Hack Template[Delphi]

[Departure]

Well I just joined up a couple of days ago to try my luck on making a gamehack, Anyway from some bits and pieces around the forum(most people are super protective of there work and call others "noob") lol

Here is a Delphi Template I made, The PushToConsole gets you kicked and for some reason im not sure why but It wont write the original Recoil Bytes back to the VA, So next round in a game you get kicked, Also made my own dump of CShell.dll and another strange thing is my Dump is 7mb while the dump released on this forum was 9mb and would'nt load in my Ollydebug, but the dump I made loaded without a problem

Anyway here is the Delphi source Template with Recoil Addresses fromt his forum.

Code:

library DepartureLib;

uses
  Windows, SysUtils;

{$R *.res}

// Set this up later for easyer use
Type
  TPatchRecord = Record
    Address: Pointer;
    Bytes: array of Byte;
  end;

  PPatchRecord = ^TPatchRecord;

var
  dwThrdHack: Dword = 0;
  dwThrdMain: Dword = 0;
Const
  //Recoil
  AddressRecoil1 = $37465A60;
  AddressRecoil2 = $37234EB9;
  AddressRecoil3 = $37465A74;
  AddressRecoil4 = $37465A77;
  AddressRecoil5 = $37465A80;

  PatchRecoil1 : Array[0..2] of byte = ($90,$90,$90);
  PatchRecoil2 : Array[0..10] of byte = ($90,$90,$90,$90,$90,$90,$90,$90,$90,$90,$90);
  PatchRecoil3 : Array[0..2] of byte = ($90,$90,$90);
  PatchRecoil4 : Array[0..2] of byte = ($90,$90,$90);
  PatchRecoil5 : Array[0..2] of byte = ($90,$90,$90);

  OriginalRecoil1 : Array[0..2] of byte = ($D8,$66,$54);
  OriginalRecoil2 : Array[0..10] of byte = ($C7,$84,$24,$94,$00,$00,$00,$0F,$00,$00,$00);
  OriginalRecoil3 : Array[0..2] of byte = ($D9,$5E,$54);
  OriginalRecoil4 : Array[0..2] of byte = ($D9,$46,$48);
  OriginalRecoil5 : Array[0..2] of byte = ($D9,$5E,$48);

  //ReLoad
  AddressReload = $374B1826;

  PatchReload : Array[0..7] of byte = ($90,$90,$90,$90,$90,$90,$90,$90);

  OriginalReload : Array[0..7] of byte = ($81,$44,$24,$04,$1C,$00,$00,$00);

//PTC Method
function PushToConsole(sValue:string):boolean;cdecl;
begin;
 asm
  pushad
   xor ecx, ecx
   mov eax,[$0377f4930]
   mov ecx,[eax+$0208]
   push sValue             
   call ecx
   add esp,4
  popad
 end;
 Result:= True;
end;

// Write Bytes to Address Method
Function WriteIt(pAddress: Pointer; Bytes: Array of Byte): Boolean;
var
  OldProtect, DummyProtect: DWord;
begin
  if VirtualProtect(pAddress, SizeOf(Bytes), PAGE_EXECUTE_READWRITE, @OldProtect) then
   begin
    Move(Bytes, pAddress^, Length(Bytes));
    VirtualProtect(pAddress, SizeOf(Bytes), OldProtect, @DummyProtect);
    Result := True
   end
   else
    Result := False;
end;

function FuncMain(const LPVOID: variant): Boolean;
var
  Recoil, Reload: Boolean;
begin

  Recoil := False;
  Reload := False;
  while (True) do
   begin
    asm
      pushad;
    end;

    if (GetAsyncKeyState(VK_NUMPAD1) <> 0) then
     begin
      Sleep(100);
      if Recoil then
       begin
        WriteIt(ptr(AddressRecoil1),OriginalRecoil1);
        WriteIt(ptr(AddressRecoil2),OriginalRecoil2);
        WriteIt(ptr(AddressRecoil3),OriginalRecoil3);
        WriteIt(ptr(AddressRecoil4),OriginalRecoil4);
        WriteIt(ptr(AddressRecoil5),OriginalRecoil5);
        Recoil:= False;
       end
       else
       begin
        WriteIt(ptr(AddressRecoil1),PatchRecoil1);
        WriteIt(ptr(AddressRecoil2),PatchRecoil2);
        WriteIt(ptr(AddressRecoil3),PatchRecoil3);
        WriteIt(ptr(AddressRecoil4),PatchRecoil4);
        WriteIt(ptr(AddressRecoil5),PatchRecoil5);
        Recoil:= True;
       end;
     end;

     if (GetAsyncKeyState(VK_NUMPAD2) <> 0) then
     begin
      Sleep(100);
      if Reload then
       begin
        PushToConsole('ShowFps 1');
        PushToConsole('SkelModelStencil -1');
        //Reload did'nt work :( just crashed when it was time to reload
        //WriteIt(ptr(AddressReload),OriginalReload);
        Reload:= False;
       end
       else
       begin
        PushToConsole('ShowFps 0');
        PushToConsole('SkelModelStencil 0');
        //Reload Did'nt Work :(
        //WriteIt(ptr(AddressReload),OriginalReload);
        Reload:= True;
       end;
     end;
    asm
      popad;
    end;
  end;
  Sleep(200);
end;

Function IsGameReadyForHook: Boolean;
var
  null: variant;
begin
  if ((GetModuleHandleA('d3d9.dll') <> null) and
    (GetModuleHandleA('ClientFX.fxd') <> null) and
    (GetModuleHandleA('CShell.dll') <> null)) then
  begin
    Result := True;
  end
  else
    Result := False;
end;

Function HackThread(): Dword;
var
 cHandle: Cardinal;
begin
  Repeat
    Sleep(500);
  Until ((IsGameReadyForHook = True) and (dwThrdMain = 0));

  CreateThread(nil, 0, @FuncMain, nil, 0, dwThrdMain);
  cHandle:= GetModuleHandleA('CShell.dll');
  MessageBoxA(0, Pchar(inttostr(cHandle)),Pchar('CShell Handle'), MB_OK + MB_ICONINFORMATION);
  Result := 0;
end;

procedure DllMain(reason: integer);
begin
  case reason of
    DLL_PROCESS_ATTACH:
      begin
        CreateThread(nil, 0, @HackThread, nil, 0, dwThrdHack);
      end;
    DLL_PROCESS_DETACH:
      begin
        if dwThrdMain <> 0 then
          CloseHandle(dwThrdMain);
        if dwThrdHack <> 0 then
          CloseHandle(dwThrdHack);
      end;
  end;
end;

begin
  DisableThreadLibraryCalls(hInstance);
  DllProc := @DllMain;
  DllProc(DLL_PROCESS_ATTACH);

end.

There is non of the "noobproof" stuff in this code like I see around, and the only "noob" are the ones who are too lame to share and explain there code to other so that they can learn...

Anyway Enjoy and if you make any improvements please share, OR anyone willing to give me a run down on "Engine.exe" and "CShell.dll" please do as this will speed up my progress... I dont think any of the better coders will as there greed to keep stuff to them selfs and act like "GOD" to the rest of learning programmers is too much to give up for them.


P.s, Big thanks to Acid burn for his information(the only one who was nice enough to give help).... just incase your wondering, I have been programming for over 5 years, 2 years in vb6 and 3 years in Delphi, Just started learning C# because of the .net framework needed for ALL coders.