[RELEASE] CP hack source code

神-SouL · 09/17/2015, 00:01

Here are the source code of the old CP hack (from 3 years ago i think?) , I don't think it will work anymore. Since you'll get Auto-Banned if you try to call the function now, maybe there's some other way to bypass or reroute the call , who know? if you got it to working again, good for you.

Just wanna share it with you guys for learning purpose.

Spoiler

SeiD001996 · 09/17/2015, 19:03

Big THANKS !

i give build errors in c++ , code is wrong bro give 3 error in building the .dll

SeiD001996 · 09/18/2015, 06:09

where is soulCore.h ? its giving tons of error in building the .dll i give this error in building LNK1561

shogunlee3214 · 09/18/2015, 09:08

Please update this bro..

Mega Byte · 09/18/2015, 12:24

lol people don't read, He said it probably wont work anymore because they check and ban for calling the function with invalid inputs now?

alx · 09/18/2015, 12:26

noice works perfect

SeiD001996 · 09/18/2015, 15:00

bro what is this this adress 0x01A2B1A , and how to find and second adress help to peoples

神-SouL · 09/19/2015, 05:15

bp send on merits call.

cp bypass sigs from long time ago.

Code:

//bypass server check
55 8B EC 83 EC 78 A1 ?? ?? ?? ?? 33 C5 89 45 FC 89 4D 88 C7 45 8C ?? ?? ?? ?? 6A 04 8D 45 08 50 8D 4D 90 51 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 55 0C 52 8D 45 94 50 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 4D 10 51 8D 55 98 52 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 45 14 50 8D 4D 9C 51 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 55 18 52 8D 45 A0 50 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 4D 1C 51 8D 55 A4 52 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 45 20 50 8D 4D A8 51 E8 ?? ?? ?? ??   8D 55 90 52 8B 45 8C 50 B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? 8B 4D FC 33 CD E8 ?? ?? ?? ?? 8B E5 5D C2 1C00



TO


55 8B EC 83 EC 78 A1 ?? ?? ?? ?? 33 C5 89 45 FC 89 4D 88 C7 45 8C EB 00 00 00 6A 04 8D 45 08 50 8D 4D 90 51 E8 ?? ?? ?? ?? EB 6A 90 6A 04 8D 55 0C 52 8D 45 94 50 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 4D 10 51 8D 55 98 52 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 45 14 50 8D 4D 9C 51 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 55 18 52 8D 45 A0 50 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 4D 1C 51 8D 55 A4 52 E8 ?? ?? ?? ?? 83 C4 0C 6A 04 8D 45 20 50 8D 4D A8 51 E8 ?? ?? ?? ?? 8D 55 90 52 8B 45 8C 50 B9 ?? ?? ?? ?? E8 ?? ?? ?? ?? 8B 4D FC 33 CD E8 ?? ?? ?? ?? 8B E5 5D C2 04 00

004B05D0 - 55                         - push ebp
004B05D1 - 8B EC                      - mov ebp,esp
004B05D3 - 83 EC 78                   - sub esp,78
004B05D6 - A1 3C945900                - mov eax,[0059943C] : [894F52B5]
004B05DB - 33 C5                      - xor eax,ebp
004B05DD - 89 45 FC                   - mov [ebp-04],eax
004B05E0 - 89 4D 88                   - mov [ebp-78],ecx
004B05E3 - C7 45 8C E7000000          - mov [ebp-74],000000E7
004B05EA - 6A 04                      - push 04
004B05EC - 8D 45 08                   - lea eax,[ebp+08]
004B05EF - 50                         - push eax
004B05F0 - 8D 4D 90                   - lea ecx,[ebp-70]
004B05F3 - 51                         - push ecx
004B05F4 - E8 E7080B00                - call 00560EE0
004B05F9 - 83 C4 0C                   - add esp,0C
004B05FC - 6A 04                      - push 04
004B05FE - 8D 55 0C                   - lea edx,[ebp+0C]
004B0601 - 52                         - push edx
004B0602 - 8D 45 94                   - lea eax,[ebp-6C]
004B0605 - 50                         - push eax
004B0606 - E8 D5080B00                - call 00560EE0
004B060B - 83 C4 0C                   - add esp,0C
004B060E - 6A 04                      - push 04
004B0610 - 8D 4D 10                   - lea ecx,[ebp+10]
004B0613 - 51                         - push ecx
004B0614 - 8D 55 98                   - lea edx,[ebp-68]
004B0617 - 52                         - push edx
004B0618 - E8 C3080B00                - call 00560EE0
004B061D - 83 C4 0C                   - add esp,0C
004B0620 - 6A 04                      - push 04
004B0622 - 8D 45 14                   - lea eax,[ebp+14]
004B0625 - 50                         - push eax
004B0626 - 8D 4D 9C                   - lea ecx,[ebp-64]
004B0629 - 51                         - push ecx
004B062A - E8 B1080B00                - call 00560EE0
004B062F - 83 C4 0C                   - add esp,0C
004B0632 - 6A 04                      - push 04
004B0634 - 8D 55 18                   - lea edx,[ebp+18]
004B0637 - 52                         - push edx
004B0638 - 8D 45 A0                   - lea eax,[ebp-60]
004B063B - 50                         - push eax
004B063C - E8 9F080B00                - call 00560EE0
004B0641 - 83 C4 0C                   - add esp,0C
004B0644 - 6A 04                      - push 04
004B0646 - 8D 4D 1C                   - lea ecx,[ebp+1C]
004B0649 - 51                         - push ecx
004B064A - 8D 55 A4                   - lea edx,[ebp-5C]
004B064D - 52                         - push edx
004B064E - E8 8D080B00                - call 00560EE0
004B0653 - 83 C4 0C                   - add esp,0C
004B0656 - 6A 04                      - push 04
004B0658 - 8D 45 20                   - lea eax,[ebp+20]
004B065B - 50                         - push eax
004B065C - 8D 4D A8                   - lea ecx,[ebp-58]
004B065F - 51                         - push ecx
004B0660 - E8 7B080B00                - call 00560EE0
004B0665 - 83 C4 0C                   - add esp,0C
004B0668 - 8D 55 90                   - lea edx,[ebp-70]
004B066B - 52                         - push edx
004B066C - 8B 45 8C                   - mov eax,[ebp-74]
004B066F - 50                         - push eax
004B0670 - B9 A03A5B00                - mov ecx,005B3AA0 : [00000000]
004B0675 - E8 C664F7FF                - call 00426B40
004B067A - 8B 4D FC                   - mov ecx,[ebp-04]
004B067D - 33 CD                      - xor ecx,ebp
004B067F - E8 4C080B00                - call 00560ED0
004B0684 - 8B E5                      - mov esp,ebp
004B0686 - 5D                         - pop ebp
004B0687 - C2 1C00                    - ret 001C

HairyWizard · 09/19/2015, 12:15

Code:

for(;;)
	{
		if(KEY_DOWN(VK_END)) //hotkey end
		{
			giveMeThatCP(5000); // What I want
			while(KEY_DOWN(VK_END))
				Sleep(50);
		}
		Sleep(100);
	}

You can integrate the Sleep call into the for-loop as follows:
for(;;Sleep(100)). Makes it a little cleaner, imo.

Also this macro:

Code:

#define KEY_DOWN(vk) ((GetAsyncKeyState(vk) & 0x8000) ? true : false)

can be reduced to: (&0x8000 is superfluous)

Code:

#define KEY_DOWN(vk) (GetAsyncKeyState(vk))

This is not necessary:

Code:

while(KEY_DOWN(VK_END))
				Sleep(50);

Use:

Code:

#define KEY_DOWN(vk) (GetAsyncKeyState(vk)&1)

. . . . . .
. . . . . .

if(KEY_DOWN(VK_END)) //hotkey end
	giveMeThatCP(5000); // What I want

You won't need a delay here with: (result & 1).
See

for reference about the GetAsyncKeyState result.

Extra notes:
- Your thread does not return a value. MSDN recommends to return 0.
- You do not need to type-cast the thread procedure in the call to CreateThread.
- Inline assembler is not required to call function pointers directly.

Example cleaned up source code:

Spoiler

krazyberat · 09/19/2015, 15:21

hack wait

SeiD001996 · 09/19/2015, 23:43

Quote:
Originally Posted by HairyWizard
Code:
for(;;)
	{
		if(KEY_DOWN(VK_END)) //hotkey end
		{
			giveMeThatCP(5000); // What I want
			while(KEY_DOWN(VK_END))
				Sleep(50);
		}
		Sleep(100);
	}
You can integrate the Sleep call into the for-loop as follows:
for(;;Sleep(100)). Makes it a little cleaner, imo.

Also this macro:
Code:
#define KEY_DOWN(vk) ((GetAsyncKeyState(vk) & 0x8000) ? true : false)
can be reduced to: (&0x8000 is superfluous)
Code:
#define KEY_DOWN(vk) (GetAsyncKeyState(vk))
This is not necessary:
Code:
while(KEY_DOWN(VK_END))
				Sleep(50);
Use:
Code:
#define KEY_DOWN(vk) (GetAsyncKeyState(vk)&1)

. . . . . .
. . . . . .

if(KEY_DOWN(VK_END)) //hotkey end
	giveMeThatCP(5000); // What I want
You won't need a delay here with: (result & 1).
See for reference about the GetAsyncKeyState result.

Extra notes:
- Your thread does not return a value. MSDN recommends to return 0.
- You do not need to type-cast the thread procedure in the call to CreateThread.
- Inline assembler is not required to call function pointers directly.

Example cleaned up source code:
Spoiler
Code:
#include <Windows.h>

void GiveContributionPoint(int CP)
{ 
	((void (__thiscall*)(void*,int))0x1A2B1A)((void*)0x01A2B8C,CP);
}

DWORD WINAPI MainThread(LPVOID lpParameter)
{
	for(;;Sleep(20)) // for-body: for(exp,boolean,exp)
		if(GetAsyncKeyState(VK_END)&1)
			GiveContributionPoint(5000);
	
	return 0;
}

BOOL APIENTRY DllMain(HINSTANCE hModule, DWORD ReasonForCall, LPVOID Reserved)
{
	switch(ReasonForCall)
	{
		case DLL_PROCESS_ATTACH:
			{
				DWORD ThreadID;
				HANDLE hThread = CreateThread(NULL, 0, MainThread, NULL, 0, &ThreadID);
			}
		case DLL_THREAD_ATTACH:
		case DLL_THREAD_DETACH:
		case DLL_PROCESS_DETACH:
			break;
	}

	return TRUE;
}

Code is wrong,i give errors in c++ in try do make .dll

HairyWizard · 09/20/2015, 02:11

That might be a compiler issue. It compiles fine with Visual Studio 2012 (Ultimate, update 4). The __thiscall calling convention may not work with all compilers..

Code:

1>------ Rebuild All started: Project: Win32Project1, Configuration: Debug Win32 ------
1>  Source.cpp
1>  Win32Project1.vcxproj -> C:\Users\QRU12034\Documents\Visual Studio 2012\Projects\Win32Project1\Debug\Win32Project1.dll
========== Rebuild All: 1 succeeded, 0 failed, 0 skipped ==========

SeiD001996 · 09/20/2015, 10:54

i solved bro

Ty , i trying to make hack , ty

i try to debug to find adress,but game is crashing

~~danielmemen14~~ · 10/01/2015, 16:42

can i use this for 12sky2 wsp ph?