Code:
#include <Windows.h>
#include <iostream>
//PATTERN INFO FOR MAGIC NUMBER
#define MAGIC_NUMBER_PATTERN "\xa1\x00\x00\x00\x00\x8d\x94\x24\x04\x08\x00\x00\x52\x56\x50\x68\x00\x00\x00\x00\xe8\x00\x00\x00\x00\x8b\x8c\x24\x18\x0c\x00\x00\x50\x51\xe8\x00\x00\x00\x00\x83\xc4\x18"
#define MAGIC_NUMBER_MASK "x????xxxxxxxxxxx????x????xxxxxxxxxx????xxx" // +1
#define cgt_offset 0x8ff080
//Definitions for PROCESSCOMMAND
typedef int(__cdecl *ProcessCommandCode)(int *defArg, char *Command);
ProcessCommandCode ProcessCommand = (ProcessCommandCode)0x00429920;
//Required for FIND PATTERN
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for (; *szMask; ++szMask, ++pData, ++bMask)
if (*szMask == 'x' && *pData != *bMask)
return false;
return (*szMask) == NULL;
}
//General FIND PATTERN Function
DWORD FindPattern(DWORD baseAddress, DWORD sizeOfModule, BYTE *bMask, char* szMask)
{
for (DWORD i = 0; i < sizeOfModule; i++)
if (bDataCompare((BYTE*)(baseAddress + i), bMask, szMask))
return (DWORD)(baseAddress + i);
return NULL;
}
//Make Sure Module is injected into the right process or do nothing.
bool IsModuleReady()
{
if (GetModuleHandleA("iw5mp.exe") != NULL)
return true;
return false;
}
//FindMagicNumber
DWORD WINAPI GetMagicNumberAddress()
{
while (!IsModuleReady()) Sleep(50);
DWORD *MagicNumber = (DWORD*)*(DWORD*)(FindPattern((DWORD)GetModuleHandleA("iw5mp.exe"), 0xFFFFFFFF, (BYTE*)MAGIC_NUMBER_PATTERN, MAGIC_NUMBER_MASK) + 1);
return *MagicNumber;
}
void ChopperBoxes()
{
DWORD dwCall = 0x8FF110;
__asm{
push 0x0
call[dwCall]
adc[eax], ah
}
}
//RoundEnder Activates on END Button
DWORD WINAPI JustAforce(LPVOID threadArgs)
{
char buffer[32];
while (1)
{
if (GetAsyncKeyState(VK_F1))
{
//ForceClass
sprintf(buffer, "mr %d 8 changeclass_opfor;", (DWORD)GetMagicNumberAddress()); //Leaked from NR .dll
ProcessCommand(0, buffer);
//Patch CustomClasses
DWORD* ByteCustom = (DWORD*)0x06BCF4C8;
ByteCustom[0] = 7;
Sleep(200);
}
else if (GetAsyncKeyState(VK_F2))
{
//ForceJuggg
sprintf(buffer, "mr %d 9 axis;", (DWORD)GetMagicNumberAddress()); //Leaked from NR .dll
ProcessCommand(0, buffer);
Sleep(200);
}
else if (GetAsyncKeyState(VK_F3))
{
//ForceHackedClass
sprintf(buffer, "mr %d 9 custom15;", (DWORD)GetMagicNumberAddress());
ProcessCommand(0, buffer);
Sleep(200);
}
else if (GetAsyncKeyState(VK_F4))
{
//ChopperBoxes();
Sleep(200);
}
}
return 0;
}
//Main() Function
BOOL APIENTRY DllMain(HANDLE hDllHandle, DWORD dwReason, LPVOID lpreserved)
{
DWORD threadID;
switch (dwReason)
{
case DLL_PROCESS_ATTACH:
CreateThread(NULL, 0, JustAforce, NULL, 0, &threadID); //Create Round End Thread.
case DLL_PROCESS_DETACH:
break;
}
return true;
}