- 19, Jan 2014
- #1
Тестировалось на Windows 7
XOR.h
main.h
main.cpp
XOR.h
#ifndef _XOR_H
#define _XOR_H
template <int XORSTART, int BUFLEN, int XREFKILLER>
class XorStr
{
private:
XorStr();
public:
char s[BUFLEN];
XorStr(const char * xs);
~XorStr()
{
for (int i = 0; i<BUFLEN; i++) s[i] = 0;
}
};
template <int XORSTART, int BUFLEN, int XREFKILLER>
XorStr<XORSTART,BUFLEN,XREFKILLER>::XorStr (const char * xs)
{
int xvalue = XORSTART;
int i = 0;
for (; i < (BUFLEN - 1); i++)
{
s[i] = xs[i - XREFKILLER] ^ xvalue;
xvalue += 1;
xvalue %= 256;
}
s[BUFLEN - 1] = 0;
}
#define eCShell XorStr<0xBB,11,0xEC676C84>("\xF8\xEF\xD5\xDB\xD3\xAC\xEF\xA6\xAF\xA8"+0xEC676C84).s
#define eClient XorStr<0x19,13,0x4464E51F>("\x5A\x76\x72\x79\x73\x6A\x59\x78\x0F\x44\x5B\x40"+0x4464E51F).s
#define ed3d9 /*d3d9.dll*/XorStr<0xB9,9,0x64C42EE0>("\xDD\x89\xDF\x85\x93\xDA\xD3\xAC"+0x64C42EE0).s
#define eCF /*crossfire.exe*/XorStr<0x52,14,0x2F5C6EF5>("\x31\x21\x3B\x26\x25\x31\x31\x2B\x3F\x75\x39\x25\x3B"+0x2F5C6EF5).s
#endifmain.h
bool Match(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i<dwLen; i++)
if(Match((BYTE*)(dwAddress + i), bMask, szMask))
return (DWORD)(dwAddress+i);
return 0;
}
void MakeJMP(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen)
{
DWORD dwOldProtect, dwBkup, dwRelAddr;
VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;
*pAddress = 0xE9;
*((DWORD *)(pAddress + 0x1)) = dwRelAddr;
for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;
VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);
return;
}main.cpp
#include <Windows.h>
#include <d3d9.h>
#include "XOR.h"
#include "main.h"
DWORD retMyDIP;
#define sWeapon 36
#define sMap 24
#define sSkyWalls 28
#define sBody 44
#define sHead 40
void D3Dfunktionen (LPDIRECT3DDEVICE9 pDevice)
{
IDirect3DVertexBuffer9* pStreamData = NULL;
UINT iOffsetInBytes,iStride;
pDevice->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride);
if(iStride == sBody || iStride == sHead || iStride == sWeapon)
{
pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);//WallHack
}
}
__declspec(naked) HRESULT WINAPI MyDIP()
{
static LPDIRECT3DDEVICE9 pDevice;
__asm
{
MOV EDI,EDI
PUSH EBP
MOV EBP,ESP
MOV EAX,DWORD PTR SS:[EBP + 0x8]
MOV pDevice,EAX
}
D3Dfunktionen(pDevice);
__asm
{
JMP retMyDIP
}
}
void Hook ()
{
DWORD hD3D = (DWORD)LoadLibrary(ed3d9);
DWORD *vtbl;
DWORD adr = FindPattern(hD3D, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
if(adr)
{
memcpy(&vtbl,(void*)(adr + 2),4);
retMyDIP = vtbl[147] + 0x5;
MakeJMP((PBYTE)vtbl[147],(DWORD)MyDIP,0x5);
}
}
extern "C"
{
BOOL WINAPI DllMain (HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
{
switch (fdwReason)
{
case DLL_PROCESS_ATTACH:
CreateThread(0,0,(LPTHREAD_START_ROUTINE)Hook,0,0,0);
break;
}
return true;
}
}
![[Александр Ткаченко] Владимир Даль](/assets/images/icons/forum2.png){kind=icon}
![[Блокнот Желаний] 5 ключей ресурсного состояния женщины (2020)](/assets/images/icons/forum0.png){kind=icon}
![[яновский Алекс] Секреты Эффективного Управления [2014]](/assets/images/icons/forum4.png){kind=icon}
![[конспект Алгоритмы] Валерий Малышев - Групповой Коучинг По Теннису (2014)](/assets/images/icons/forum1.png){kind=icon}
