hMain.cpp
#include <Windows.h>
#include <process.h>
#include <fstream>
#include "hXOR.h"
#include "hMain.h"
using namespace std;
BOOL IsGameHooked()
{
if (GetModuleHandleA(EncryptedCShell) != NULL
&& GetModuleHandleA(EncryptedClientFx) != NULL)
return 1;
return 0;
}
UINT WINAPI HookThread (LPVOID)
{
while ((!IsGameHooked()))
Sleep( 250 );
DWORD CShell = (DWORD)GetModuleHandleA(EncryptedCShell);
if(!CShell);
while (true)
{
CrossfireFunction();
PushToConsoleFunction();
MemoryHacks();
MemoryWalling();
}
}
BOOL APIENTRY DllMain ( HINSTANCE hDll, DWORD dwReason , LPVOID lpvReason )
{
DisableThreadLibraryCalls(hDll);
switch (dwReason)
{
case 1 : DLL_PROCESS_ATTACH;
MessageBoxA(0,"Crossfire Hack has been Injected","hack cf
base working",0);
_beginthreadex(0,0,HookThread,0,0,0);
case 2 : DLL_PROCESS_DETACH;
break;
}
return true;
}
================================================== =======================
hMain.h
#include "Client28_3.h"
#define weaponMgr 0x104DD74
#define WallManag 0x104DD5C
#define ClientShe 0x5DF700
#define PTCclient 0x5DF6F4
#define PTCOffset 0x204
#define DamageGrenade (i == 6 || i == 100 || i == 126 || i == 135 || i == 200 || i == 209 || i == 210 || i == 240 || i == 262 || i == 263 || i == 272 || i == 288 || i == 313 || i == 324 || i == 338 || i == 357 || i == 382 || i == 416 || i == 423 || i == 424 || i == 425 || i == 435 || i == 438 || i == 473 || i == 481 || i == 519 || i == 696 || i == 720 || i == 729)
#define Knife (i==5 || i==35 || i==74 || i==120 || i==132 || i==176 || i==177 || i==178 || i==182 || i==189 || i==195 || i==196 || i==197 || i==198 || i==199 || i==223 || i==224 || i==225 || i==226 || i==227 || i==228 || i==239 || i==244 || i==261 || i==269 || i==270 || i==271 || i==302 || i==303 || i==304 || i==305 || i==306 || i==307 || i==345 || i==346 || i==372 || i==376 || i==381 || i==404 || i==405 || i==406 || i==407 || i==408 || i==409 || i==417 || i==437 || i==455 || i==456 || i==457 || i==488 || i==517 || i==518 || i==540 || i==541 || i==548 || i==561 || i==576 || i==584 || i==587 || i==620 || i==647 || i==672 || i==673 || i==693 || i==700 || i==718 || i==719 || i==728 || i==736)
#define IsFlashGrenade (i == 7 || i == 383 || i == 520)
#define IsSmokeGrenade (i == 8 || i == 64 || i == 65 || i == 384 || i == 521)
#define IsMG (i == 17 || i == 61 || i == 124 || i == 158 || i == 159 || i == 166 || i == 188 || i == 257 || i == 300 || i == 315 || i == 316 || i == 352 || i == 361 || i == 441 || i == 506 || i == 524 || i == 556 || i == 558 || i == 564 || i == 575)
#define IsSniper (i == 14 || i == 15 || i == 16 || i == 23 || i == 43 || i == 46 || i == 91 || i == 110 || i == 111 || i == 122 || i == 136 || i == 150 || i == 152 || i == 163 || i == 185 || i == 186 || i == 194 || i == 232 || i == 249 || i == 268 || i == 279 || i == 294 || i == 323 || i == 368 || i == 378 || i == 500 || i == 513 || i == 525 || i == 554 || i == 602 || i == 632 || i == 657)
int InstantReload = 1,
InstantChange = 1,
NoWeaponRecoil = 1,
GrenadeDamage = 1,
FlashDamage = 1,
SmokeDamage = 1,
FastKnifes = 1,
NoSky = 1,
Wireframe = 1,
NoWorld = 1,
Chams = 1,
Invisible = 1,
SeeWalls = 1,
NoScope = 1,
WalkTroughtWalls = 1,
KnockBack = 1,
FreezePos = 1,
Fall = 1,
Speed = 1,
Ready = 0;
DWORD WallHackArray,SeeGhostPoint,WallHackPoint;
int SeeGhost= 1;
DWORD FindPattern( DWORD dwStart, DWORD dwLen, BYTE* pszPatt, char pszMask[] )
{
unsigned int i = NULL;
int iLen = strlen( pszMask ) - 1;
for( DWORD dwRet = dwStart; dwRet < dwStart + dwLen; dwRet++ )
{
if( *(BYTE*)dwRet == pszPatt[i] || pszMask[i] == '?' )
{
if( pszMask[i+1] == '\0' )
return( dwRet - iLen );
i++;
}
else
i = NULL;
}
return NULL;
}
void __cdecl PushToConsole(char* Command )
{
DWORD CShell = (DWORD)GetModuleHandleA(EncryptedCShell);
if( CShell != NULL )// /fp wait 1mntk
{
DWORD *LTClient = ( DWORD* )( (CShell + PTCclient) );
void* CallOffset = ( void* )*( DWORD* )( *LTClient + PTCOffset );
_asm
{
push Command;
call CallOffset;
add esp, 4;
}
}
}
VOID PushToConsoleFunction()
{
if( GetAsyncKeyState(VK_F2) )
PushToConsole("TextureModels 0");
else
PushToConsole("TextureModels 1");
if( GetAsyncKeyState(VK_F3) )
PushToConsole("WireFrameModels 1");
else
PushToConsole("WireFrameModels 0");
if( GetAsyncKeyState(VK_F4) )
PushToConsole("SkyScale 0");
else
PushToConsole("SkyScale 1");
if( GetAsyncKeyState(VK_F5) )
PushToConsole("DrawWorld 0");
else
PushToConsole("DrawWorld 1");
if( GetAsyncKeyState(VK_F6) )
PushToConsole( "LatencySim 99999999" );
else
PushToConsole( "LatencySim 0" );
}
VOID CrossfireFunction()
{
if(!WallHackArray) WallHackArray = FindPattern(0x400000,0xFFFFFF,(BYTE *)"\x75\xFF\x83\x0D\xFF\xFF\xFF\xFF\x01\xB8\xFF\xF F\xFF\xFF\xE8","x?xx????xx????x");
else
{
if(!SeeGhostPoint) SeeGhostPoint = *(DWORD *)(WallHackArray + 0xA) + 0xB8;
else if(SeeGhost) *(DWORD *)(SeeGhostPoint) = 14;
}
}
VOID MemoryWalling ()
{
memcpy((VOID*)0x70259C, "\x68\x68\x68\x68\x68\x68", 6);
}
VOID MemoryHacks ()
{
#define cPlayer ClientShe + 0x54
#define WTW_offs1 0x1BC
#define WTW_offs2 0x1C0
#define WTW_offs3 0x1C4
DWORD CShell = (DWORD)GetModuleHandleA(EncryptedCShell);
DWORD pWeaponMgr = *(DWORD*)((DWORD)GetModuleHandleA(EncryptedCShell) + weaponMgr);
DWORD pPlayerPtr = *(DWORD*)((DWORD)GetModuleHandleA(EncryptedCShell) + cPlayer);
if(pPlayerPtr!=NULL)
{
if(FreezePos==1)
{
if(GetAsyncKeyState(VK_RSHIFT))
{
*(float*)(pPlayerPtr + 0x5F0) = -2.125f;
}
else
{
*(float*)(pPlayerPtr + 0x5F0) = 1;
}
}
if (Ready == false)
{
backup(CShell,weaponMgr);
if (*(BYTE*)(CShell+0x3ABCC5))
{
MakeE8JMP((BYTE*)(CShell+0x3ABCC5), (DWORD)Bypass, 5);
Ready = true;
for(int i=0; i<999; i++)
{
DWORD WeaponHooked = *(DWORD*) ( pWeaponMgr + (4*i ) );
if (WeaponHooked)
{
if (InstantReload) *(float*) (WeaponHooked + 0xC38) = 100;
if (InstantChange) *(float*) (WeaponHooked + 0xC3C) = 100;
if (DamageGrenade && GrenadeDamage) *(float*) (WeaponHooked + 0x81C) = 0.0f;
if (IsFlashGrenade && FlashDamage) *(float*) (WeaponHooked + 0x81C) = 0.0f;
if (IsSmokeGrenade && SmokeDamage) *(float*) (WeaponHooked + 0x81C) = 0.0f;
for ( int y=0; y<9; y++ )
{
if ( NoWeaponRecoil )
{
*(float*) (WeaponHooked + (0xEFC + (4*y))) = 0.0f;
*(float*) (WeaponHooked + (0x11CC + (4*y))) = 0.0f;
*(float*) (WeaponHooked + (0x1064 + (4*y))) = 0.0f;
*(float*) (WeaponHooked + (0x3710 + (4*y))) = 0.0f;
*(float*) (WeaponHooked + (0x352C + (4*y))) = 0.0f;
*(float*) (WeaponHooked + (0x53C + (4*y))) = 0.0f;
}
if (FastKnifes && Knife) *(float*) (WeaponHooked + (0xA70 + (4*y))) = 1.4f;
if ( KnockBack) *(float*) (WeaponHooked + (0x3CD4 + (4*y))) = 0.0f;
}
}
}
}
}
}
}
================================================== ================
Client28_3.h
typedef struct
{
BYTE Data[0x3000];
} WeaponMgrCopy;
WeaponMgrCopy* Weapons[1000];
void backup(DWORD CShell,DWORD weaponMgr)
{
DWORD ClientFx = (DWORD)GetModuleHandleA(EncryptedCShell);
if( !ClientFx )
return;
DWORD pWeaponMgr = *(DWORD*)(CShell+weaponMgr );
for(int i=0;i<=999;i++)
{
DWORD Weapon = *(DWORD*)(pWeaponMgr+(4*i));
if (Weapon)
{
Weapons[i] = new WeaponMgrCopy;
memcpy(Weapons[i], (void*)(Weapon), 0x1400);
}
}
}
WeaponMgrCopy* Bypass (int GunIndexNR)
{
return Weapons[GunIndexNR];
}
void MakeE8JMP(BYTE* paddress, DWORD yourfunction, DWORD dwlen)
{
DWORD dwOldProtect, dwBkup, dwRelAddr;
VirtualProtect(paddress, dwlen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
dwRelAddr = (DWORD) (yourfunction - (DWORD) paddress) - 5;
*paddress = 0xE8;
*((DWORD*) (paddress + 0x1)) = dwRelAddr;
for(DWORD x = 0x5; x < dwlen; x++) *(paddress + x) = 0x90;
VirtualProtect(paddress, dwlen, dwOldProtect, &dwBkup);
return;
}
================================================== ======
hXOR.h
#ifndef _XOR_H
#define _XOR_H
template <int XORSTART, int BUFLEN, int XREFKILLER>
class XorStr
{
private:
XorStr();
public:
char s[ BUFLEN ];
XorStr( const char * xs );
~XorStr()
{
for ( int i = 0; i < BUFLEN; i++ ) s[ i ]=0;
}
};
template <int XORSTART, int BUFLEN, int XREFKILLER>
XorStr<XORSTART,BUFLEN,XREFKILLER>::XorStr( const char * xs )
{
int xvalue = XORSTART;
int i = 0;
for ( ; i < ( BUFLEN - 1 ); i++ )
{
s[ i ] = xs[ i - XREFKILLER ] ^ xvalue;
xvalue += 1;
xvalue %= 256;
}
s[ BUFLEN - 1 ] = 0;
}
#endif
#define EncryptedCShell /*CShell.dll*/XorStr<0x77,11,0x0026791B>("\x34\x2B\x11\x1F\x17\x 10\x53\x1A\x13\xEC"+0x0026791B).s
#define EncryptedClientFx /*ClientFX.fxd*/XorStr<0x94,13,0xA00514A7>("\xD7\xF9\xFF\xF2\xF6\x ED\xDC\xC3\xB2\xFB\xE6\xFB"+0xA00514A7).s
#define EncD3d9 /*D3d9.dll*/XorStr<0x88,9,0x8F034C3B>("\xCC\xBA\xEE\xB2\xA2\xE 9\xE2\xE3"+0x8F034C3B).s
#define EncryptedCrossfire /*crossfire.exe*/XorStr<0xAD,14,0x3B5E9B13>("\xCE\xDC\xC0\xC3\xC2\x D4\xDA\xC6\xD0\x98\xD2\xC0\xDC"+0x3B5E9B13).s
Credit By MGH.net
Why Not Work For Crossfire??
I,think right offset and pointer.
But Not Work.
What Wrong for Source?
How to Fix ?
Plzzz