AutoKillPB.cpp

1. // dllmain.cpp : Defines the entry point for the DLL application.
2. #include "stdafx.h"
3.  
4. #define DEBUG_ERR 0
5.  
6. DWORD dwModuleBase;
7.  
8. void Start();
9. void Keys();
10. void Log(TCHAR message[]);
11. void UnloadAndExit();
12.  
13. typedef struct AutoKillStruct {
14.     DWORD KillType, P2, WeaponType, P4, P5, KillerSlot, P7, P8, P9, WeaponID, P11, P12, P13, P14, P15, P16, P17, P18, P19, P20, P21, P22, P23, A1, A2;
15. } stAutoKill;
16.  
17. stAutoKill AKS;
18.  
19. BOOL APIENTRY DllMain(HMODULE hModule, DWORD  ul_reason_for_call, LPVOID lpReserved)
20. {
21.     //  DisableThreadLibraryCalls(hModule);
22.  
23.     switch (ul_reason_for_call)
24.     {
25.     case DLL_PROCESS_ATTACH:
26.         CreateThread(0, 0, (LPTHREAD_START_ROUTINE)Start, 0, 0, 0);
27.     case DLL_THREAD_ATTACH:
28.     case DLL_THREAD_DETACH:
29.     case DLL_PROCESS_DETACH:
30.         break;
31.     }
32.     return TRUE;
33. }
34.  
35. void UnloadAndExit() {
36.     Log(L"Exit...\n\n");
37.     FreeLibraryAndExitThread(GetModuleHandle(L"Win32Proj.dll"), 0);
38. }
39.  
40. void Log(TCHAR message[]) {
41. #ifdef DEBUG_ERR
42.     fstream file;
43.     file.open("D:\\log.txt", ios::app);
44.     file << message << "\n";
45.     file.close();
46. #endif // DEBUG_ERR
47. }
48.  
49. bool PlayerIsDead(BYTE PlayerID) {
50.     Log(L"PlayerIsDead()");
51.  
52.     DWORD check = DWORD(*PDWORD(*PDWORD(*PDWORD(*PDWORD(*PDWORD(dwModuleBase + (DWORD)0x67B494) + (DWORD)0x34) + (DWORD)(0x4 * PlayerID)) + (DWORD)0x248) + (DWORD)0x10) + (DWORD)0x1C8);
53.  
54. #ifdef DEBUG_ERR
55.     TCHAR msg[100];
56.     StringCbPrintf(msg, 100, L"%d morreu? %d", PlayerID, *(int *)check == 1);
57.     Log(msg);
58. #endif // DEBUG_ERR
59.  
60.     return *(int *)check == 1;
61. }
62.  
63. DWORD GetEnemyAddress(BYTE PlayerID) {
64.     Log(L"GetEnemyAddress()");
65.  
66.     DWORD addi = DWORD(*PDWORD(*PDWORD(*PDWORD(*PDWORD(*PDWORD(dwModuleBase + (DWORD)0x67B494) + (DWORD)0x34) + (DWORD)(0x4 * PlayerID)) + (DWORD)0x248) + (DWORD)0x10) + (DWORD)0x0);
67.  
68. #ifdef DEBUG_ERR
69.     TCHAR msg[100];
70.     StringCbPrintf(msg, 100, L"%d addi: 0x%p", PlayerID, addi);
71.     Log(msg);
72. #endif // DEBUG_ERR
73.  
74.     return addi;
75. }
76.  
77. void AutoKillBugFix() {
78.     DWORD AntiBugAddr, OldProtect;
79.     Log(L"Protect...");
80.     AntiBugAddr = (DWORD)GetModuleHandle(L"i3SceneDx.dll") + (DWORD)0x1CEF9;
81.     if (*PBYTE(AntiBugAddr) != 0xEB) {
82.         VirtualProtect((LPVOID)AntiBugAddr, 1, PAGE_EXECUTE_READWRITE, &OldProtect);
83.         *PBYTE(AntiBugAddr) = 0xEB;
84.         VirtualProtect((LPVOID)AntiBugAddr, 1, OldProtect, &OldProtect);
85.     }
86. }
87.  
88. void RemoveRespawnImmortality() {
89.     BYTE i, PlayerID = 0;
90.  
91.     for (i = 1; i < 9; i++) {
92.         *(PDWORD(*PDWORD(*PDWORD(*PDWORD(*PDWORD(*PDWORD(dwModuleBase + (DWORD)0x67B494) + (DWORD)0x34) + (DWORD)PlayerID) + (DWORD)0x248) + (DWORD)0x10) + (DWORD)0x218)) = 0xBF000000;
93.         PlayerID += 4;
94.     }
95. }
96.  
97. void ProvokeDamage(DWORD EnemyAddr) {
98. #ifdef DEBUG_ERR
99.     TCHAR mmsg[100];
100.     StringCbPrintf(mmsg, 100, L"Trying: 0x%p", EnemyAddr);
101.     Log(mmsg);
102. #endif // DEBUG_ERR
103.  
104.     AKS.KillType = 1;
105.     AKS.WeaponType = 1;
106.     AKS.WeaponID = 1;
107.     AKS.KillerSlot = 0; // (DWORD)(PDWORD(*PDWORD(dwModuleBase + (DWORD)0x67B4C8) + (DWORD)0x6158));
108.  
109.     TCHAR msg[100];
110.     StringCbPrintf(msg, 100, L"KillerSlot: 0x%p=%d", AKS.KillerSlot, AKS.KillerSlot);
111.     Log(msg);
112.  
113.     AKS.P2 = 1;
114.     AKS.P4 = 0;
115.     AKS.P5 = 1;
116.     AKS.P7 = 1;
117.     AKS.P8 = 0;
118.     AKS.P9 = 0;
119.     AKS.P11 = 1065353216;
120.     AKS.P12 = 0;
121.     AKS.P13 = 0;
122.     AKS.P14 = 0;
123.     AKS.P15 = 1;
124.     AKS.P16 = 0;
125.     AKS.P17 = 0;
126.     AKS.P18 = 0;
127.     AKS.P19 = 0;
128.     AKS.P20 = DWORD(&AKS.A1);
129.     AKS.P21 = DWORD(&AKS.A2);
130.     AKS.P22 = 0;
131.     AKS.P23 = 0;
132.  
133.     DWORD PUSHStruct = (DWORD)(&AKS);
134.     StringCbPrintf(msg, 100, L"push: 0x%d", (*((stAutoKill *)PUSHStruct)).P11);
135.     Log(msg);
136.  
137.     Log(L"__asm");
138.     __asm {
139.         PUSH PUSHStruct
140.             MOV ECX, EnemyAddr
141.             MOV EAX, dwModuleBase
142.             ADD EAX, 0x3EEA0
143.             CALL EAX
144.     }
145. }
146.  
147. void KillPlayer(BYTE PlayerID) {
148.     Log(L"KillPlayer()");
149.     // 150
150.     for (int i = 0; i < 150; i++) {
151.         if (PlayerIsDead(PlayerID))
152.             break;
153.  
154.         ProvokeDamage(GetEnemyAddress(PlayerID));
155.     }
156. }
157.  
158. void Start() {
159.     dwModuleBase = (DWORD)GetModuleHandle(L"PointBlank.exe");
160.     Keys();
161. }
162.  
163. void Keys() {
164.     while (true) {
165.         /* Exit Program */
166.         if (GetAsyncKeyState(VK_NUMPAD0))
167.             UnloadAndExit();
168.  
169.         /* AUTO KILL */
170.         if (GetAsyncKeyState(VK_NUMPAD1)) {
171.             for (int i = 1; i <= 8; i++) {
172.                 if (PlayerIsDead(i))
173.                     continue;
174.  
175.                 KillPlayer(i);
176.             }
177.         }
178.  
179.         /* RESPAWN */
180.         if (GetAsyncKeyState(VK_NUMPAD2)) {
181.             DWORD Slot = 0;
182.  
183.             __asm {
184.                 PUSH 100
185.                     CALL Sleep
186.                     MOV ECX, dwModuleBase
187.                     MOV EDX, ECX
188.                     ADD ECX, 0x67B494
189.                     MOV ECX, [ECX]
190.                     ADD EDX, 0x450E0
191.                     PUSH 1
192.                     PUSH Slot
193.                     CALL EDX
194.             }
195.         }
196.     }
197. }