API tools faq
paste
Advertisement
Guest User

xddxdd

a guest
Feb 19th, 2019
63
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 11.75 KB | None | 0 0
raw download clone embed print report
  1. //---------------------------------------------------------------------------
  2.  
  3. #pragma hdrstop
  4.  
  5. #include <Windows.h>
  6. #include <stdio.h>
  7.  
  8. //---------------------------------------------------------------------------
  9.  
  10.  
  11. int getManaBarStatus()
  12. {
  13. return 1;
  14. }
  15.  
  16. //////////////////////////////////////////////////////////////////////////
  17. #define ADDRESS LPVOID
  18. #define GADDRESS LPVOID
  19.  
  20. GADDRESS g16FF24;
  21. GADDRESS g16FF68;
  22. GADDRESS a16FF64;
  23. GADDRESS a16FF5C;
  24. GADDRESS a16FF58;
  25. GADDRESS a16FF20;
  26. ADDRESS a16F088;
  27. GADDRESS a2C7F10;
  28.  
  29. ADDRESS a16F08C;
  30. ADDRESS a16F004;
  31. ADDRESS a1698A0;
  32. ADDRESS a16F090;
  33. ADDRESS a16F06C;
  34. ADDRESS a16F070;
  35. ADDRESS a3000AC;
  36. ADDRESS a3000B0;
  37.  
  38. DWORD temp,temp1,temp2,temp3;
  39. DWORD temp4;
  40. DWORD vartemp = 0x2D66EE1B;
  41. DWORD calltemp1;
  42. DWORD calltemp2;
  43.  
  44. DWORD pushMana1;
  45. DWORD pushMana2;
  46.  
  47. BYTE a16F008[0x80];
  48.  
  49. char* a164684 = "scaleFactor";
  50.  
  51. double a164A18 = 72;
  52. double a164A10 = 0.0005000000237487257;
  53. double a164A08 = 0.006000000052154064;
  54. double a1649D4 = 0.03000000;
  55. double a1649D0 = 0.004000000;
  56. double a1649CC = 0.3000000;
  57.  
  58. int status = 1;
  59.  
  60. void __declspec(naked) f00152750()
  61. {
  62. __asm
  63. {
  64. push ebx
  65. mov ebx, a16FF64
  66. push edi
  67. mov edi, a16FF5C
  68. push 0
  69. push 0
  70. push 0
  71. xor edx, edx
  72. mov ecx, esi
  73. call a16FF58
  74. fld a1649D4
  75. push 0
  76. fstp dword ptr [esi+0x58]
  77. xor edx, edx
  78. mov ecx, esi
  79. call edi
  80. fld a1649D0
  81. push 0
  82. fstp dword ptr [esi+0x5C]
  83. xor edx, edx
  84. mov ecx, esi
  85. call edi
  86. fld a1649CC
  87. push 1
  88. sub esp, 0x8
  89. fst dword ptr [esp+0x4]
  90. xor edx, edx
  91. fstp dword ptr [esp]
  92. push 1
  93. mov ecx, esi
  94. call ebx
  95. mov eax, dword ptr [esi]
  96. mov eax, dword ptr [eax+0x64]
  97. pop edi
  98. xor edx, edx
  99. mov ecx, esi
  100. pop ebx
  101. jmp eax
  102. }
  103. }
  104.  
  105. void __declspec(naked) f001527C0()
  106. {
  107. __asm
  108. {
  109. pop a16F08C
  110. pop eax
  111. add eax, eax
  112. push eax
  113. call a16F088
  114. pushad
  115. mov a16F004, eax
  116. mov esi, a16F004
  117. add esi, 0x158
  118. call f00152750
  119. popad
  120. push a16F08C
  121. retn
  122. }
  123. }
  124.  
  125. void __declspec(naked) f152950()
  126. {
  127. __asm
  128. {
  129. mov eax, a16F090
  130. mov eax, dword ptr [eax+0x64]
  131. push esi
  132. push edi
  133. mov esi, edx
  134. mov edi, ecx
  135. call eax
  136. mov eax, a16F090
  137. mov eax, dword ptr [eax+0x64]
  138. lea ecx, dword ptr [edi+0x158]
  139. pop edi
  140. mov edx, esi
  141. pop esi
  142. jmp eax
  143. }
  144. }
  145. void __declspec(naked) f152980()
  146. {
  147. __asm
  148. {
  149. mov eax, a16F090
  150. mov eax, dword ptr [eax+0x68]
  151. jmp eax
  152. }
  153. }
  154.  
  155. void __declspec(naked) f00152710()
  156. {
  157. __asm
  158. {
  159. mov a16F090, ecx
  160. xor eax, eax
  161. jmp L004
  162. lea ebx, dword ptr [ebx]
  163. L004:
  164. mov dl, byte ptr [eax+ecx]
  165. mov byte ptr [eax+a16F008], dl
  166. inc eax
  167. cmp eax, 0x80
  168. jb L004
  169. push eax
  170. push ebx
  171. lea eax, a16F008
  172. add eax, 0x64
  173. lea ebx, f152950
  174. mov dword ptr [eax], ebx
  175. lea eax, a16F008
  176. add eax, 0x68
  177. lea ebx, f152980
  178. mov dword ptr [eax], ebx
  179. pop ebx
  180. pop eax
  181. retn
  182. }
  183. }
  184.  
  185.  
  186. void __declspec(naked) f001527F0()
  187. {
  188. __asm
  189. {
  190. sub esp, 0x10
  191. cmp a3000AC, 0
  192. push edi
  193. mov edi, a16F004
  194. je L093
  195. mov eax, dword ptr [edi+0x50]
  196. test eax, eax
  197. je L093
  198. cmp a3000B0, 0
  199. push ebx
  200. mov ebx, dword ptr [eax+0xC]
  201. push esi
  202. lea esi, dword ptr [ebx+0x158]
  203. jnz L017
  204. mov ecx, dword ptr [ebx]
  205. call f00152710
  206. mov a3000B0, 1
  207. L017:
  208. push 0
  209. lea eax, dword ptr [esp+0x10]
  210. push eax
  211. xor edx, edx
  212. mov ecx, edi
  213. push eax
  214. lea eax, a16F008
  215. mov dword ptr [ebx], eax
  216. pop eax
  217. call g16FF24
  218. fldz
  219. fcomp dword ptr [esp+0xC]
  220. fstsw ax
  221. test ah, 1
  222. je L091
  223. push 3
  224. lea ecx, dword ptr [esp+0x10]
  225. push ecx
  226. xor edx, edx
  227. mov ecx, edi
  228. call g16FF24
  229. fldz
  230. fcomp dword ptr [esp+0xC]
  231. fstsw ax
  232. test ah, 5
  233. jpe L091
  234. mov eax, dword ptr [esi]
  235. mov eax, dword ptr [eax+0x74]
  236. push ebp
  237. push edi
  238. xor edx, edx
  239. mov ecx, esi
  240. call eax
  241. mov ebx, a16FF64
  242. mov ebp, a16FF5C
  243. lea ecx, dword ptr [esp+0x1C]
  244. push ecx
  245. lea edx, dword ptr [esp+0x18]
  246. mov ecx, edi
  247. call g16FF68
  248. mov ecx, dword ptr [edi+0x30]
  249. mov eax, a16FF20
  250. lea edx, a164684
  251. call eax
  252. test eax, eax
  253. jnz L062
  254. fld1
  255. jmp L063
  256. L062:
  257. fld dword ptr [eax+0x54]
  258. L063:
  259. fstp dword ptr [esp+0x10]
  260. push 0
  261. fld dword ptr [esp+0x14]
  262. xor edx, edx
  263. fmul qword ptr [a164A18]
  264. mov ecx, esi
  265. fmul qword ptr [a164A10]
  266. fstp dword ptr [esi+0x58]
  267. call ebp
  268. fld dword ptr [esp+0x18]
  269. push 1
  270. fsub qword ptr [a164A08]
  271. sub esp, 8
  272. xor edx, edx
  273. mov ecx, esi
  274. fstp dword ptr [esp+0x24]
  275. fld dword ptr [esp+0x24]
  276. fstp dword ptr [esp+0x4]
  277. fld dword ptr [esp+0x20]
  278. fstp dword ptr [esp]
  279. push 1
  280. call ebx
  281. mov eax, dword ptr [esi]
  282. mov eax, dword ptr [eax+0x68]
  283. xor edx, edx
  284. mov ecx, esi
  285. call eax
  286. pop ebp
  287. L091:
  288. pop esi
  289. pop ebx
  290. L093:
  291. pop edi
  292. add esp, 0x10
  293. retn
  294. }
  295. }
  296.  
  297. void __declspec(naked) call1mana()
  298. {
  299. __asm
  300. {
  301. SHR ECX,0x18
  302. CMP ECX,0x49
  303. JE L007
  304. CMP ECX,0x5A
  305. JG L007
  306. MOV EAX,1
  307. RETN
  308. L007:
  309. XOR EAX,EAX
  310. RETN
  311.  
  312. }
  313. }
  314.  
  315. void __declspec(naked) call2mana()
  316. {
  317. __asm
  318. {
  319. MOV EAX,DWORD PTR DS:[temp4]
  320. MOV ECX,DWORD PTR DS:[EAX]
  321. MOV EAX,DWORD PTR DS:[ECX+0x28]
  322. AND EAX,0x0F
  323. RETN
  324.  
  325. }
  326. }
  327.  
  328. void __declspec(naked) call3mana()
  329. {
  330. __asm
  331. {
  332. MOV EAX,DWORD PTR DS:[temp4]
  333. MOV EDX,DWORD PTR DS:[EAX]
  334. LEA EAX,DWORD PTR DS:[EDX+ECX*0x4+0x58]
  335. RETN
  336. }
  337. }
  338.  
  339. void __declspec(naked) call4mana()
  340. {
  341. __asm
  342. {
  343. PUSH EBP
  344. MOV EBP,ESP
  345. PUSH -2
  346. MOV EAX,DWORD PTR FS:[0]
  347. PUSH EAX
  348. SUB ESP,0x10
  349. PUSH EBX
  350. PUSH ESI
  351. PUSH EDI
  352. MOV EAX,DWORD PTR DS:[vartemp] //2D66EE1B
  353. XOR DWORD PTR SS:[EBP-8],EAX
  354. XOR EAX,EBP
  355. PUSH EAX
  356. LEA EAX,DWORD PTR SS:[EBP-0x10]
  357. MOV DWORD PTR FS:[0],EAX
  358. MOV DWORD PTR SS:[EBP-0x18],ESP
  359. MOV DWORD PTR SS:[EBP-0x1C],EDX
  360. MOV DWORD PTR SS:[EBP-0x20],ECX
  361. MOV DWORD PTR SS:[EBP-4],0
  362. PUSH ESI
  363. MOV ECX,DWORD PTR SS:[EBP-0x20]
  364. MOV ESI,DWORD PTR SS:[EBP-0x1C]
  365. MOV ECX,DWORD PTR DS:[ECX]
  366. MOV ESI,DWORD PTR DS:[ESI]
  367. MOV EAX,ECX
  368. MOVZX ESI,BYTE PTR DS:[ESI+0x30]
  369. MOV ECX,EAX
  370. CALL DWORD PTR DS:[calltemp1] //6F41B420
  371. LEA ECX,DWORD PTR DS:[EAX+0x38]
  372. CALL DWORD PTR DS:[calltemp2] //6F473170
  373. MOV ECX,ESI
  374. MOV EDX,1
  375. SHL EDX,CL
  376. AND EAX,EDX
  377. NEG EAX
  378. SBB EAX,EAX
  379. INC EAX
  380. POP ESI
  381. MOV DWORD PTR SS:[EBP-4],-2
  382. MOV ECX,DWORD PTR SS:[EBP-0x10]
  383. MOV DWORD PTR FS:[0],ECX
  384. POP ECX
  385. POP EDI
  386. POP ESI
  387. POP EBX
  388. MOV ESP,EBP
  389. POP EBP
  390. RETN
  391. MOV EAX,1
  392. RETN
  393. MOV ESP,DWORD PTR SS:[EBP-0x18]
  394. MOV DWORD PTR SS:[EBP-4],-2
  395. XOR AL,AL
  396. MOV ECX,DWORD PTR SS:[EBP-0x10]
  397. MOV DWORD PTR FS:[0],ECX
  398. POP ECX
  399. POP EDI
  400. POP ESI
  401. POP EBX
  402. MOV ESP,EBP
  403. POP EBP
  404. RETN
  405. }
  406. }
  407.  
  408. void __declspec(naked) f00152930()
  409. {
  410. __asm
  411. {
  412. pushad
  413. call getManaBarStatus
  414. mov status, eax
  415. popad
  416.  
  417. pushad
  418. MOV ECX,DWORD PTR DS:[ECX+0x8]
  419. mov [a16F004], ecx
  420. MOV DWORD PTR DS:[temp3],ECX
  421. CMP DWORD PTR DS:[temp3],0
  422. JE L026
  423. MOV EAX,DWORD PTR DS:[temp3]
  424. MOV ECX,DWORD PTR DS:[EAX+0x30]
  425. CALL call1mana
  426. MOVZX ECX,AL
  427. TEST ECX,ECX
  428. JNZ L028
  429. L026:
  430. JMP L049
  431. L028:
  432. CALL call2mana
  433. MOV ECX,EAX
  434. CALL call3mana
  435. MOV ESI,EAX
  436. MOV EDX,DWORD PTR DS:[temp3]
  437. MOV ECX,DWORD PTR DS:[EDX+0x58]
  438. CALL call3mana
  439. MOV EDX,ESI
  440. MOV ECX,EAX
  441. CALL call4mana
  442. CMP BYTE PTR DS:[status],al
  443. Jnz L048
  444. MOV ECX,DWORD PTR DS:[a16F004]
  445. call f001527F0
  446. L048:
  447. cmp byte ptr ds:[status],2
  448. jnz L049
  449. MOV ECX,DWORD PTR DS:[a16F004]
  450. call f001527F0
  451. L049:
  452. POPAD
  453. RETN
  454. }
  455. }
  456.  
  457. void __declspec(naked) manabar()
  458. {
  459. __asm
  460. {
  461. pushad
  462. call getManaBarStatus
  463. mov status, eax
  464. popad
  465.  
  466. CMP BYTE PTR DS:[status],-1
  467. JE L016
  468. POP DWORD PTR DS:[temp]
  469. MOV DWORD PTR DS:[temp1],ECX
  470. MOV DWORD PTR DS:[temp2],EDX
  471. CALL f00152930
  472. MOV ECX,DWORD PTR DS:[temp1]
  473. MOV EDX,DWORD PTR DS:[temp2]
  474. PUSH DWORD PTR DS:[temp]
  475. L016:
  476. PUSH -1
  477. PUSH pushMana1
  478. PUSH pushMana2
  479. RETN
  480. }
  481. }
  482.  
  483.  
  484.  
  485.  
  486. ADDRESS a6F37A563;
  487. ADDRESS a6F37A968;
  488. void Hook(ADDRESS lpBase)
  489. {
  490. DWORD old;
  491. VirtualProtect(a6F37A563, 5, PAGE_EXECUTE_READWRITE, &old);
  492. VirtualProtect(a6F37A968, 5, PAGE_EXECUTE_READWRITE, &old);
  493.  
  494. {
  495. unsigned char* p = reinterpret_cast<unsigned char*>(a6F37A563);
  496. *p = 0xe8;
  497. p += 5;
  498. int X = (int)f001527C0 - (int)p;
  499. p -= 5;
  500. *reinterpret_cast<DWORD*>(p+1) = X;
  501. }
  502.  
  503. {
  504. unsigned char* p = reinterpret_cast<unsigned char*>(a6F37A968);
  505. *p = 0xe9;
  506. p += 5;
  507. *p = 0x90;
  508. *(p+1) = 0x90;
  509. int X = (int)manabar - (int)p;
  510. p -= 5;
  511. *reinterpret_cast<DWORD*>(p+1) = X;
  512. }
  513.  
  514. }
  515.  
  516. BOOL WINAPI InjectManabar(char version[], DWORD gameBase)
  517. {
  518. (int)&a3000AC = 1;
  519. HMODULE hMod = LoadLibraryA("storm.dll");
  520. a16F088 = (ADDRESS)GetProcAddress(hMod, (LPCSTR)0x191);
  521. a1698A0 = (void*)gameBase;
  522.  
  523.  
  524. if (strcmp(version, "1.24c") == 0) //falta
  525. {
  526. (int)&g16FF24 = (int)a1698A0 + 0x27B950; // 6f27B950
  527. (int)&g16FF68 = (int)a1698A0 + 0x334C00; // 6f334C00
  528. (int)&a16FF64 = (int)a1698A0 + 0x606860; // 6f606860
  529. (int)&a16FF5C = (int)a1698A0 + 0x606370; // 6f606370
  530. (int)&a16FF58 = (int)a1698A0 + 0x35A740; // 6f35A740
  531. (int)&a16FF20 = (int)a1698A0 + 0x32D300; // 6f32D300
  532. (int)&a2C7F10 = (int)a1698A0 + 0x2C7F10;
  533.  
  534. (int)&a6F37A563 = (int)a1698A0 + 0x37A563;
  535. temp4 = gameBase + 0xACD44C;
  536.  
  537. calltemp1 = gameBase + 0x41BEA0;
  538. calltemp2 = gameBase + 0x473BC0;
  539. pushMana1 = gameBase + 0x833DC0;
  540. pushMana2 = gameBase + 0x37C537;
  541.  
  542. (int)&a6F37A968 = pushMana2-7
  543. }
  544. else if (strcmp(version, "1.24b") == 0)
  545. {
  546. (int)&g16FF24 = (int)a1698A0 + 0x27B950 ;
  547. (int)&g16FF68 = (int)a1698A0 + 0x334C00 ;
  548. (int)&a16FF64 = (int)a1698A0 + 0x6068A0 ;
  549. (int)&a16FF5C = (int)a1698A0 + 0x6063B0 ;
  550. (int)&a16FF58 = (int)a1698A0 + 0x35A740 ;
  551. (int)&a16FF20 = (int)a1698A0 + 0x32D300;
  552. (int)&a2C7F10 = (int)a1698A0 + 0x2C7F10;
  553.  
  554. (int)&a6F37A563 = (int)a1698A0 + 0x37A563;
  555.  
  556. temp4 = gameBase + 0xACD44C;
  557.  
  558. calltemp1 = gameBase + 0x41BF90;
  559. calltemp2 = gameBase + 0x473C00;
  560. pushMana1 = gameBase + 0x833E00;
  561. pushMana2 = gameBase + 0x37C537;
  562.  
  563. (int)&a6F37A968 = pushMana2-7 ;
  564. }
  565. else if (strcmp(version, "1.24d") == 0)
  566. {
  567. (int)&g16FF24 = (int)a1698A0 + 0x27B950 ;
  568. (int)&g16FF68 = (int)a1698A0 + 0x334C60 ;
  569. (int)&a16FF64 = (int)a1698A0 + 0x6068C0 ;
  570. (int)&a16FF5C = (int)a1698A0 + 0x6063D0 ;
  571. (int)&a16FF58 = (int)a1698A0 + 0x35A7A0 ;
  572. (int)&a16FF20 = (int)a1698A0 + 0x32D360 ;
  573. (int)&a2C7F10 = (int)a1698A0 + 0x2C7F70 ;
  574.  
  575. (int)&a6F37A563 = (int)a1698A0 + 0x37A5C3 ;
  576.  
  577. temp4 = gameBase + 0xACD44C;
  578.  
  579. calltemp1 = gameBase + 0x41BF00;
  580. calltemp2 = gameBase + 0x473C20;
  581. pushMana1 = gameBase + 0x833E20;
  582. pushMana2 = gameBase + 0x37C597;
  583.  
  584. (int)&a6F37A968 = pushMana2-7 ;
  585. }
  586. else if (strcmp(version, "1.24e") == 0)
  587. {
  588. (int)&g16FF24 = (int)a1698A0 + 0x27B9B0 ;
  589. (int)&g16FF68 = (int)a1698A0 + 0x334CC0 ;
  590. (int)&a16FF64 = (int)a1698A0 + 0x606950 ;
  591. (int)&a16FF5C = (int)a1698A0 + 0x606460 ;
  592. (int)&a16FF58 = (int)a1698A0 + 0x35A800 ;
  593. (int)&a16FF20 = (int)a1698A0 + 0x32D3C0 ;
  594. (int)&a2C7F10 = (int)a1698A0 + 0x2C7FD0 ;
  595.  
  596. (int)&a6F37A563 = (int)a1698A0 + 0x37A623 ;
  597.  
  598. temp4 = gameBase + 0xACD44C;
  599.  
  600. calltemp1 = gameBase + 0x41BF60;
  601. calltemp2 = gameBase + 0x473C80;
  602. pushMana1 = gameBase + 0x833EC0;
  603. pushMana2 = gameBase + 0x37C5F7;
  604.  
  605. (int)&a6F37A968 = pushMana2-7 ;
  606. }
  607. else if (strcmp(version, "1.25b") == 0)
  608. {
  609. (int)&g16FF24 = (int)a1698A0 + 0x27AC60 ;
  610. (int)&g16FF68 = (int)a1698A0 + 0x333F50 ;
  611. (int)&a16FF64 = (int)a1698A0 + 0x605F80 ;
  612. (int)&a16FF5C = (int)a1698A0 + 0x605A90 ;
  613. (int)&a16FF58 = (int)a1698A0 + 0x359A90 ;
  614. (int)&a16FF20 = (int)a1698A0 + 0x32C650 ;
  615. (int)&a2C7F10 = (int)a1698A0 + 0x2C7280 ;
  616.  
  617. (int)&a6F37A563 = (int)a1698A0 + 0x3798B3 ;
  618.  
  619. temp4 = gameBase + 0xAB65F4;
  620.  
  621. calltemp1 = gameBase + 0x41B1F0;
  622. calltemp2 = gameBase + 0x472F40;
  623. pushMana1 = gameBase + 0x8213F0;
  624. pushMana2 = gameBase + 0x37B887;
  625.  
  626. (int)&a6F37A968 = pushMana2-7 ;
  627. }
  628. else if (strcmp(version, "1.26a") == 0)
  629. {
  630. (int)&g16FF24 = (int)a1698A0 + 0x27AE90 ;
  631. (int)&g16FF68 = (int)a1698A0 + 0x334180 ;
  632. (int)&a16FF64 = (int)a1698A0 + 0x6061B0 ;
  633. (int)&a16FF5C = (int)a1698A0 + 0x605CC0 ;
  634. (int)&a16FF58 = (int)a1698A0 + 0x359CC0 ;
  635. (int)&a16FF20 = (int)a1698A0 + 0x32C880 ;
  636. (int)&a2C7F10 = (int)a1698A0 + 0x2C74B0 ;
  637.  
  638. (int)&a6F37A563 = (int)a1698A0 + 0x379AE3 ;
  639.  
  640.  
  641. temp4 = gameBase + 0xAB65F4;
  642.  
  643. calltemp1 = gameBase + 0x41B420;
  644. calltemp2 = gameBase + 0x473170;
  645. pushMana1 = gameBase + 0x821620;
  646. pushMana2 = gameBase + 0x37BAB7;
  647.  
  648. (int)&a6F37A968 = pushMana2-7 ;
  649. }
  650. else
  651. {
  652. char text[100];
  653. sprintf(text, "Mana bars don't support this version of warcraft [%s] YET, we are working on it.", version);
  654. MessageBoxA(NULL, text, "error", MB_OK);
  655. return FALSE;
  656. }
  657. Hook(a1698A0);
  658. return TRUE;
  659.  
  660. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!