Algumas hook's roubadas de alguns hacks:
Detours:
Code:
void *DetourCreate(BYTE *src, const BYTE *dst, const int len)
{
BYTE *jmp = (BYTE*)malloc(len+5);
DWORD dwBack;
VirtualProtect(src, len, PAGE_EXECUTE_READWRITE, &dwBack);
memcpy(jmp, src, len);
jmp += len;
jmp[0] = 0xE9;
*(DWORD*)(jmp+1) = (DWORD)(src+len - jmp) - 5;
src[0] = 0xE9;
*(DWORD*)(src+1) = (DWORD)(dst - src) - 5;
for (int i=5; i<len; i++) src[i]=0x90;
VirtualProtect(src, len, dwBack, &dwBack);
return (jmp-len);
}
DrawIndexedPrimtive ( Funciona em qualquer AC sem Detectar )
Code:
typedef HRESULT (WINAPI* oDIP)(LPDIRECT3DDEVICE9 pDevice,D3DPRIMITIVETYPE,int,UINT,UINT,UINT,UINT);
oDIP pDIP;
oDrawIndexedPrimitive = ( pDIP ) DetourCreate( ( BYTE *)VTable[148], ( BYTE *)new_DIP, 5 );
Outras coisas Roubadas:
Code:
int __cdecl sub_10016430(int a1) /*algum opk*/
{
int v1; // edx@1
int v2; // ecx@1
int v3; // ecx@3
int v4; // ecx@3
int v6; // ST08_4@10
int v7; // ecx@10
char v8; // [sp+Ch] [bp-108h]@1
int v9; // [sp+D0h] [bp-44h]@3
int v10; // [sp+DCh] [bp-38h]@3
int i; // [sp+E8h] [bp-2Ch]@1
int v12; // [sp+F4h] [bp-20h]@1
int Dst; // [sp+100h] [bp-14h]@1
void *Src; // [sp+10Ch] [bp-8h]@1
int v15; // [sp+114h] [bp+0h]@10
memset(&v8, -858993460, 0x108u);
dword_100201EC = (int (__thiscall *)(_DWORD, _DWORD, _DWORD))924463088;
v12 = v37963e70;
dword_100201E8 = (int (__thiscall *)(_DWORD))924465680;
GetModuleHandleA("ClientFX.fxd");
Src = (void *)(sub_10011235(v2, v1) + 438068);
j_memcpy(&Dst, Src, 4u);
for ( i = 0; i < 16; ++i )
{
dword_100201EC(v12, i, 0);
v10 = sub_10011235(v3, v1);
dword_100201E8(v12);
v9 = sub_10011235(v4, v1);
if ( v10 )
{
if ( *(_DWORD *)(v10 + 44) )
{
if ( !*(_BYTE *)(v10 + 124) )
{
if ( a1 )
{
v1 = *(_DWORD *)(v10 + 116);
if ( v1 != *(_DWORD *)(v9 + 116) )
{
*(float *)(Dst + 200) = *(float *)(*(_DWORD *)(v10 + 44) + 200) + 25.0;
*(float *)(Dst + 204) = *(float *)(*(_DWORD *)(v10 + 44) + 20) + 8.0;
v1 = Dst;
*(float *)(Dst + 208) = *(float *)(*(_DWORD *)(v10 + 44) + 208);
}
}
}
}
}
}
v6 = v1;
sub_100110E6(&v15, &dword_1001658C);
return sub_10011235(v7, v6);
}
Traduzindo:
void algumOPK ( )
{
DWORD GetModule = ( DWORD )GetModuleHandleA( "ClientFX.fxd" );
DWORD DstPos[2];
LPVOID Src = ( LPVOID )( GetModule + 0x6AF34 );
memcpy( &DstPos[0], Src, 4 );
memcpy( &DstPos[1], (void *)( GetRandomPlayer ), 4 );
if( GetModule != 0 )
{
FLOAT PosX = *(float *)(DstPos + 0xC8);
FLOAT PosY = *(float *)(DstPos + 0xCC);
FLOAT PosZ = *(float *)(DstPos + 0xD0);
if( PosX != 0 &&
PosY != 0 &&
PosZ != 0 )
{
*(float *)(DstPos[1] + 0xC8) + 25.0 = PosX;
*(float *)(DstPos[1] + 0x14 /*0xCC*/) + 8.0 = PosY;
*(float *)(DstPos[1] + 0xD0) = PosZ;
}
}
}
Detours:
int __cdecl sub_10013240(LPVOID lpAddress, int a2, signed int Size)
{
int v3; // edx@1
int v4; // ecx@1
int v5; // edx@1
int v6; // ecx@1
int v8; // edx@4
int v9; // ecx@4
int v10; // edx@4
int v11; // ST0C_4@4
int v12; // ecx@4
char v13; // [sp+Ch] [bp-E4h]@1
int i; // [sp+D0h] [bp-20h]@1
void *Dst; // [sp+DCh] [bp-14h]@1
DWORD flOldProtect; // [sp+E8h] [bp-8h]@1
int v17; // [sp+F0h] [bp+0h]@4
memset(&v13, -858993460, 0xE4u);
malloc(Size + 5);
Dst = (void *)sub_10011235(v4, v3);
VirtualProtect(lpAddress, Size, 0x40u, &flOldProtect);
sub_10011235(v6, v5);
j_memcpy(Dst, lpAddress, Size);
Dst = (char *)Dst + Size;
*(_BYTE *)Dst = -23;
*(_DWORD *)((char *)Dst + 1) = (char *)lpAddress + Size - Dst - 5;
*(_BYTE *)lpAddress = -72;
*(_DWORD *)((char *)lpAddress + 1) = a2;
*(_WORD *)((char *)lpAddress + 5) = -7937;
for ( i = 7; i < Size; ++i )
*((_BYTE *)lpAddress + i) = -112;
VirtualProtect(lpAddress, Size, flOldProtect, &flOldProtect);
sub_10011235(v9, v8);
v11 = v10;
sub_100110E6(&v17, &dword_10013358);
return sub_10011235(v12, v11);
}
Creditos:
@Hacker Fail ( roubei algumas coisas dele, o resto eu nao sei. )