this is
Semi-Detected
i crash in about 10 minutes with this source (usually only if i use rapid fire though)
anyway, this base isn't home built or anything, its not custom, its just bits of bases i've collected over time from different releases of other bases and thrown into 1 base and it just so happened to work (hence the semi detected)
this is slightly noob proof since you have to make it undetected...
what hacks are already in the base
All updated Addies, it will run straght from compile (and crash in 10 minutes)
Semi Custom Server Crasher ( if u just want that, i'll pst it so u dont need to dig thruogh)
Rapid Fire (credits to @
NOOB for both recoil and rapid)
No Recoil
Gamestatus is in here, but not acutally used, although an example is given
Main.cpp
Code:
#include <windows.h>
#include <stdio.h>
#include <d3dx9.h>
#pragma comment( lib, "d3dx9.lib" )
#define Rapid 0x37504115
#define LTBase 0x378F5D78
#define LTClient 0x378F5D90
#define UnwrappedConsole 0x485F60
#define DrawPrim 0x8024F8
#define GameStatus 0x37906D28
#define GameClientShell 0x3793B218
#define ClientInfo 0x378F4A8C
#define SBullets 0x374FE0B6
#define Range1 0x37503699
#define Range2 0x37503A19
#define NameTag1 0x372DB630
#define NameTag2 0x372DB6AD
#define PlayerByIndex 0x37151500
#define LocalPlayer 0x371520C0
#define Recoil1 0x37497B00
#define Recoil2 0x375AAA69
#define Recoil3 0x37497B14
#define Recoil4 0x37497B20
#define Beast 0x3790F0EC
#define Worldblock 0x07F19D8
#define ADDR_REMOTEKILL1 0x375037C1
#define ADDR_REMOTEKILL2 0x375037C2
#define ADDR_REMOTEKILL3 0x37503B41
#define ADDR_REMOTEKILL4 0x37503B42
typedef HRESULT ( WINAPI* oPresent ) ( LPDIRECT3DDEVICE9 pDevice, CONST RECT *pSourceRect, CONST RECT *pDestRect, HWND hDestWindowOverride, CONST RGNDATA *pDirtyRegion);
oPresent pPresent;
bool IsGameReadyForHook()
{
if( GetModuleHandleA( "d3d9.dll" ) != NULL
&& GetModuleHandleA( "ClientFX.fxd" ) != NULL
&& GetModuleHandleA( "CShell.dll" ) != NULL )
return true;
return false;
}
void Memoria( void* pvAddress, void* pvBuffer, size_t len )
{
if( *(BYTE*)pvAddress == *(BYTE*)pvBuffer )
return;
memcpy( ( void* )pvAddress, ( void* )pvBuffer, len );
}
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i < dwLen; i++)
if(bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return 0;
}
DWORD VTable(int index)
{
DWORD* devicePtr = 0;
DWORD hD3D9 = NULL;
while(hD3D9 == NULL){
Sleep(100);
try
{
hD3D9 = (DWORD)GetModuleHandleA("d3d9.dll");}
catch(...)
{
hD3D9 = NULL;
}}
DWORD addy = FindPattern(hD3D9, 0x1280000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
Memoria (&devicePtr, (void*)(addy+2), 4);
if(devicePtr == NULL){
return 0;}
return devicePtr[index];
}
void CPush(const char* cmd)
{
_asm
{
PUSH cmd
MOV EAX, 0x485F60
CALL EAX
ADD ESP, 0x4
}
}
void main()
{
//if((*(BYTE *)GameStatus =5) && GetAsyncKeyState(VK_DELETE) & 1){
/*if(GetAsyncKeyState(VK_DELETE) & 1){
memcpy((VOID *)Beast, (VOID *)(PBYTE)"\x01", 1);
}else {
memcpy((VOID *)Beast, (VOID *)(PBYTE)"\x00", 1);
}*/
if(GetAsyncKeyState(VK_LBUTTON) & 1 )
{
Memoria((LPVOID) (Rapid), "\x90\x90", 2);
Memoria((LPVOID) (Recoil1), "\x90\x90\x90", 3);
Memoria((LPVOID) (Recoil2), "\x90\x90\x90", 3);
Memoria((LPVOID) (Recoil3), "\x90\x90\x90", 3);
Memoria((LPVOID) (Recoil4), "\x90\x90\x90", 3);
}else{
Memoria((LPVOID) (Rapid), "\x74\x3E", 2);
Memoria((LPVOID) (Recoil1), "\xD8\x66\x58", 3);
Memoria((LPVOID) (Recoil2), "\xD9\x46\x54", 3);
Memoria((LPVOID) (Recoil3), "\xD9\x5E\x58", 3);
Memoria((LPVOID) (Recoil4), "\xD9\x5E\x4C", 3);
}
if(GetAsyncKeyState(VK_NUMPAD1) & 1 ){
*(long*)Beast = (((0xFF-0x80)+(0x20+0xFF))-(0xFF+0x90)); // Beast mode on
} else {
*(long*)Beast = 1;
}/*
if(GetAsyncKeyState(VK_END) & 1){
/*void DoServerCrash(int Value)
{
if (Value == 0)
return;
CAutoMessage Msg;
Msg.Writeuint8(104);
Msg.WriteWString((wchar_t*) L"Hey Nexon, how's it goin? I hope you don't mind me crashing your game server like this, i just get annoyed at how you run this game. you will read this a lot, bye! :)");
g_LTClient->SendToServer(Msg.Read(), MESSAGE_GUARANTEED);
}
}*/}
/*void RemoteKill( bool Kill )
{
if( GetAsyncKeyState(VK_NUMPAD2) &1 )
{
DWORD dwOldVProtection;
VirtualProtect( (void*) ADDR_REMOTEKILL1, 5, PAGE_EXECUTE_READWRITE, &dwOldVProtection );
*(BYTE*)ADDR_REMOTEKILL1 = 0xE8;
*(DWORD*)ADDR_REMOTEKILL2 = ( (DWORD)IntersectAndPenetrateSegment ) - ( (DWORD)ADDR_REMOTEKILL2 + 0x4 );
VirtualProtect( (void*) ADDR_REMOTEKILL1, 5, dwOldVProtection, &dwOldVProtection);
VirtualProtect( (void*) ADDR_REMOTEKILL3, 5, PAGE_EXECUTE_READWRITE, &dwOldVProtection );
*(BYTE*)ADDR_REMOTEKILL3 = 0xE8;
*(DWORD*)ADDR_REMOTEKILL4 = ( (DWORD)IntersectAndPenetrateSegment ) - ( (DWORD)ADDR_REMOTEKILL4 + 0x4 );
VirtualProtect( (void*) ADDR_REMOTEKILL3, 5, dwOldVProtection, &dwOldVProtection);
}
else
{
Memoria( (PBYTE)ADDR_REMOTEKILL1, (PBYTE)"\x8B\x51\x64\xFF\xD2", 5 );
Memoria( (PBYTE)ADDR_REMOTEKILL3, (PBYTE)"\x8B\x51\x64\xFF\xD2", 5 );
}
}*/
HRESULT WINAPI gellPresent(LPDIRECT3DDEVICE9 pDevice, CONST RECT *pSourceRect,
CONST RECT *pDestRect, HWND hDestWindowOverride, CONST RGNDATA *pDirtyRegion)
{
_asm pushad;
main();
_asm popad;
return pPresent(pDevice, pSourceRect, pDestRect, hDestWindowOverride, pDirtyRegion);
}
void *DetourCreate( BYTE *src, const BYTE *dst )
{
int len = 5;
BYTE *jmp = (BYTE*)malloc( len+5 );
DWORD dwBack;
VirtualProtect( src, len, PAGE_EXECUTE_READWRITE, &dwBack );
memcpy( jmp, src, len );
jmp += len;
jmp[0] = 0xE9;
*(DWORD*)( jmp+1 ) = (DWORD)( src+len - jmp ) - 5;
src[0] = 0xE9;
*(DWORD*)( src+1 ) = (DWORD)( dst - src ) - 5;
VirtualProtect( src, len, dwBack, &dwBack );
return( jmp-len );
}
void Hook(void)
{
DWORD dwPresent = VTable(17);
pPresent = (oPresent)DetourCreate(( PBYTE)dwPresent, ( PBYTE )gellPresent);
}
DWORD WINAPI dwD3D9Thread(LPVOID)
{
while( !IsGameReadyForHook() )
Sleep(100);
Hook();
return 0;
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll);
if ( dwReason == DLL_PROCESS_ATTACH )
{
CreateThread(NULL, NULL, dwD3D9Thread, NULL, NULL, NULL);
}
return TRUE;
}
Sever crasher and remote kill (credits to gellin on RK)
Code:
if(GetAsyncKeyState(VK_END) & 1){
/*void DoServerCrash(int Value)
{
if (Value == 0)
return;
CAutoMessage Msg;
Msg.Writeuint8(104);
Msg.WriteWString((wchar_t*) L"Hey Nexon, how's it goin? I hope you don't mind me crashing your game server like this, i just get annoyed at how you run this game. you will read this a lot, bye! :)");
g_LTClient->SendToServer(Msg.Read(), MESSAGE_GUARANTEED);
}
}*/}
/*void RemoteKill( bool Kill )
{
if( GetAsyncKeyState(VK_NUMPAD2) &1 )
{
DWORD dwOldVProtection;
VirtualProtect( (void*) ADDR_REMOTEKILL1, 5, PAGE_EXECUTE_READWRITE, &dwOldVProtection );
*(BYTE*)ADDR_REMOTEKILL1 = 0xE8;
*(DWORD*)ADDR_REMOTEKILL2 = ( (DWORD)IntersectAndPenetrateSegment ) - ( (DWORD)ADDR_REMOTEKILL2 + 0x4 );
VirtualProtect( (void*) ADDR_REMOTEKILL1, 5, dwOldVProtection, &dwOldVProtection);
VirtualProtect( (void*) ADDR_REMOTEKILL3, 5, PAGE_EXECUTE_READWRITE, &dwOldVProtection );
*(BYTE*)ADDR_REMOTEKILL3 = 0xE8;
*(DWORD*)ADDR_REMOTEKILL4 = ( (DWORD)IntersectAndPenetrateSegment ) - ( (DWORD)ADDR_REMOTEKILL4 + 0x4 );
VirtualProtect( (void*) ADDR_REMOTEKILL3, 5, dwOldVProtection, &dwOldVProtection);
}
else
{
Memoria( (PBYTE)ADDR_REMOTEKILL1, (PBYTE)"\x8B\x51\x64\xFF\xD2", 5 );
Memoria( (PBYTE)ADDR_REMOTEKILL3, (PBYTE)"\x8B\x51\x64\xFF\xD2", 5 );
}
}*/
enjoy fixing this shit XD i also dont know if thats a good crasher...i nevr got it to work without the code giving me an error
Originally Posted by supercarz1991
