Present Engine

[IrineuMito]

Hello coder friends, can anyone send me an undetectable Present Engine hook? pls

[luizimloko]

.






















This way is 1 on 1000 ways to do that. with basic assembly knowledge you can do this.

Code:

DWORD dw_PresentStart  = 0x004FB0BF; //8b 51 44 6a 00 6a 00 6a 00 50 ff d2 b8 ?? ?? ?? ??
DWORD dw_PresentReturn = ( dw_PresentStart + 0x03 );

void WINAPI startMainRender( LPDIRECT3DDEVICE9 pDevice )
{
	pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );

	//Your d3d stuffs...

	pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_TRUE  );
}

__declspec( naked ) HRESULT WINAPI hk_PresentEngine( void )
{
	__asm
	{
		mov edx, [ ecx + 0x44 ]
		pushad

		push eax
		call startMainRender

		popad
		jmp dw_PresentReturn
	}
}

DWORD WINAPI dwWriteHook( void *lpParameter )
{
	while( memcmp( ( void * ) dw_PresentStart, ( void * ) "\x8B\x51\x44", 3 ) )
		Sleep( 500 );

	DWORD dw_ProperAddress = NULL;

	for( int i = 0; !dw_ProperAddress; i++ )
		if( !memcmp( ( void * ) ( dw_PresentStart + i ), ( void * ) "\xC3\xCC", 2 ) )
			dw_ProperAddress = ( dw_PresentStart + i + 0x01 );

	*( BYTE  * ) ( dw_ProperAddress + 0x00 ) = 0xE9;
	*( DWORD * ) ( dw_ProperAddress + 0x01 ) = ( ( DWORD ) hk_PresentEngine - dw_ProperAddress ) - 5;

	*( BYTE  * ) ( dw_PresentStart + 0x00 ) = 0xEB;
	*( BYTE  * ) ( dw_PresentStart + 0x01 ) = 0x37;
	*( BYTE  * ) ( dw_PresentStart + 0x02 ) = 0x90;

	return 0;
}

[Janitor]

Moved to the proper section.

[IrineuMito]

.

This way is 1 on 1000 ways to do that. with basic assembly knowledge you can do this.

Code:

DWORD dw_PresentStart  = 0x004FB0BF; //8b 51 44 6a 00 6a 00 6a 00 50 ff d2 b8 ?? ?? ?? ??
DWORD dw_PresentReturn = ( dw_PresentStart + 0x03 );

void WINAPI startMainRender( LPDIRECT3DDEVICE9 pDevice )
{
	pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );

	//Your d3d stuffs...

	pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_TRUE  );
}

__declspec( naked ) HRESULT WINAPI hk_PresentEngine( void )
{
	__asm
	{
		mov edx, [ ecx + 0x44 ]
		pushad

		push eax
		call startMainRender

		popad
		jmp dw_PresentReturn
	}
}

DWORD WINAPI dwWriteHook( void *lpParameter )
{
	while( memcmp( ( void * ) dw_PresentStart, ( void * ) "\x8B\x51\x44", 3 ) )
		Sleep( 500 );

	DWORD dw_ProperAddress = NULL;

	for( int i = 0; !dw_ProperAddress; i++ )
		if( !memcmp( ( void * ) ( dw_PresentStart + i ), ( void * ) "\xC3\xCC", 2 ) )
			dw_ProperAddress = ( dw_PresentStart + i + 0x01 );

	*( BYTE  * ) ( dw_ProperAddress + 0x00 ) = 0xE9;
	*( DWORD * ) ( dw_ProperAddress + 0x01 ) = ( ( DWORD ) hk_PresentEngine - dw_ProperAddress ) - 5;

	*( BYTE  * ) ( dw_PresentStart + 0x00 ) = 0xEB;
	*( BYTE  * ) ( dw_PresentStart + 0x01 ) = 0x37;
	*( BYTE  * ) ( dw_PresentStart + 0x02 ) = 0x90;

	return 0;
}

@luizimloko
When a number of players start playing the hack starts dcing everyone and ghost ban who has already logged out

( after a few minutes )

[luizimloko]

@luizimloko
When a number of players start playing the hack starts dcing everyone and ghost ban who has already logged out

( after a few minutes )

.



















isn't the hook, this method is still undetected. You are fucking with the engine (Byte patching) or some Weapons/Players functions on CShell.dll, causing your ban.

[IrineuMito]

.



















isn't the hook, this method is still undetected. You are fucking with the engine (Byte patching) or some Weapons/Players functions on CShell.dll, causing your ban.

I will test tomorrow only ESP + Aimbot, my weapon functions are PlayerClient and I no longer use BasicPlayerInfo

Note: I will bring the results.

[IrineuMito]

.



















isn't the hook, this method is still undetected. You are fucking with the engine (Byte patching) or some Weapons/Players functions on CShell.dll, causing your ban.

Really was that, just one more question, when is the current CurrentWeapon (CFBR)? could you send me aob?

[MemoryThePast]

Really was that, just one more question, when is the current CurrentWeapon (CFBR)? could you send me aob?

check if the player holding the current weapon

[5ph1nx]

Really was that, just one more question, when is the current CurrentWeapon (CFBR)? could you send me aob?

Code:

std::int16_t GetCurrentWeaponID()
{
	std::int16_t iCurrentID = 0;

	__asm
	{
		mov     edx, g_pLTClientShell
		mov     ecx, [edx + 0x78]
		mov     eax, [ecx]
		mov     edx, [eax + 0x84]
		call    edx
		mov     edx, [eax]
		mov     ecx, eax
		mov     eax, [edx + 0x78]
		call    eax
		mov     iCurrentID, ax
	}
	return iCurrentID;
}

credits: me

[akbargain]

Code:

std::int16_t GetCurrentWeaponID()
{
	std::int16_t iCurrentID = 0;

	__asm
	{
		mov     edx, g_pLTClientShell
		mov     ecx, [edx + 0x78]
		mov     eax, [ecx]
		mov     edx, [eax + 0x84]
		call    edx
		mov     edx, [eax]
		mov     ecx, eax
		mov     eax, [edx + 0x78]
		call    eax
		mov     iCurrentID, ax
	}
	return iCurrentID;
}

credits: me

is this inside PVM?
if so, you used the vtable 0x84 to get the PVM ptr but how did you locate the pvm + 0x3C (weaponID)?
sorry i don't know how to read asm

[5ph1nx]

is this inside PVM?
if so, you used the vtable 0x84 to get the PVM ptr but how did you locate the pvm + 0x3C (weaponID)?
sorry i don't know how to read asm

it's a virtual func that returns the weapon id from the camera object player.

[akbargain]

it's a virtual func that returns the weapon id from the camera object player.

oh, thanks for this function. I don't have to get the weaponstruct from cplayer.

=============================

I get it now.

you get the clientshell +78 vtable which is player client then run the 0x84

Code:

MOV EAX,DWORD PTR DS:[ECX+2D0]
RETN

which will return PVM ptr, then you get the PVM vtable

then you run the vtable PVM + 0x78

Code:

MOV EAX,DWORD PTR DS:[ECX+3C]
RETN

which will return the PVM + 0x3C (WEAPONID) nice. Thanks for this knowledge.