Undetected Memory Wallhack

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>

BYTE bWHShellCode[ ]
{
	0x55,
	0x56,
	0x57,
	0x8B, 0xF8,
	0x60,
	0xA1, 0x00, 0x00, 0x00, 0x00,
	0xC7, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x61,
	0xE9, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00,
	0x00, 0x00,
};

const bool bDataCompare( const BYTE *pData, const BYTE *bMask, const char *szMask )
{
	for( ; *szMask; ++szMask, ++pData, ++bMask )
		if( *szMask == 'x' && *pData != *bMask )
			return 0;
	return ( *szMask ) == NULL;
}

DWORD FindPattern( DWORD dwModule, DWORD dwLen, BYTE *bMask, char *szMask )
{
	for( DWORD i = 0; i < dwLen; i++ )
		if( bDataCompare( ( BYTE * ) ( dwModule + i ), bMask, szMask ) )
			return ( DWORD ) ( dwModule + i );
	return EXIT_SUCCESS;
}

DWORD WINAPI dwStartRoutine( void *lpReserved )
{
	DWORD ADDR_MID_HOOK		= NULL,
		  ADDR_SHELLCODE	= NULL,
		  ADDR_WALLHACK		= NULL,
		  ADDR_RETURN		= NULL;

	while( !GetModuleHandle( L"ClientFX.fxd" ) )
		Sleep( 1 );

	ADDR_MID_HOOK = FindPattern( 0x400000, 0x1154000,
		( PBYTE ) "\x55\x56\x57\x8B\xF8\x8B\xF1\x75\x00", ( char * ) "xxxxxxxx?" );

	ADDR_SHELLCODE = ( DWORD ) VirtualAlloc( 0, sizeof( bWHShellCode ), MEM_COMMIT, PAGE_EXECUTE_READWRITE );

	ADDR_WALLHACK = ( ADDR_MID_HOOK + 0x10 );
	ADDR_WALLHACK = *( DWORD * ) ( ADDR_WALLHACK + 0x01 );
	ADDR_WALLHACK += 0xA4;

	ADDR_RETURN = ( ADDR_MID_HOOK + 0x05 );

	//Shellcode Midfunction.
	DWORD lpflOldProtect = NULL;
	VirtualProtect( ( PVOID ) ADDR_SHELLCODE, sizeof( bWHShellCode ), PAGE_EXECUTE_READWRITE, &lpflOldProtect );

	memcpy( ( PVOID ) ADDR_SHELLCODE, bWHShellCode, sizeof( bWHShellCode ) );
	*( DWORD   * ) ( ADDR_SHELLCODE + 0x07 )	= ( DWORD ) ( ADDR_SHELLCODE + 0x17 );
	*( DWORD   * ) ( ADDR_SHELLCODE + 0x17 )	= ( DWORD ) ADDR_WALLHACK;
	*( ( DWORD * ) ( ADDR_SHELLCODE + 0x13 ) )	= ( DWORD ) ( ADDR_RETURN - ( DWORD ) ( ADDR_SHELLCODE + 0x12 ) ) - 5;

	VirtualProtect( ( PVOID ) ADDR_SHELLCODE, sizeof( bWHShellCode ), lpflOldProtect, &lpflOldProtect );

	//Org. function jmp.
	VirtualProtect( ( PVOID ) ADDR_MID_HOOK, 5, PAGE_EXECUTE_READWRITE, &lpflOldProtect );

	*( BYTE  * ) ( ADDR_MID_HOOK + 0x00 ) = 0xE9;
	*( DWORD * ) ( ADDR_MID_HOOK + 0x01 ) = ( DWORD ) ( ADDR_SHELLCODE - ADDR_MID_HOOK ) - 5;

	VirtualProtect( ( PVOID ) ADDR_MID_HOOK, 5, lpflOldProtect, &lpflOldProtect );

	return EXIT_SUCCESS;
}

BOOL APIENTRY DllMain( HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved )
{
	switch( ul_reason_for_call )
	{
	case DLL_PROCESS_ATTACH:
		CreateThread( 0, 0, &dwStartRoutine, 0, 0, 0 );
		break;
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}

	return TRUE;
}

#include <windows.h>
#include <stdio.h>
#include <stdlib.h>

BYTE bWHShellCode[ ]
{
	0x55,
	0x56,
	0x57,
	0x8B, 0xF8,
	0x60,
	0xA1, 0x00, 0x00, 0x00, 0x00,
	0xC7, 0x00, 0x00, 0x00, 0x00, 0x00,
	0x61,
	0xE9, 0x00, 0x00, 0x00, 0x00,
	0x00, 0x00,
	0x00, 0x00,
};

const bool bDataCompare( const BYTE *pData, const BYTE *bMask, const char *szMask )
{
	for( ; *szMask; ++szMask, ++pData, ++bMask )
		if( *szMask == 'x' && *pData != *bMask )
			return 0;
	return ( *szMask ) == NULL;
}

DWORD FindPattern( DWORD dwModule, DWORD dwLen, BYTE *bMask, char *szMask )
{
	for( DWORD i = 0; i < dwLen; i++ )
		if( bDataCompare( ( BYTE * ) ( dwModule + i ), bMask, szMask ) )
			return ( DWORD ) ( dwModule + i );
	return EXIT_SUCCESS;
}

DWORD WINAPI dwStartRoutine( void *lpReserved )
{
	DWORD ADDR_MID_HOOK		= NULL,
		  ADDR_SHELLCODE	= NULL,
		  ADDR_WALLHACK		= NULL,
		  ADDR_RETURN		= NULL;

	while( !GetModuleHandle( L"ClientFX.fxd" ) )
		Sleep( 1 );

	ADDR_MID_HOOK = FindPattern( 0x400000, 0x1154000,
		( PBYTE ) "\x55\x56\x57\x8B\xF8\x8B\xF1\x75\x00", ( char * ) "xxxxxxxx?" );

	ADDR_SHELLCODE = ( DWORD ) VirtualAlloc( 0, sizeof( bWHShellCode ), MEM_COMMIT, PAGE_EXECUTE_READWRITE );

	ADDR_WALLHACK = ( ADDR_MID_HOOK + 0x10 );
	ADDR_WALLHACK = *( DWORD * ) ( ADDR_WALLHACK + 0x01 );
	ADDR_WALLHACK += 0xA4;

	ADDR_RETURN = ( ADDR_MID_HOOK + 0x05 );

	//Shellcode Midfunction.
	DWORD lpflOldProtect = NULL;
	VirtualProtect( ( PVOID ) ADDR_SHELLCODE, sizeof( bWHShellCode ), PAGE_EXECUTE_READWRITE, &lpflOldProtect );

	memcpy( ( PVOID ) ADDR_SHELLCODE, bWHShellCode, sizeof( bWHShellCode ) );
	*( DWORD   * ) ( ADDR_SHELLCODE + 0x07 )	= ( DWORD ) ( ADDR_SHELLCODE + 0x17 );
	*( DWORD   * ) ( ADDR_SHELLCODE + 0x17 )	= ( DWORD ) ADDR_WALLHACK;
	*( ( DWORD * ) ( ADDR_SHELLCODE + 0x13 ) )	= ( DWORD ) ( ADDR_RETURN - ( DWORD ) ( ADDR_SHELLCODE + 0x12 ) ) - 5;

	VirtualProtect( ( PVOID ) ADDR_SHELLCODE, sizeof( bWHShellCode ), lpflOldProtect, &lpflOldProtect );

	//Org. function jmp.
	VirtualProtect( ( PVOID ) ADDR_MID_HOOK, 5, PAGE_EXECUTE_READWRITE, &lpflOldProtect );

	*( BYTE  * ) ( ADDR_MID_HOOK + 0x00 ) = 0xE9;
	*( DWORD * ) ( ADDR_MID_HOOK + 0x01 ) = ( DWORD ) ( ADDR_SHELLCODE - ADDR_MID_HOOK ) - 5;

	VirtualProtect( ( PVOID ) ADDR_MID_HOOK, 5, lpflOldProtect, &lpflOldProtect );

	return EXIT_SUCCESS;
}

BOOL APIENTRY DllMain( HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved )
{
	switch( ul_reason_for_call )
	{
	case DLL_PROCESS_ATTACH:
		CreateThread( 0, 0, &dwStartRoutine, 0, 0, 0 );
		break;
	case DLL_THREAD_ATTACH:
	case DLL_THREAD_DETACH:
	case DLL_PROCESS_DETACH:
		break;
	}

	return TRUE;
}