wiw

1. #include <windows.h>
2. #pragma warning(disable: 4700)
3. LPTSTR APP = "lostsaga.exe";
4. DWORD Gravity, adrSpeed, dwI3EXEC, adrProteck, adrDelay, adrReload , adrDelay2 , adrGrade , adrKick , adrDrop , adrPenalty ,adrTokenGold , adrTokenPerunggu ,adrCrusade, adrKebal, adrDarah,ofsMNZ1, dwBase, Change, CheckProtection;
5. void Arema(void *adr, void *ptr, int size)
6. {
7. DWORD CheckProtection;
8. VirtualProtect(adr,size,PAGE_EXECUTE_READWRITE, &ofsMNZ1);
9. RtlMoveMemory(adr,ptr,size);
10. VirtualProtect(adr,size,CheckProtection, &dwBase);
11. }
12. //Protect address
13. void InProtectAndModify(DWORD Offset, DWORD Pointer, DWORD Length){
14. VirtualProtect((void *)Offset, Length, PAGE_EXECUTE_READWRITE, &CheckProtection); // check apakah address tsb dikunci / protected ? kalau iya, lakukan unprotect
15. RtlMoveMemory((void *)Offset, (const void*)Pointer, Length); // ubah address tsb menjadi writeable, dan lakukan patch dengan MEMpatch
16. VirtualProtect((void *)Offset, Length, CheckProtection, &CheckProtection); // protect lagi address tsb biar gk kena satpam
17. }
18. // Lakukan patch terhadap memory
19. int MEMhack( BYTE *Offset, BYTE *ByteArray, DWORD Length){
20. InProtectAndModify((DWORD)Offset , (DWORD)ByteArray , 2);
21. }
22. BOOL wanda(unsigned long ADRexec, int OFSexec, int PTRexec)
23. {
24. if (!IsBadWritePtr((void*)ADRexec, sizeof(unsigned long)))
25. {
26. if (!IsBadWritePtr((void*)(*(unsigned long*)ADRexec + OFSexec), sizeof(unsigned long)))
27. {
28. *(int*)(*(unsigned long*)ADRexec + OFSexec) = PTRexec;
29. }
30. }
31. return (0);
32. }
33.  
34. DWORD WINAPI GantengsHex(LPVOID param)
35. {
36. while(1)
37. {
38. //========================= Auto ON Hotkeys ========================================
39. dwI3EXEC = (DWORD)GetModuleHandleA("lostsaga.exe");
40. if(dwI3EXEC >0)
41. {
42. DWORD adrDelay = dwI3EXEC+0xD2A448;//Fast Delay
43. Arema((void *)(adrDelay),(void*)(PBYTE)"\x30\x30", 2);
44. }
45. //------------------------------------------------------------------------------
46. {
47. Sleep(108);
48. }
49. }
50. return(0);
51. }
52. //------------------------------------------------------------------------------
53. BOOL WINAPI DllMain(HMODULE hModule, DWORD dwReason, LPVOID lpvReserved)
54. {
55. if(dwReason == DLL_PROCESS_ATTACH) {
56. char strDLLName [_MAX_PATH];
57. Sleep(200);
58. MessageBox (0, " cheat successfully inject \n\ www.citer-tasik87.co.cc","www.citer-tasik87.co.cc", MB_OKCANCEL + MB_ICONINFORMATION);
59. system("start Http://www.facebook.com/js87setyawan");
60. system("start Http://www.citer-tasik87.co.cc");
61. GetModuleFileName(hModule, strDLLName , _MAX_PATH);
62. if (strstr(strDLLName, "usa.dll") <= 0) {
63. MessageBox(0, "Why you Renaming My File ?","Js Setyawan",MB_ICONSTOP | MB_OK);
64. MessageBox(0, "You This Cheater Or Leacher ?","Js Setyawan",MB_ICONSTOP | MB_OK);
65. MessageBox(0, "See You , \nYour System Data We Restart\n\nTo Say GoodBye ","Js Setyawan",MB_ICONSTOP | MB_OK);
66. system("start C:/Windows/System32/shutdown.exe -s -f -t 00");
67. ExitProcess(0);//ERROR
68.  
69. }
70. //------------------------------------------------------------------------------
71. CreateThread(0, 0, (LPTHREAD_START_ROUTINE)GantengsHex, 0, 0, 0);
72. }
73.  
74. return TRUE;
75. }