Homefront Chams

**Birdshit** · 04-08-2011

Im in a giving mood today... only because Im pretty sure VAC isnt working Ive seen the AA guys back at it and others including SumTingWong etc etc so they arent banned YET... a month later? I thought usually 2 weeks was the most the delay would be?

Mr. MagicMan's Base +

MainThread.cpp:

Code:

#include "includes.h"
#include "text.h"
#include "bytes.h"
#include "windows.h"
#include "Info.h"


bool Sprite=false;
bool Chams=false;
bool shoot=false;

//unsigned int m_Stride;

D3DVIEWPORT9 Viewport;

//D3DCOLOR WHITE = D3DCOLOR_ARGB(0, 255, 255, 255);

IDirect3DPixelShader9 *shaderRed, *shaderBlue; //*shaderClear;

void TriggerBot()
{
	COLORREF		        cPixelr;
	COLORREF		        cPixelr2;

	HWND			d3dhwnd;
	HDC				d3ddc;

	d3dhwnd = GetForegroundWindow();
	d3ddc = GetDC(d3dhwnd);

	{
	cPixelr = GetPixel( d3ddc, (Viewport.Width/2)-1, (Viewport.Height/2)-1);
	cPixelr2 = GetPixel( d3ddc, (Viewport.Width/2)+1, (Viewport.Height/2)-1);

	if(GetRValue(cPixelr)>= 220
	&& GetGValue(cPixelr)<= 100
	&& GetBValue(cPixelr)<= 100
	&& GetRValue(cPixelr2)>= 220
	&& GetGValue(cPixelr2)<= 100
	&& GetBValue(cPixelr2)<= 100)
	{	
		mouse_event(MOUSEEVENTF_LEFTDOWN, 0, 0, NULL, NULL); // Simulate click
		Sleep (11);
		mouse_event(MOUSEEVENTF_LEFTUP, 0, 0, NULL, NULL);
	}
	}

		ReleaseDC(d3dhwnd,d3ddc);
} // End X loop


//======================================================================
//Define console commands and ltclient
void __cdecl PushToConsole( const char* szCommand )
{
	DWORD *LTClient = ( DWORD* )( LTC );
	void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x208 );
 
	__asm
	{
		push szCommand;
		call CONoff;
		add esp, 4;
	}
}
//======================================================================
//NOP function
bool MemCopy( void * pDest, char * szPatch, size_t sSize )
{ 
	DWORD dwOrgProtect = NULL; 
	if ( !VirtualProtect ( pDest, sSize, PAGE_EXECUTE_READWRITE, &dwOrgProtect ))
		return FALSE;

	memcpy( pDest, szPatch, sSize ); 
	VirtualProtect( pDest, sSize, dwOrgProtect, NULL ); 
	return TRUE; 
}
//======================================================================
//Hook game
bool IsGameReadyForHook(void)
{
    if( GetModuleHandle( "d3d9.dll"  ) != NULL )
        return true;
    return false;
}
//======================================================================
//Render all your D3D stuff here

HRESULT GenerateShader( LPDIRECT3DDEVICE9 pDevice, IDirect3DPixelShader9 **pShader, float r, float g, float b, float a )
{
    char szShader[ 256 ];
    ID3DXBuffer *pShaderBuf = NULL;
	sprintf_s( szShader, "ps_3_0\ndef c0, %f, %f, %f, %f\nmov oC0,c0", r, g, b, a );
	D3DXAssembleShader( szShader, sizeof( szShader ), NULL, NULL, 0, &pShaderBuf, NULL );

	if( FAILED( pDevice->CreatePixelShader((const DWORD*)pShaderBuf->GetBufferPointer(), pShader)) )
		pShaderBuf->Release();
		return S_OK;
}

void RenderFrame(LPDIRECT3DDEVICE9 pDevice)
{
	if(!pFont)D3DXCreateFont(pDevice, 17, 0, 0, 0, 0, DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Arial", &pFont);
	if(!pLine)D3DXCreateLine(pDevice,&pLine);


	Position.x = 1.0f;
	Position.y = 1.0f;

	#ifdef SpriteFromBytes
	if(!pTexture)D3DXCreateTextureFromFileInMemoryEx(pDevice, &Menu, sizeof(Menu), 400, 600, D3DX_DEFAULT, 0, D3DFMT_UNKNOWN, D3DPOOL_MANAGED, D3DX_DEFAULT, D3DX_DEFAULT, 0, NULL, NULL, &pTexture);
	#else
	if (!pTexture)D3DXCreateTextureFromFile(pDevice,"C://", &pTexture);
	#endif

	if(!pSprite)D3DXCreateSprite(pDevice, &pSprite);

	PrintText(pFont,0,0,white,"= DEVICE HOOKED =");

	if(Chams)
	{
	PrintText(pFont,0,18,white,"= CHAMS ENABLED =");
	}
	if(shoot)
	{
	PrintText(pFont,0,36,white,"= AUTOSHOOT ENABLED =");
		TriggerBot();
	}
	if(Sprite)
	{
		pSprite->Begin(D3DXSPRITE_ALPHABLEND);
		pSprite->Draw(pTexture, NULL, NULL, &Position, 0xFFFFFFFF);
		pSprite->End();
	}

static bool bOnce = true;

      if(bOnce)
    {
        GenerateShader(pDevice, &shaderRed, 1.0f, 0.0f, 0.0f, 1.0f);
        GenerateShader(pDevice, &shaderBlue, 0.0f, 0.0f, 1.0f, 1.0f);
		//GenerateShader(pDevice, &shaderClear, 0.0f, 0.5f, 1.0f, 0.1f);//green
        bOnce = false;
    }

	if (GetAsyncKeyState(VK_INSERT)&1)
		Sprite=!Sprite;
	if (GetAsyncKeyState(VK_DELETE)&1)
		Chams=!Chams;
	if (GetAsyncKeyState(VK_END)&1)
		shoot = !shoot;
	} 
//======================================================================
//The Hackthread for PTC's and Memmoryhacks
void HackThread(void)
{
	while(true){

		Sleep(20);
	}
}

//====================================================================== 
HRESULT WINAPI nEndScene(LPDIRECT3DDEVICE9 pDevice)
{
    _asm NOP;
	RenderFrame(pDevice);
    HRESULT hRet = oEndScene(pDevice);
	return hRet;
}


HRESULT WINAPI nReset( LPDIRECT3DDEVICE9 pDevice, D3DPRESENT_PARAMETERS* pPresentationParameters )
{
	__asm NOP;
	pSprite->OnLostDevice();
	pFont->OnLostDevice();
	pLine->OnLostDevice();
	D3DXCreateFont(pDevice, 17, 0, 0, 0, 0, DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Arial", &pFont);
	D3DXCreateLine(pDevice,&pLine);


HRESULT hRet = oReset(pDevice, pPresentationParameters);
	if(hRet == D3D_OK){
		pSprite->OnResetDevice();
		pFont->OnResetDevice();
		pLine->OnResetDevice();
		D3DXCreateFont(pDevice, 17, 0, 0, 0, 0, DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, DEFAULT_QUALITY, DEFAULT_PITCH | FF_DONTCARE, "Arial", &pFont);
		D3DXCreateLine(pDevice,&pLine);
	}
    return hRet;
}


HRESULT WINAPI nDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDevice, D3DPRIMITIVETYPE Type,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount)
{
	if (Chams)
	{
	IDirect3DVertexBuffer9* pStreamData = NULL;

	UINT iOffsetInBytes,iStride; 

	pDevice->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride); 

	//if (( iStride == 36 && ((NumVertices == 157)||(NumVertices == 164)||(NumVertices == 180)||(NumVertices == 181)||(NumVertices == 182)||(NumVertices == 197)||(NumVertices == 431)||(NumVertices == 745)||(NumVertices == 790)||(NumVertices == 862)||(NumVertices == 959)||(NumVertices == 960)||(NumVertices == 1061)||(NumVertices == 1100)||(NumVertices == 1258)||(NumVertices == 1519)||(NumVertices == 1554)||(NumVertices == 1564)||(NumVertices == 1735)||(NumVertices == 1765)||(NumVertices == 1820)||(NumVertices == 2347)||(NumVertices == 2504)||(NumVertices == 2808)||(NumVertices == 2835)||(NumVertices == 3119)||(NumVertices == 3203)||(NumVertices == 3211)||(NumVertices == 3216)||(NumVertices == 3994))))

				if (( iStride == 4 ))
	{ 
			pDevice->SetRenderState( D3DRS_ALPHABLENDENABLE, TRUE);
			pDevice->SetRenderState( D3DRS_BLENDOP, D3DBLENDOP_SUBTRACT);
			pDevice->SetRenderState( D3DRS_SRCBLEND, D3DBLEND_SRCALPHA);
			pDevice->SetRenderState( D3DRS_DESTBLEND, D3DBLEND_INVSRCALPHA);
			
			//pDevice->SetRenderState( D3DRS_BLENDFACTOR,d3dcolor);
				//pDevice->SetRenderState( D3DRS_TEXTUREFACTOR,d3dcolor);
				//pDevice->SetRenderState(D3DRS_ALPHAREF, (DWORD)0x08);
			//pDevice->SetRenderState(D3DRS_ALPHATESTENABLE, TRUE);
			//pDevice->SetRenderState(D3DRS_ALPHAFUNC, D3DCMP_LESSEQUAL);
			//pDevice->SetRenderState( D3DRS_SRCBLEND,D3DBLEND_SRCALPHA);
			//pDevice->SetRenderState( D3DRS_DESTBLEND,D3DBLEND_INVSRCALPHA);
		//pDevice->SetRenderState( D3DRS_DEPTHBIAS, 16);
		//pDevice->SetRenderState( D3DRS_FILLMODE, D3DFILL_WIREFRAME);
	}
	if (( iStride == 36 && ((primCount == 30)||(primCount == 32)||(primCount == 48)||(primCount == 92)||(primCount == 116)||(primCount == 126)||(primCount == 128)||(primCount == 132)||(primCount == 134)||(primCount == 192)||(primCount == 212)||(primCount == 216)||(primCount == 221)||(primCount == 222)||(primCount == 224)||(primCount == 238)||(primCount == 260)||(primCount == 272)||(primCount == 274)||(primCount == 284)||(primCount == 297)||(primCount == 328)||(primCount == 352)||(primCount == 357)||(primCount == 442)||(primCount == 455)||(primCount == 480)||(primCount == 512)||(primCount == 588)||(primCount == 596)||(primCount == 611)||(primCount == 620)||(primCount == 658)||(primCount == 688)||(primCount == 763)||(primCount == 770)||(primCount == 806)||(primCount == 874)||(primCount == 901)||(primCount == 903)||(primCount == 921)||(primCount == 939)||(primCount == 972)||(primCount == 979)||(primCount == 994)||(primCount == 1021)||(primCount == 1046)||(primCount == 1084)||(primCount == 1112)||(primCount == 1184)||(primCount == 1204)||(primCount == 1221)||(primCount == 1241)||(primCount == 1261)||(primCount == 1279)||(primCount == 1323)||(primCount == 1426)||(primCount == 1556)||(primCount == 1715)||(primCount == 1886)||(primCount == 1957)||(primCount == 1987)||(primCount == 2048)||(primCount == 2170)||(primCount == 2247)||(primCount == 2267)||(primCount == 2615)||(primCount == 2690)||(primCount == 2694)||(primCount == 2713)||(primCount == 2726)||(primCount == 2971)||(primCount == 2984)||(primCount == 3207)||(primCount == 3268)||(primCount == 3951)||(primCount == 4187)||(primCount == 4912)||(primCount == 6259)) && (NumVertices != 1261)))
	{

			pDevice->SetRenderState((D3DRENDERSTATETYPE)0x28, FALSE);
			pDevice->SetRenderState(D3DRS_LASTPIXEL, TRUE);
			pDevice->SetRenderState(D3DRS_SPECULARENABLE, FALSE);
			pDevice->SetRenderState(D3DRS_LIGHTING, FALSE);
			pDevice->SetRenderState(D3DRS_COLORVERTEX, TRUE);
			//pDevice->SetRenderState(D3DRS_ZFUNC, D3DCMP_ALWAYS);
			pDevice->SetRenderState( D3DRS_DEPTHBIAS, 16);
			pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );
			pDevice->SetPixelShader( NULL ); 
			pDevice->SetPixelShader( shaderBlue );//behind color
			oDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount);
			pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_TRUE );
			//pDevice->SetRenderState( D3DRS_DEPTHBIAS, 0);
			//pDevice->SetRenderState(D3DRS_ZFUNC, D3DCMP_LESSEQUAL);
			pDevice->SetPixelShader( NULL ); 
			pDevice->SetPixelShader( shaderRed ); //isvisible color
			oDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount);
	}

	}
	return oDrawIndexedPrimitive(pDevice, Type, BaseVertexIndex, MinVertexIndex, NumVertices, startIndex, primCount);
}

HRESULT WINAPI nSetStreamSource(LPDIRECT3DDEVICE9 pDevice, UINT StreamNumber, IDirect3DVertexBuffer9 * pStreamData, UINT OffsetInBytes, UINT Stride)
{	
	_asm NOP;
	HRESULT hRet = oSetStreamSource(pDevice, StreamNumber, pStreamData, OffsetInBytes, Stride);
	return hRet;
}

HRESULT WINAPI nCreateQuery(LPDIRECT3DDEVICE9 pDevice, D3DQUERYTYPE Type,IDirect3DQuery9** ppQuery)
{
	IDirect3DVertexBuffer9* pStreamData = NULL;

	UINT iOffsetInBytes,iStride; 

	pDevice->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride); 
	pDevice->GetViewport(&Viewport);

	if (iStride = 36)
	{
if( Type == D3DQUERYTYPE_OCCLUSION )
{
Type = D3DQUERYTYPE_EVENT;
	}
	}
return oCreateQuery( pDevice, Type, ppQuery );
}


bool bCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
	for(;*szMask;++szMask,++pData,++bMask)
		if(*szMask=='x' && *pData!=*bMask)   
			return false;
	return (*szMask) == NULL;
}


DWORD FindPattern(DWORD dValor,DWORD dLer,BYTE *bMaskara,char * szMaskara)
{
	for(DWORD i=0; i < dLer; i++)
		if( bCompare( (BYTE*)( dValor+i ),bMaskara,szMaskara) )
			return (DWORD)(dValor+i);
	return false;
}



void d3dhook()
{	
	DWORD D3DBase = (DWORD)GetModuleHandle("d3d9.dll");

	while(!D3DBase);
	DevPtr = FindPattern(D3DBase, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
	
	if(DevPtr){
		memcpy(&vTable,(void *)(DevPtr+2),4);
		oEndScene = (tEndScene)DetourFunction((PBYTE)vTable[42],(PBYTE)nEndScene);
		oReset = (tReset)DetourFunction((PBYTE)vTable[16],(PBYTE)nReset);
		oDrawIndexedPrimitive = (tDrawIndexedPrimitive)DetourFunction((PBYTE)vTable[82], (PBYTE)nDrawIndexedPrimitive);
		oSetStreamSource = (tSetStreamSource)DetourFunction((PBYTE)vTable[100], (PBYTE)nSetStreamSource);
		oCreateQuery = (tCreateQuery)DetourFunction((PBYTE)vTable[118], (PBYTE)nCreateQuery);

 	}
	CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)dwMainThread, NULL, NULL, NULL);
}

DWORD WINAPI dwMainThread(LPVOID)
{
	while (!IsGameReadyForHook())
		Sleep(200);
		CreateThread(NULL, NULL,(LPTHREAD_START_ROUTINE) HackThread, NULL, NULL, NULL);
	return 0;
}

BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
	DisableThreadLibraryCalls(hDll);

	if ( dwReason == DLL_PROCESS_ATTACH )
	{
		CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)d3dhook, NULL, NULL, NULL);
	}
	if ( dwReason == DLL_PROCESS_DETACH )

	{
		pFont->Release();
		pLine->Release();
		pSprite->Release();
	}
	return TRUE;
}

includes.h:

Code:

#include <windows.h>
#include <stdio.h>
#include <d3d9.h>
#include <d3dx9.h>
#include "detours.h"
#include <d3dx9tex.h>
//#include "resource.h"

#pragma comment(lib, "wininet.lib")
#pragma comment(lib, "wsock32.lib")
#pragma comment(lib, "libcpmtd.lib")
#pragma comment(lib, "d3d9.lib")
#pragma comment(lib, "d3dx9.lib")
#pragma comment(lib, "detours.lib")

#pragma warning(disable:4996)//to disable the sprintf warning
#pragma warning(disable:4305)
#pragma warning(disable:4244)
#pragma warning(disable:4554)

//Define LTClient
#define LTC 0x377CB7F8
//#define SpriteFromBytes
#define SpriteFromFile

D3DXVECTOR3 Position;
LPD3DXFONT pFont;
LPDIRECT3DDEVICE9 pDevice;
LPDIRECT3DTEXTURE9 pTexture;
LPD3DXSPRITE pSprite;
D3DXVECTOR2 pPosition;
LPDIRECT3D9 d3d;
ID3DXLine *pLine;
//LPD3DXLINE pLine;

//Define colors
D3DCOLOR white = D3DCOLOR_ARGB(255, 255, 255, 255);
D3DCOLOR black = D3DCOLOR_ARGB(255, 0, 0, 0);
D3DCOLOR mblack = D3DCOLOR_ARGB(192, 0, 0, 0);
D3DCOLOR tblack = D3DCOLOR_ARGB(128, 0, 0, 0);
D3DCOLOR ablack = D3DCOLOR_ARGB(64, 0, 0, 0);
D3DCOLOR gray = D3DCOLOR_ARGB(255, 75, 75, 75);
D3DCOLOR red = D3DCOLOR_ARGB(255, 255, 0,0);
D3DCOLOR blue = D3DCOLOR_ARGB(255, 0, 0, 255);
D3DCOLOR teal = D3DCOLOR_ARGB(255,0,255,255);
D3DCOLOR green = D3DCOLOR_ARGB(255, 0, 255, 0);
D3DCOLOR greenyellow = D3DCOLOR_ARGB(255, 150, 255, 0);
D3DCOLOR yellow = D3DCOLOR_ARGB(255, 255, 255, 0);
D3DCOLOR orange = D3DCOLOR_ARGB(255, 255, 150,0);

//======================================================================
typedef HRESULT (WINAPI* tEndScene)( LPDIRECT3DDEVICE9 pDevice );
tEndScene oEndScene;
typedef HRESULT ( WINAPI* tReset )( LPDIRECT3DDEVICE9 pDevice, D3DPRESENT_PARAMETERS* pPresentationParameters );
tReset oReset;
typedef HRESULT (WINAPI* tDrawIndexedPrimitive) ( LPDIRECT3DDEVICE9 pDevice,D3DPRIMITIVETYPE Type,INT BaseVertexIndex,UINT MinVertexIndex,UINT NumVertices,UINT startIndex,UINT primCount );
tDrawIndexedPrimitive oDrawIndexedPrimitive;
typedef HRESULT(WINAPI* tSetStreamSource)(LPDIRECT3DDEVICE9 pDevice, UINT StreamNumber, IDirect3DVertexBuffer9 * pStreamData, UINT OffsetInBytes, UINT Stride);
tSetStreamSource oSetStreamSource;
typedef HRESULT ( WINAPI* tSetViewport)( LPDIRECT3DDEVICE9 pDevice, CONST D3DVIEWPORT9* pViewport);
tSetViewport oSetViewport;
typedef HRESULT (WINAPI* tCreateQuery)(LPDIRECT3DDEVICE9 pDevice, D3DQUERYTYPE Type,IDirect3DQuery9** ppQuery);
tCreateQuery oCreateQuery;

DWORD WINAPI dwMainThread(LPVOID);
DWORD DevPtr,*vTable;

this includes the autoshoot (which is a getpixel, so it will give you a CPU hit)

BTW STILL UNDETECTED

Thread: Homefront Chams

Thread Tools

Display

Homefront Chams

The Following 3 Users Say Thank You to Birdshit For This Useful Post: