Code:
; +-----------------------------------------------------------------+
; | hereos and generals classic no recoil |
; | started on 9.8.2015(m.d.y) by lava |
; | if you want to donate to lava: |
; | BTC: 19X7KKkMZsu4dLC3wd93N3UHiDJdomb6Vd |
; +-----------------------------------------------------------------+
.386
.model flat, stdcall
option casemap :none
system proto c :dword
include windows.inc
include user32.inc
include kernel32.inc
include masm32.inc
includelib msvcrt.lib
includeLib user32.lib
includeLib kernel32.lib
includelib masm32.lib
.data
hellomsg db "heroes and generals no recoil toggler coded in asm by: lava", 0dh, 0ah, "1 - no recoil : OFF", 0dh, 0ah, "enter - exit", 0dh, 0ah, "choice# ", 0 ; 82 bytes to edit off or on
choice db ?
cmd1 db "CLS", 0
cmd2 db "PAUSE", 0
bo_norecoil db 0
me32 MODULEENTRY32 <>
cmodule32first db "Module32First", 0
ckernel32_dll db "kernel32.dll", 0
cplayer_dll db "player.dll", 0
dw_hng dd ?
dw_player dd ?
snapshot dd ?
pid dd ?
dw_var dd ?
hwndname db "H&G", 0
waitingmsg db "waiting for H&G...", 0dh, 0ah, 0
hwnd HWND ?
h_hng HANDLE ?
bytes_to_write db 01h, 00h
failmsg db "you dont have enough privileges to edit memory", 0dh, 0ah, 0
.code
start:
push offset waitingmsg
call StdOut
findwindow_loop:
push 100
call Sleep
push offset hwndname
push 0
call FindWindow
test eax,eax
je findwindow_loop
mov [hwnd], eax
push offset pid
push eax
call GetWindowThreadProcessId
push pid
push 0
push [8h + 10h + 20h] ; PROCESS_VM_OPERATION + PROCESS_VM_READ + PROCESS_VM_WRITE
call OpenProcess
test eax, eax
je end_failed
mov [h_hng], eax
call get_hng
mov [dw_hng], eax
mov eax, dw_hng
mov dword ptr [dw_var], eax
add [dw_var], 94B04h
push 0
push 4
push offset dw_player
push dw_var
push h_hng
call ReadProcessMemory
mov eax, [dw_player]
mov [dw_var], eax
add [dw_var], 36454Dh
add [dw_var], 3
push 0
push 1
push offset bytes_to_write
push dw_var
push h_hng
call WriteProcessMemory
mov eax, [dw_player]
mov [dw_var], eax
add [dw_var], 1E9074h
add [dw_var], 6
begin:
push offset cmd1
call system
call print_menu
push 1
push offset choice
call StdIn
cmp [choice], 31h
je toggle_norecoil
jmp end_proc
print_menu:
push offset hellomsg
call StdOut
ret
toggle_norecoil:
call get_2_more_inputs
cmp [bo_norecoil], 0
je enable_norecoil
mov [bo_norecoil], 0
mov [hellomsg +82], 46h
mov [hellomsg +83], 46h
push 0
push 1
push offset [bytes_to_write +1]
push dw_var
push h_hng
call WriteProcessMemory
jmp begin
enable_norecoil:
mov [bo_norecoil], 1
mov [hellomsg +82], 4Eh
mov [hellomsg +83], 20h
push 0
push 1
push offset bytes_to_write
push dw_var
push h_hng
call WriteProcessMemory
jmp begin
get_2_more_inputs:
push 1
push offset choice
call StdIn
push 1
push offset choice
call StdIn
ret
get_hng:
push pid
push 8 ; TH32CS_SNAPMODULE
call CreateToolhelp32Snapshot
mov snapshot, eax
mov ecx, SIZEOF me32
mov me32.dwSize, ecx
push offset ckernel32_dll
call GetModuleHandle
push offset cmodule32first
push eax
call GetProcAddress
push offset me32
push snapshot
call eax
mov eax, me32.modBaseAddr
ret
end_failed:
push offset failmsg
call StdOut
push offset cmd2
call system
end_proc:
push 0
call ExitProcess
end start
virus scans: