKSHIELD_4 0x0000A000 #define ADDR_HACKSHIELD_5 0x0003CF8E #define ADDR_HACKSHIELD_6 0x0003A39F #define ADDR_HACKSHIELD_7 0x0003C446 #define ADDR_HACKSHIELD_8 0x0003D004 bool MemoryEdit(void *lpMem, VOID *lpSrc, size_t len) { DWORD lpflOldProtect, flNewProtect = PAGE_READWRITE; UCHAR * pDst = (UCHAR*)lpMem, *pSrc = (UCHAR*)lpSrc; if(VirtualProtect(lpMem, len, flNewProtect, &lpflOldProtect)) { while(len-- > 0) *pDst++ = *pSrc++; return 0; } return 1; } DWORD WINAPI BypassThread(LPVOID) { DWORD dwEhSvc = 0; do { dwEhSvc = (DWORD)GetModuleHandleA("EhSvc.dll"); Sleep(100); } while(!dwEhSvc); MemoryEdit((PVOID)(dwEhSvc + ADDR_HACKSHIELD_1), (PVOID)"\x74", 1); MemoryEdit((PVOID)(dwEhSvc + ADDR_HACKSHIELD_2), (PVOID)"\xD2", 1); MemoryEdit((PVOID)(dwEhSvc + ADDR_HACKSHIELD_3), (PVOID)"\xC2\x04\x00", 3); MemoryEdit((PVOID)(dwEhSvc + ADDR_HACKSHIELD_4), (PVOID)"\xC2\x04\x00", 3); MemoryEdit((PVOID)(dwEhSvc + ADDR_HACKSHIELD_5), (PVOID)"\x31", 1); MemoryEdit((PVOID)(dwEhSvc + ADDR_HACKSHIELD_6), (PVOID)"\x31", 1); MemoryEdit((PVOID)(dwEhSvc + ADDR_HACKSHIELD_7), (PVOID)"\x31", 1); MemoryEdit((PVOID)(dwEhSvc + ADDR_HACKSHIELD_8), (PVOID)"\x90\x90", 2); return 0; }
A todos os habitantes da nossa querida terra
Last edited by Louco1533; 02-27-2013 at 03:07 PM.
Nossa isso sim foi um belo post , varias coisa que ninguem tem god job
Postando um desvio assim ele vai ser detectado logo logo, me corrijam se estiver errado..
Eu uso essa Hook :
e para fixar as esps(para não dar crash quando eu entrar com elas ligadas no jogo)Code:void *Start(BYTE *src, const BYTE *dst, const int len) { BYTE *jmp = (BYTE*)malloc(len+5); DWORD dwBack; VirtualProtect(src, len, PAGE_READWRITE, &dwBack); memcpy(jmp, src, len); jmp += len; jmp[0] = '\xE9'; *(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5; src[0] = '\x50'; src[1] = '\x58'; src[2] = '\xE9'; *(DWORD*)(&src[3]) = (DWORD)(dst - src) - 7; for (int i=7; i<len; i++) src[i] = '\x90'; VirtualProtect(src, len, dwBack, &dwBack); return (jmp-len); } UINT WINAPI Hook(VOID *) { DWORD dwVTable[2] = {0}; CreateDevice(dwVTable); oReset = (tReset) Start((PBYTE) dwVTable[0], (PBYTE) &Reset, 7); oPresent = (tPresent)Start((PBYTE) dwVTable[1], (PBYTE) &Present, 7); return FALSE; } BOOL APIENTRY DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpReserved) { DisableThreadLibraryCalls(hModule); if(dwReason == DLL_PROCESS_ATTACH) { Sleep(100); EraseHeaders(hModule); HideInList(hModule); EraseHeaders(hModule); _beginthreadex(0, 0, Hook, 0, 0, 0); //#include <process.h> } return TRUE; }
eu uso assim :
hihi logica simples ela evita o crash causado pelo o GameStatusCode:if((*(BYTE *)GameStatus = 5) && (Variaveis = 1) { if(*(BYTE *)GameStatus = 6 && Variaveis = 1) { Variaveis = false; } else if(*(BYTE *)GameStatus = 1 ) { Variaveis = true; }
Tome cuidado cara com essa sua inteligencia acima da media isso pode ser raro
Hacker Fail (03-01-2013),luccss (02-27-2013),pDevice (02-28-2013),The Decoder (02-28-2013)
Créditos para detours: apin
Só de olhar para esse Bypass dá pra perceber que ele não funciona, agora o HS necessita dos Offsets.
Vou orientar vocês com o que vocês tem:
Base.EditarMemoria((void *)(dwEhSvc + ADDR_HACKSHIELD_1, (void *)"\x74\x15" ,2);// HSCallBack2
Base.EditarMemoria((void *)(dwEhSvc + ADDR_HACKSHIELD_2), (void *)"\xD2", 1);// HSCallBack1
Base.EditarMemoria((void *)(dwEhSvc + ADDR_HACKSHIELD_3), (void *)"\xC2\x04\x00",3);// HSNanoScan1
Base.EditarMemoria((void *)(dwEhSvc + ADDR_HACKSHIELD_4), (void *)"\xC2\x04\x00",3);// Detectar
Base.EditarMemoria((void *)(dwEhSvc + ADDR_HACKSHIELD_5), (void *)"\x31",1 );
Base.EditarMemoria((void *)(dwEhSvc + ADDR_HACKSHIELD_6),(PBYTE)"\x31",1 );
Base.EditarMemoria((void *)(dwEhSvc + ADDR_HACKSHIELD_7),(PBYTE)"\x31",1 );
Base.EditarMemoria((void *)(dwEhSvc + ADDR_HACKSHIELD_8),(PBYTE)"\x90\x90",2);// HS_ASM
Pronto.
Santa mãe de deus.
Valeu, num tinha as classes nem os endereços.
Agora é sós os "LIXOS" dar Ctrl+c & Ctrl+V e se achar o Foda