Originally Posted by
damien1234
#include <windows.h>
#define dwpLTClient 0x377F47C4
bool IsGameReadyForHook()
{
if( GetModuleHandleA( "d3d9.dll" ) != NULL
&& GetModuleHandleA( "ClientFX.fxd" ) != NULL
&& GetModuleHandleA( "CShell.dll" ) != NULL )
return true;
return false;
}
void __cdecl PTC( const char* szCommand )
{
if( !IsGameReadyForHook || dwpLTClient == NULL )
return;
DWORD dwConsoleFunc = *( DWORD* )( dwpLTClient + 0x208 );
DWORD dwRealCallA = ( dwConsoleFunc + 0x26 );//JMP to real func
DWORD dwRealCallB = *(DWORD*)( dwRealCallA + 0x1 );
DWORD dwRealCall = ( dwRealCallA + dwRealCallB + 0x5 );
if( *(BYTE*)dwRealCallA == 0xE9 )
dwConsoleFunc = dwRealCall;
__asm
{
push szCommand;
call dwConsoleFunc;
add esp, 4;
}
}
void main()
{
while(true)
{
PTC("ShowFps 1");
}
Sleep(200);
}
DWORD WINAPI dwHackThread(LPVOID)
{
while( !IsGameReadyForHook() )
Sleep(100);
main();
return 0;
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll);
if ( dwReason == DLL_PROCESS_ATTACH )
{
CreateThread(NULL, NULL, dwHackThread, NULL, NULL, NULL);
}
return TRUE;
}
This PTC method is towards CShell get a bypass or use gordon's toward Engine
BYPASS
Code:
//Bypass Cshell
typedef bool (*IsConnected_t)(void);
bool IsIngame()
{
DWORD* LTBase = (DWORD*)LTClient;
IsConnected_t pConnected = *(IsConnected_t*)(*LTBase + 0x8C);
return pConnected();
}
#define dwpLTClient 0x377F47C4
addy is wrong should be 0x377F4930 //(for ca na)
#define EngLtc 0x4C8540 //Engine LTC
#define LTClient 0x377F4930 //Only used for bypass
gordon's engine PTC (aka RunConsoleCommand) method
Code:
//Push To Console Method Use Engine LTC By Gordon
typedef int (__cdecl* RunConsoleCommand_t)(char* cmd);
RunConsoleCommand_t pRunConsoleCommand = (RunConsoleCommand_t)EngLtc;
if used be sure to cred!
find a new EngineLTC ive looked around cant find one... (unable to dump engine idk y , i can dumb Cshell just find) ask around!
Decided to help let me know how it goes is working for me.