API tools faq
paste
Advertisement
Guest User

Crossfire Hook [ WE11ington ]

a guest
Dec 1st, 2012
784
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
C++ 6.52 KB | None | 0 0
raw download clone embed print report
  1. #include <windows.h>
  2. #include <stdio.h>
  3. #include <d3d9.h>
  4. #include <d3dx9.h>
  5.  
  6. #pragma comment(lib, "d3d9.lib")
  7. #pragma comment(lib, "d3dx9.lib")
  8.  
  9. #define ResetEngine 0x00454B55
  10. DWORD retResetEngine = ( ResetEngine + 0x5 );
  11.  
  12. #define PresentEngine 0x004C7CEF
  13. DWORD retPresentEngine = ( PresentEngine + 0x5 );
  14. // http://www.unknowncheats.me/forum/crossfire/79420-hook-present-engine.html
  15.  
  16. #define BeginSceneEngine 0x00455ECE
  17. DWORD retBeginSceneEngine = ( BeginSceneEngine + 0x8 );
  18.  
  19. #define EndSceneEngine 0x00455FAF
  20. DWORD retEndSceneEngine = ( EndSceneEngine + 0x8 );
  21. // http://www.unknowncheats.me/forum/crossfire/79135-hook-endscene-engine.html
  22.  
  23. #define DIPEngine1 0x004B766D
  24. DWORD retDIPEngine1 = ( DIPEngine1 + 0x8 );
  25. // http://www.unknowncheats.me/forum/crossfire/78917-hook-dip-engine.html
  26.  
  27. #define DIPEngine2 0x004B2F22
  28. DWORD retDIPEngine2 = ( DIPEngine2 + 0x8 );
  29. // http://www.unknowncheats.me/forum/crossfire/79265-hook-dip-engine-2-a.html
  30.  
  31. LPD3DXFONT myFont;
  32.  
  33. VOID StartFont( LPDIRECT3DDEVICE9 pDevice )
  34. {
  35.     if( myFont )
  36.     {
  37.         myFont->Release();
  38.         myFont = 0;
  39.     }
  40.  
  41.     if( !myFont )
  42.     {
  43.         D3DXCreateFont( pDevice,
  44.                 14,
  45.                 6,
  46.                 FW_BOLD,
  47.                 1,
  48.                 0,
  49.                 DEFAULT_CHARSET,
  50.                 OUT_DEFAULT_PRECIS,
  51.                 ANTIALIASED_QUALITY,
  52.                 DEFAULT_PITCH | FF_DONTCARE,
  53.                 "Arial",
  54.                 &myFont );
  55.     }
  56. }
  57.  
  58. VOID WriteText( LPDIRECT3DDEVICE9 pDevice, INT x, INT y, DWORD color, CHAR *text )
  59. {  
  60.     RECT rect;
  61.     SetRect( &rect, x, y, x, y );
  62.     myFont->DrawText( 0, text, -1, &rect, DT_NOCLIP | DT_LEFT, color );
  63. }
  64.  
  65. __declspec( naked ) HRESULT WINAPI ResetMidfunction( )
  66. {
  67.     static LPDIRECT3DDEVICE9 pDevice;
  68.  
  69.     __asm
  70.     {
  71.         MOV EDX,DWORD PTR DS:[EAX]
  72.         MOV EDX,DWORD PTR DS:[EDX + 0x40]
  73.         MOV DWORD PTR DS:[pDevice], EAX
  74.         PUSHAD
  75.     }
  76.  
  77.     // Code Here
  78.  
  79.     __asm
  80.     {
  81.         POPAD
  82.         JMP retResetEngine
  83.     }
  84. }
  85.  
  86. __declspec( naked ) HRESULT WINAPI PresentMidfunction( )
  87. {
  88.     static LPDIRECT3DDEVICE9 pDevice;
  89.  
  90.     __asm
  91.     {
  92.         MOV ECX, DWORD PTR DS:[EAX]
  93.         MOV EDX, DWORD PTR DS:[ECX + 0x44]
  94.         MOV DWORD PTR DS:[pDevice], EAX
  95.         PUSH 0
  96.         PUSHAD
  97.     }
  98.  
  99.     StartFont( pDevice );
  100.  
  101.     if( myFont )
  102.         WriteText( pDevice, 300, 300, 0xFFFF0000, "Hook Present Engine" );
  103.  
  104.     __asm
  105.     {
  106.         POPAD
  107.         JMP retPresentEngine
  108.     }
  109. }
  110.  
  111. __declspec( naked ) HRESULT WINAPI BeginSceneMidfunction( )
  112. {
  113.     static LPDIRECT3DDEVICE9 pDevice;
  114.  
  115.     __asm
  116.     {
  117.         MOV ECX, DWORD PTR DS:[EAX]
  118.         MOV EDX, DWORD PTR DS:[ECX + 0xA4]
  119.         MOV DWORD PTR DS:[pDevice], EAX
  120.         PUSHAD
  121.     }
  122.  
  123.     // Code Here
  124.  
  125.     __asm
  126.     {
  127.         POPAD
  128.         JMP retBeginSceneEngine
  129.     }
  130. }
  131.  
  132. __declspec( naked ) HRESULT WINAPI EndSceneMidfunction( )
  133. {
  134.     static LPDIRECT3DDEVICE9 pDevice;
  135.  
  136.     __asm
  137.     {
  138.         MOV ECX, DWORD PTR DS:[EAX]
  139.         MOV EDX, DWORD PTR DS:[ECX + 0xA8]
  140.         MOV DWORD PTR DS:[pDevice], EAX
  141.         PUSHAD
  142.     }
  143.  
  144.     StartFont( pDevice );
  145.  
  146.     if( myFont )
  147.         WriteText( pDevice, 300, 300, 0xFFFF0000, "Hook EndScene Engine" );
  148.  
  149.     __asm
  150.     {
  151.         POPAD
  152.         JMP retEndSceneEngine
  153.     }
  154. }
  155.  
  156. __declspec( naked ) HRESULT WINAPI DIPMidfunction1( )
  157. {
  158.     static LPDIRECT3DDEVICE9 pDevice;
  159.  
  160.     __asm
  161.     {
  162.         MOV EDX, DWORD PTR DS:[EAX]
  163.         MOV EDX, DWORD PTR DS:[EDX + 0x148]
  164.         MOV DWORD PTR DS:[pDevice], EAX
  165.         PUSHAD
  166.     }
  167.    
  168.     pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );
  169.  
  170.     __asm
  171.     {
  172.         POPAD
  173.         JMP retDIPEngine1
  174.     }
  175. }
  176.  
  177. __declspec( naked ) HRESULT WINAPI DIPMidfunction2( )
  178. {
  179.     static LPDIRECT3DDEVICE9 pDevice;
  180.     static INT BaseVertexIndex;
  181.     static UINT MinVertexIndex, NumVertices, startIndex, primCount;
  182.  
  183.     __asm
  184.     {
  185.         MOV ECX, DWORD PTR DS:[EAX]
  186.         MOV EDX, DWORD PTR DS:[ECX + 0x148]
  187.         MOV ECX, DWORD PTR DS:[EBP + 0x18]
  188.         MOV DWORD PTR DS:[BaseVertexIndex], ECX
  189.         MOV ECX, DWORD PTR DS:[EBP + 0x8]
  190.         MOV DWORD PTR DS:[MinVertexIndex], ECX
  191.         MOV ECX, DWORD PTR DS:[EBP + 0x10]
  192.         MOV DWORD PTR DS:[NumVertices], ECX
  193.         MOV ECX, DWORD PTR DS:[EBP + 0xC]
  194.         MOV DWORD PTR DS:[startIndex], ECX
  195.         MOV ECX, DWORD PTR DS:[EBP + 0x14]
  196.         MOV DWORD PTR DS:[primCount], ECX
  197.         PUSHAD
  198.     }
  199.    
  200.     pDevice->SetRenderState( D3DRS_ZENABLE, D3DZB_FALSE );
  201.  
  202.     __asm
  203.     {
  204.         POPAD
  205.         JMP retDIPEngine2
  206.     }
  207. }
  208.  
  209. VOID *DetourCreate( BYTE *src, CONST BYTE *dst, CONST INT len )
  210. {
  211.     BYTE *jmp = ( BYTE * ) malloc( len + 5 );
  212.     DWORD dwBack;
  213.  
  214.     VirtualProtect( src, len, PAGE_READWRITE, &dwBack );
  215.     memcpy( jmp, src, len );   
  216.     jmp += len;
  217.     jmp[0] = 0xE9;
  218.     *( DWORD * )( jmp + 1 ) = ( DWORD )( src + len - jmp ) - 5;
  219.  
  220.     src[0] = 0xE9;
  221.     *( DWORD * )( src + 1 ) = ( DWORD )( dst - src ) - 5;
  222.     for( INT i = 5; i < len; i++ )
  223.         src[i] = 0x90;
  224.     VirtualProtect( src, len, dwBack, &dwBack );
  225.  
  226.     return( jmp - len );
  227. }
  228.  
  229. DWORD WINAPI StartRoutine( LPVOID )
  230. {
  231.     while( TRUE )
  232.     {
  233.         //ResetEngine Detected
  234.         //if( memcmp( ( VOID * )ResetEngine, ( VOID * )( PBYTE )"\x8B\x10", 2 ) == 0 )
  235.         //{
  236.         //  Sleep( 100 );
  237.         //  DetourCreate( ( PBYTE )ResetEngine, ( PBYTE )ResetMidfunction, 5 );
  238.         //}
  239.  
  240.  
  241.         //PresentEngine Detected
  242.         //if( memcmp( ( VOID * )PresentEngine, ( VOID * )( PBYTE )"\x8B\x51", 2 ) == 0 )
  243.         //{
  244.         //  Sleep( 100 );
  245.         //  DetourCreate( ( PBYTE )PresentEngine, ( PBYTE )PresentMidfunction, 5 );
  246.         //}
  247.  
  248.  
  249.         //PresentEngine Detected
  250.         //if( memcmp( ( VOID * )PresentEngine, ( VOID * )( PBYTE )"\x8B\x51", 2 ) == 0 )
  251.         //{
  252.         //  Sleep( 100 );
  253.         //  DetourCreate( ( PBYTE )( PresentEngine - 0x5 ), ( PBYTE )PresentMidfunction, 5 );
  254.         //  memcpy( ( VOID * )PresentEngine, ( VOID * )( PBYTE )"\x41\xE2\xF8", 3 );
  255.         //}
  256.  
  257.  
  258.         //BeginSceneEngine Detected
  259.         //if( memcmp( ( VOID * )BeginSceneEngine, ( VOID * )( PBYTE )"\x8B\x08", 2 ) == 0 )
  260.         //{
  261.         //  Sleep( 100 );
  262.         //  DetourCreate( ( PBYTE )BeginSceneEngine, ( PBYTE )BeginSceneMidfunction, 8 );
  263.         //}
  264.  
  265.  
  266.         //EndSceneEngine Detected
  267.         //if( memcmp( ( VOID * )EndSceneEngine, ( VOID * )( PBYTE )"\x8B\x08", 2 ) == 0 )
  268.         //{
  269.         //  Sleep( 100 );
  270.         //  DetourCreate( ( PBYTE )EndSceneEngine, ( PBYTE )EndSceneMidfunction, 8 );
  271.         //}
  272.  
  273.  
  274.         //DIPEngine1 Detected
  275.         //if( memcmp( ( VOID * )DIPEngine1, ( VOID * )( PBYTE )"\x8B\x10", 2 ) == 0 )
  276.         //{
  277.         //  Sleep( 100 );
  278.         //  DetourCreate( ( PBYTE )DIPEngine1, ( PBYTE )DIPMidfunction1, 8 );
  279.         //}
  280.  
  281.  
  282.         //DIPEngine2 Detected
  283.         //if( memcmp( ( VOID * )DIPEngine2, ( VOID * )( PBYTE )"\x8B\x08", 2 ) == 0 )
  284.         //{
  285.         //  Sleep( 100 );
  286.         //  DetourCreate( ( PBYTE )DIPEngine2, ( PBYTE )DIPMidfunction2, 8 );
  287.         //}
  288.  
  289.         Sleep( 50 );
  290.     }
  291.  
  292.     return 0;
  293. }
  294.  
  295. BOOL WINAPI DllMain( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
  296. {
  297.     if( dwReason == DLL_PROCESS_ATTACH )
  298.     {
  299.         DisableThreadLibraryCalls( hDll );
  300.         MessageBox( 0, "Hook Engine", "Crossfire", 0 );
  301.         CreateThread( 0, 0, (LPTHREAD_START_ROUTINE)StartRoutine, 0, 0, 0 );
  302.     }
  303.  
  304.     return TRUE;
  305. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!