Warrock - Code Snippets

Page 66 of 73 « First 16566465 66 6768 Last »
05/18/2013 12:38 Kazbah__#976
Quote:
Liegt es daran das ich einen Hackshield Bypass brauche.
Und wenn ja woher bekomme ich einen ?
such einfach die detection
05/18/2013 12:44 MineCore#977
Quote:
Originally Posted by Zyzz__ View Post
such einfach die detection
Ok moment!
Ich glaube es liegt am autoStart !
Edit:Fuck ich finde die nicht!
05/18/2013 13:19 Kazbah__#978
wär auch ein wunder wenn du die in 6 min findest
05/18/2013 13:30 MineCore#979
Quote:
Originally Posted by Zyzz__ View Post
wär auch ein wunder wenn du die in 6 min findest
Hab nur 5 Funktionen :D
Und hab dir eine Pn geschickt !
05/19/2013 14:18 GigaByte™#980
#Request: Latest Ehsvc dump

Nevermind I have it now. But if anyone wants to upload it for someone else go ahead :D
05/19/2013 19:25 Raz9r#981
Hey guys,

here is an example for virtual table hooking made easy and typesafe by templates. This requires your compiler to support variadic templates (for VS2012 install the November 2012 CTP).

vtable_hook, vtable_hook_cdecl, vtable_hook_stdcall only differ in their calling conventions used.
Each of them takes the following arguments: The class object pointer, the vtable index for the method, and the hook itself; they return a function pointer to the original function.

So what's the advantage of this method you might ask? It is totally typesafe, no casting at all is needed. That means the compiler is going to tell you if the functions signatures don't match.

Here you go, with a fully functioning example:
Code:
#include <iostream>
#include <utility>
#include <Windows.h>
#include <system_error>

class Class
{
public:
	virtual void		   method0(int arg) { std::cout << arg << std::endl; }
	virtual void __cdecl   method1()		{ std::cout << "in Class::method1" << std::endl; }
	virtual void __stdcall method2()		{ std::cout << "in Class::method2" << std::endl; }
};

void (*original0)(Class *, int)      = nullptr;
void hook0(Class *obj, int arg)    { original0(obj, arg * 2); }

void (__cdecl *original1)(Class *)   = nullptr;
void __cdecl   hook1(Class *obj)   { std::cout << "in hook1" << std::endl; original1(obj); }

void (__stdcall *original2)(Class *) = nullptr;
void __stdcall	 hook2(Class *obj) { std::cout << "in hook2" << std::endl; original2(obj); }

class virtualprotect_guard
{
private:
	DWORD protection_;
	
public:
	virtualprotect_guard(void *ptr, size_t len, DWORD prot)	: protection_(0)
	{
		if (!::VirtualProtect(ptr, len, prot, &protection_))
			throw std::system_error(::GetLastError(), std::system_category());
	}
	
	// might throw, add noexcept(false) if supported
	~virtualprotect_guard()
	{
		if (!::VirtualProtect(ptr, len, protection_, &protection_))
			throw std::system_error(::GetLastError(), std::system_category());
	}
};

template <typename R, class C, typename... T>
R (*vtable_hook(C *object, size_t index, R (*hook)(C *, T...)))(C *, T...)
{
	virtualprotect_guard guard(*reinterpret_cast<void ***>(object))[index], sizeof(void *), PAGE_EXECUTE_READWRITE);
	std::swap(reinterpret_cast<void *&>(hook), (*reinterpret_cast<void ***>(object))[index]);
	return hook;
}

template <typename R, class C, typename... T>
R (__cdecl *vtable_hook_cdecl(C *object, size_t index, R (__cdecl *hook)(C *, T...)))(C *, T...)
{
	virtualprotect_guard guard(*reinterpret_cast<void ***>(object))[index], sizeof(void *), PAGE_EXECUTE_READWRITE);
	std::swap(reinterpret_cast<void *&>(hook), (*reinterpret_cast<void ***>(object))[index]);
	return hook;
}

template <typename R, class C, typename... T>
R (__stdcall *vtable_hook_stdcall(C *object, size_t index, R (__stdcall *hook)(C *, T...)))(C *, T...)
{
	virtualprotect_guard guard(*reinterpret_cast<void ***>(object))[index], sizeof(void *), PAGE_EXECUTE_READWRITE);
	std::swap(reinterpret_cast<void *&>(hook), (*reinterpret_cast<void ***>(object))[index]);
	return hook;
}

int main(int argc, char *argv[])
{
	auto obj = new Class;
	
	original0 = vtable_hook		   (obj, 0, hook0);
	original1 = vtable_hook_cdecl  (obj, 1, hook1);
	original2 = vtable_hook_stdcall(obj, 2, hook2);
	
	obj->method0(5); // prints 5*2
	obj->method1();
	obj->method2();
	
	return 0;
}
05/20/2013 15:51 SilverRazzer <3#982
Code:
HRESULT GenerateShader(LPDIRECT3DDEVICE9 pD3Ddev, IDirect3DPixelShader9 **pShader, float r, float g, float b )
{
    char szShader[ 256 ];
    ID3DXBuffer *pShaderBuf = NULL;
    sprintf( szShader, "ps.1.1\ndef c0, %f, %f, %f, %f\nmov r0,c0", r, g, b, 1.0f );
    D3DXAssembleShader( szShader, sizeof( szShader ), NULL, NULL, 0, &pShaderBuf, NULL );
    if( FAILED( pD3Ddev->CreatePixelShader((const DWORD*)pShaderBuf->GetBufferPointer(), pShader)) )return E_FAIL;
    return S_OK;
}

Credits: Unknown

if(GetAsyncKeyState(VK_DELETE)) MoveMenu = (!MoveMenu);

if( MoveMenu ) {
   POINT myCursor; 
   GetCursorPos(&myCursor); // get the cursor position.
   if(GetAsyncKeyState(VK_LBUTTON)) {
      menu.x = myCursor.x; // set the x of your menu to the cursor x position.
      menu.y = myCursor.y; // set the y of your menu to the cursor y position.
   }
}

Credits: Crash


[ 21.Mai.2013 - HackShield Bypass ]
[ Credits: Xave & SilverRazzer ]

Code:
DWORD HSDevicePointer;
void VMTHSBYPASS (void)
{   
	   DWORD hEhSvc = (int)GetModuleHandle("EhSvc.dll");
	   if( hEhSvc !=0 )
	   {
		   HSDevicePointer = (hEhSvc+0xA70954);
		   while(1)
		   {
				cTools->WriteMemory((void*)(hEhSvc+0x008518E),(void*)"\xC2\x04\x00",3);
				cTools->WriteMemory((void*)(hEhSvc+0x00A1A0),(void*)"\xC2\x04\x00",3);
				cTools->WriteMemory((void*)(hEhSvc+0x00A713A),(void*)"\x31",1);
				cTools->WriteMemory((void*)(hEhSvc+0x00A481E),(void*)"\x31",1);
				cTools->WriteMemory((void*)(0x0051B92D),(void*)"\xEB",1);

		   Sleep(20);
	       }
	   }
}
I dont know if its work, test it!

05/22/2013 10:19 Cyno™#983
Quote:
Originally Posted by SilverRazzer <3 View Post
Code:
HRESULT GenerateShader(LPDIRECT3DDEVICE9 pD3Ddev, IDirect3DPixelShader9 **pShader, float r, float g, float b )
{
    char szShader[ 256 ];
    ID3DXBuffer *pShaderBuf = NULL;
    sprintf( szShader, "ps.1.1\ndef c0, %f, %f, %f, %f\nmov r0,c0", r, g, b, 1.0f );
    D3DXAssembleShader( szShader, sizeof( szShader ), NULL, NULL, 0, &pShaderBuf, NULL );
    if( FAILED( pD3Ddev->CreatePixelShader((const DWORD*)pShaderBuf->GetBufferPointer(), pShader)) )return E_FAIL;
    return S_OK;
}

Credits: Unknown

if(GetAsyncKeyState(VK_DELETE)) MoveMenu = (!MoveMenu);

if( MoveMenu ) {
   POINT myCursor; 
   GetCursorPos(&myCursor); // get the cursor position.
   if(GetAsyncKeyState(VK_LBUTTON)) {
      menu.x = myCursor.x; // set the x of your menu to the cursor x position.
      menu.y = myCursor.y; // set the y of your menu to the cursor y position.
   }
}

Credits: Crash


[ 21.Mai.2013 - HackShield Bypass ]
[ Credits: Xave & SilverRazzer ]

Code:
DWORD HSDevicePointer;
void VMTHSBYPASS (void)
{   
	   DWORD hEhSvc = (int)GetModuleHandle("EhSvc.dll");
	   if( hEhSvc !=0 )
	   {
		   HSDevicePointer = (hEhSvc+0xA70954);
		   while(1)
		   {
				cTools->WriteMemory((void*)(hEhSvc+0x008518E),(void*)"\xC2\x04\x00",3);
				cTools->WriteMemory((void*)(hEhSvc+0x00A1A0),(void*)"\xC2\x04\x00",3);
				cTools->WriteMemory((void*)(hEhSvc+0x00A713A),(void*)"\x31",1);
				cTools->WriteMemory((void*)(hEhSvc+0x00A481E),(void*)"\x31",1);
				cTools->WriteMemory((void*)(0x0051B92D),(void*)"\xEB",1);

		   Sleep(20);
	       }
	   }
}
I dont know if its work, test it!
Why do you define HSDevice Pointer without even using it?

Why do you loop infinitely , even when the bytes never get restored ?

What if the first GetModuleHandle fails ( For example when HS isn't already loaded ) ?
It will cause that the Bypass doesn't get executed.

Why do you cast the Module Pointer to an "integer" , even if you put it into an long variable without a sign?

Why don't you initialize HSDevicePointer properply for example with 0 ?

As its an endless loop, it will run in a Thread created by CreateThread.
Why don't you declare your function header as DWORD stdcall , taking 1 void * argument ?
It will/can cause a stack corruption.

Why do you post things, that you don't even tested out?

All in all its a very shitty post
05/22/2013 13:26 Xave :)#984
HackShield Bypass:
Code:
void HackShieldBP (void)
{
    DWORD hEhSvc = 0;
    do{
    hEhSvc = (DWORD)GetModuleHandle("EhSvc.dll");
    Sleep(300); // Waiting EhSvc.dll Module
    }while(!hEhSvc);

	//==> EhSvc
	cTools->WriteMemory((LPVOID)(hEhSvc+0x008518E),(PBYTE)"\xC2\x04\x00",3);
	cTools->WriteMemory((LPVOID)(hEhSvc+0x00A1A0),(PBYTE)"\xC2\x04\x00",3);
	//==> WarRock
	cTools->WriteMemory((LPVOID)0x5DA8BE,(PBYTE)"\xC3",1);
}
Credits:
.Xave ( EhSvc Addys + Source )
RoBerTo ( WarRock Addy )
05/22/2013 14:53 Cyno™#985
Quote:
Originally Posted by .χανє View Post
HackShield Bypass:
Code:
void HackShieldBP (void)
{
    DWORD hEhSvc = 0;
    do{
    hEhSvc = (DWORD)GetModuleHandle("EhSvc.dll");
    Sleep(300); // Waiting EhSvc.dll Module
    }while(!hEhSvc);

	//==> EhSvc
	cTools->WriteMemory((LPVOID)(hEhSvc+0x008518E),(PBYTE)"\xC2\x04\x00",3);
	cTools->WriteMemory((LPVOID)(hEhSvc+0x00A1A0),(PBYTE)"\xC2\x04\x00",3);
	//==> WarRock
	cTools->WriteMemory((LPVOID)0x5DA8BE,(PBYTE)"\xC3",1);
}
Credits:
.Xave ( EhSvc Addys + Source )
RoBerTo ( WarRock Addy )
So if you found the EhSvc addys and did the bytes tell us what they normally do and what your patch of their bytes is causing ;)
05/22/2013 15:06 Xave :)#986
Quote:
Originally Posted by Cyno™ View Post
So if you found the EhSvc addys and did the bytes tell us what they normally do and what your patch of their bytes is causing ;)
0x008518E = MainCallback2 | RETN 4 Disables the void
0x00A1A0 = SelfCRC | RETN 4 Disables the void
0x5DA8BE = MainPacketHandler
Code:
005F1A31    68 BEA85D00     push    005DA8BE // Handler (Type: int Params: (DWORD packetBuffer))
005F1A36    BA 207A0000     mov     edx, 7A20 // OPC
005F1A3B    8BC6            mov     eax, esi
005F1A3D    E8 C3010000     call    005F1C05 // Add Packet Sub
Registers the handler for The EHSVC Packet(31264) -> C3 Returns the Packet and with that all checks inside WarRock.exe are disabled
05/23/2013 13:59 CyberMask#987
Hi guys, i want to share mine Draw Rounded Border code with you :)
I use normal DrawRectangle to make it.
Look .

Code:
VOID DrawField(INT iFromX,INT iFromY,INT iToX,INT iToY,DWORD dwColor,LPDIRECT3DDEVICE9 pDevice)
{
	D3DRECT Rect = {iFromX,iFromY,(iFromX+iToX),(iFromY+iToY)};
	pDevice->Clear(1,&Rect,(D3DCLEAR_TARGET),dwColor,1.0F,0);
}
VOID DrawBorder(INT iPosX,INT iPosY,INT iToX,INT iToY,INT iWidth,DWORD dwColor,LPDIRECT3DDEVICE9 pDevice)
{
	DrawField(iPosX,(iPosY+iToY-iWidth),iToX,iWidth,dwColor,pDevice);
	DrawField((iPosX+iToX-iWidth),iPosY,iWidth,iToY,dwColor,pDevice);
	DrawField(iPosX,iPosY,iWidth,iToY,dwColor,pDevice);
	DrawField(iPosX,iPosY,iToX,iWidth,dwColor,pDevice);
}
Code:
VOID DrawRoundedBorder ( INT PosX, INT PosY , INT ToX , INT ToY , INT Width , DWORD dwColor , LPDIRECT3DDEVICE9 pDevice )
{
	DrawBorder(PosX,PosY,ToX,1,Width,dwColor,pDevice);
	

	DrawBorder(PosX-1,PosY+1,1,1,Width,dwColor,pDevice);
	DrawBorder(PosX-2,PosY+2,1,1,Width,dwColor,pDevice);
	DrawBorder(PosX-3,PosY+3,1,1,Width,dwColor,pDevice);
	DrawBorder(PosX-4,PosY+4,1,1,Width,dwColor,pDevice);

	DrawBorder(PosX+(ToX),PosY+1,1,1,Width,dwColor,pDevice);
	DrawBorder(PosX+(ToX+1),PosY+2,1,1,Width,dwColor,pDevice);
	DrawBorder(PosX+(ToX+2),PosY+3,1,1,Width,dwColor,pDevice);
	DrawBorder(PosX+(ToX+3),PosY+4,1,1,Width,dwColor,pDevice);

	DrawBorder(PosX-4,PosY+4,1,ToY,Width,dwColor,pDevice);

	DrawBorder(PosX-4,PosY+(ToY+4),1,1,Width,dwColor,pDevice);
	DrawBorder(PosX-3,PosY+(ToY+5),1,1,Width,dwColor,pDevice);
	DrawBorder(PosX-2,PosY+(ToY+6),1,1,Width,dwColor,pDevice);
	DrawBorder(PosX-1,PosY+(ToY+7),1,1,Width,dwColor,pDevice);

	DrawBorder(PosX,PosY+(ToY+7),ToX,1,Width,dwColor,pDevice);

	DrawBorder(PosX+(ToX+3),PosY+(ToY+4),1,1,Width,dwColor,pDevice);
	DrawBorder(PosX+(ToX+2),PosY+(ToY+5),1,1,Width,dwColor,pDevice);
	DrawBorder(PosX+(ToX+1),PosY+(ToY+6),1,1,Width,dwColor,pDevice);
	DrawBorder(PosX+(ToX+0),PosY+(ToY+7),1,1,Width,dwColor,pDevice);

	DrawBorder(PosX+(ToX+3),PosY+4,1,ToY,Width,dwColor,pDevice);
	
	

}
An Example ?

Code:
DrawRoundedBorder(20,30,90,20,1,RED,pDevice);
=

[Only registered and activated users can see links. Click Here To Register...]

Credits : cybermask,eagl3,cyberrazzer
05/23/2013 16:53 Kazbah__#988
Quote:
Source DrawRoundedBorder

Hi guys, i want to share mine Draw Rounded Border code with you
I use normal DrawRectangle to make it.
Look .
sure urs ... credits to algorithmus or angel-piece
05/23/2013 20:12 Angel-Piece2#989
QuickPlant & Defuse By iKito
Code:
Addys:
#define ADR_QuickPlant 0x5118A8
#define ADR_QuickDefuse 0x50DA25

Code:

if(items->menu.player.QuickPlant==0){MemEditing((void *)(ADR_QuickPlant), (PBYTE)"\x0F\x8A\x29\xFE\xFF\FF",6);}
if(items->menu.player.QuickPlant==1){MemEditing((void *)(ADR_QuickPlant), (PBYTE)"\x90\x90\x90\x90\x90\x90",6);}

if(items->menu.player.QuickDefuse==0){MemEditing((void *)(ADR_QuickDefuse), (PBYTE)"\x0F\x8A\xE1\x02\x00\x00",6);}
if(items->menu.player.QuickDefuse==1){MemEditing((void *)(ADR_QuickDefuse), (PBYTE)"\x90\x90\x90\x90\x90\x90",6);}

Credits:
iKito
05/23/2013 21:43 playncheat99#990
#Request Speedhack and Unl. Stamina
cuz These codes dont work O.o

Dunno why
Quote:
//SPEED
*(double*)(ADR_Speed) = +200.0f;
//STAMINA
*(float*)(ADR_Stamina1) = 1000;
*(float*)(ADR_Stamina2) = 1000;
*(float*)(ADR_Stamina3) = 0;
*(float*)(ADR_Stamina4) = 0;
*(float*)(ADR_Stamina5) = 0;
Page 66 of 73 « First 16566465 66 6768 Last »