Well I just joined up a couple of days ago to try my luck on making a gamehack, Anyway from some bits and pieces around the forum(most people are super protective of there work and call others "noob") lol
Here is a Delphi Template I made, The PushToConsole gets you kicked :( and for some reason im not sure why but It wont write the original Recoil Bytes back to the VA, So next round in a game you get kicked, Also made my own dump of CShell.dll and another strange thing is my Dump is 7mb while the dump released on this forum was 9mb and would'nt load in my Ollydebug, but the dump I made loaded without a problem :)
Anyway here is the Delphi source Template with Recoil Addresses fromt his forum.
Code:library DepartureLib;
uses
Windows, SysUtils;
{$R *.res}
// Set this up later for easyer use
Type
TPatchRecord = Record
Address: Pointer;
Bytes: array of Byte;
end;
PPatchRecord = ^TPatchRecord;
var
dwThrdHack: Dword = 0;
dwThrdMain: Dword = 0;
Const
//Recoil
AddressRecoil1 = $37465A60;
AddressRecoil2 = $37234EB9;
AddressRecoil3 = $37465A74;
AddressRecoil4 = $37465A77;
AddressRecoil5 = $37465A80;
PatchRecoil1 : Array[0..2] of byte = ($90,$90,$90);
PatchRecoil2 : Array[0..10] of byte = ($90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90);
PatchRecoil3 : Array[0..2] of byte = ($90,$90,$90);
PatchRecoil4 : Array[0..2] of byte = ($90,$90,$90);
PatchRecoil5 : Array[0..2] of byte = ($90,$90,$90);
OriginalRecoil1 : Array[0..2] of byte = ($D8,$66,$54);
OriginalRecoil2 : Array[0..10] of byte = ($C7,$84,$24,$94,$00,$00,$00,$0F,$00,$00,$00);
OriginalRecoil3 : Array[0..2] of byte = ($D9,$5E,$54);
OriginalRecoil4 : Array[0..2] of byte = ($D9,$46,$48);
OriginalRecoil5 : Array[0..2] of byte = ($D9,$5E,$48);
//ReLoad
AddressReload = $374B1826;
PatchReload : Array[0..7] of byte = ($90,$90,$90,$90,$90,$90,$90,$90);
OriginalReload : Array[0..7] of byte = ($81,$44,$24,$04,$1C,$00,$00,$00);
//PTC Method
function PushToConsole(sValue:string):boolean;cdecl;
begin;
asm
pushad
xor ecx, ecx
mov eax,[$0377f4930]
mov ecx,[eax+$0208]
push sValue
call ecx
add esp,4
popad
end;
Result:= True;
end;
// Write Bytes to Address Method
Function WriteIt(pAddress: Pointer; Bytes: Array of Byte): Boolean;
var
OldProtect, DummyProtect: DWord;
begin
if VirtualProtect(pAddress, SizeOf(Bytes), PAGE_EXECUTE_READWRITE, @OldProtect) then
begin
Move(Bytes, pAddress^, Length(Bytes));
VirtualProtect(pAddress, SizeOf(Bytes), OldProtect, @DummyProtect);
Result := True
end
else
Result := False;
end;
function FuncMain(const LPVOID: variant): Boolean;
var
Recoil, Reload: Boolean;
begin
Recoil := False;
Reload := False;
while (True) do
begin
asm
pushad;
end;
if (GetAsyncKeyState(VK_NUMPAD1) <> 0) then
begin
Sleep(100);
if Recoil then
begin
WriteIt(ptr(AddressRecoil1),OriginalRecoil1);
WriteIt(ptr(AddressRecoil2),OriginalRecoil2);
WriteIt(ptr(AddressRecoil3),OriginalRecoil3);
WriteIt(ptr(AddressRecoil4),OriginalRecoil4);
WriteIt(ptr(AddressRecoil5),OriginalRecoil5);
Recoil:= False;
end
else
begin
WriteIt(ptr(AddressRecoil1),PatchRecoil1);
WriteIt(ptr(AddressRecoil2),PatchRecoil2);
WriteIt(ptr(AddressRecoil3),PatchRecoil3);
WriteIt(ptr(AddressRecoil4),PatchRecoil4);
WriteIt(ptr(AddressRecoil5),PatchRecoil5);
Recoil:= True;
end;
end;
if (GetAsyncKeyState(VK_NUMPAD2) <> 0) then
begin
Sleep(100);
if Reload then
begin
PushToConsole('ShowFps 1');
PushToConsole('SkelModelStencil -1');
//Reload did'nt work :( just crashed when it was time to reload
//WriteIt(ptr(AddressReload),OriginalReload);
Reload:= False;
end
else
begin
PushToConsole('ShowFps 0');
PushToConsole('SkelModelStencil 0');
//Reload Did'nt Work :(
//WriteIt(ptr(AddressReload),OriginalReload);
Reload:= True;
end;
end;
asm
popad;
end;
end;
Sleep(200);
end;
Function IsGameReadyForHook: Boolean;
var
null: variant;
begin
if ((GetModuleHandleA('d3d9.dll') <> null) and
(GetModuleHandleA('ClientFX.fxd') <> null) and
(GetModuleHandleA('CShell.dll') <> null)) then
begin
Result := True;
end
else
Result := False;
end;
Function HackThread(): Dword;
var
cHandle: Cardinal;
begin
Repeat
Sleep(500);
Until ((IsGameReadyForHook = True) and (dwThrdMain = 0));
CreateThread(nil, 0, @FuncMain, nil, 0, dwThrdMain);
cHandle:= GetModuleHandleA('CShell.dll');
MessageBoxA(0, Pchar(inttostr(cHandle)),Pchar('CShell Handle'), MB_OK + MB_ICONINFORMATION);
Result := 0;
end;
procedure DllMain(reason: integer);
begin
case reason of
DLL_PROCESS_ATTACH:
begin
CreateThread(nil, 0, @HackThread, nil, 0, dwThrdHack);
end;
DLL_PROCESS_DETACH:
begin
if dwThrdMain <> 0 then
CloseHandle(dwThrdMain);
if dwThrdHack <> 0 then
CloseHandle(dwThrdHack);
end;
end;
end;
begin
DisableThreadLibraryCalls(hInstance);
DllProc := @DllMain;
DllProc(DLL_PROCESS_ATTACH);
end.
There is non of the "noobproof" stuff in this code like I see around, and the only "noob" are the ones who are too lame to share and explain there code to other so that they can learn...
Anyway Enjoy and if you make any improvements please share, OR anyone willing to give me a run down on "Engine.exe" and "CShell.dll" please do as this will speed up my progress... I dont think any of the better coders will as there greed to keep stuff to them selfs and act like "GOD" to the rest of learning programmers is too much to give up for them.
P.s, Big thanks to Acid burn for his information(the only one who was nice enough to give help).... just incase your wondering, I have been programming for over 5 years, 2 years in vb6 and 3 years in Delphi, Just started learning C# because of the .net framework needed for ALL coders.
