Hi everyone,
i've been trying to add this function on my Neuz.exe
successfully compiled it without any error but when i launch it on windows 8 or windows 10 OS the neuz.exe pop out and then when the hour glass icon shows up the indication that the loading time is finished the Neuz.exe will automatically close without generating errors. So i assumed that the problem is on the DirectX version.
But on windows 7 below it runs well.
thanks in advance
i've been trying to add this function on my Neuz.exe
Code:
void CD3DApplication::CheckCheatTools()
{
static DWORD dwCurrentPID = GetCurrentProcessId();
// Check transmission gear, etc.
//////////////////////////////////////////////////////////////////////////
BYTE* byte_pos = (BYTE*)::timeGetTime;
BYTE* byte_pos2 = (BYTE*)::GetTickCount;
// EndScene method offset A8
int* ppp = (int*)(*(int*)m_pd3dDevice + 0xA8);// EndScene method offset A8)
BYTE* byte_pos3 = (BYTE*)(*ppp);
if (*byte_pos == 0xE9 || *byte_pos2 == 0xE9 || *byte_pos3 == 0xE9 || *byte_pos == 0xFF || *byte_pos2 == 0xFF ) // E9 / FF52 jmp instruction
{
//结束进程
ExitProcess(-1);
return;
}
if(m_timerCheckCheatTools.IsTimeOut()) //10s检查一次
{
/*
Detection process
******** Now we will use the function CreateToolhelp32Snapshot () to get a snapshot of the current running process
*********This function returns a handle to the snapshot of running processes.
******** His prototype is:
****** HANDLE WINAPI CreateToolhelp32Snapshot (DWORD dwFlags, DWORD th32ProcessID);
We will dwFlags set TH32CS_SNAPPROCESS, th32ProcessID set to zero.
*/
HANDLE hSnapShot = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hSnapShot == INVALID_HANDLE_VALUE)
{
m_timerCheckCheatTools.Reset(); //重置定时器
return;
}
/*
// Now we get information of all processes.
* // Extract the data from the hSnapShot to a PROCESSENTRY32 structure
* // This structure represents a process that is part of ToolHelp32 API.
// Extract data by Process32First () and Process32Next () these two functions.
*/
PROCESSENTRY32* processInfo = new PROCESSENTRY32;
// The value must be set PROCESSENTRY32 dwSize members
processInfo->dwSize=sizeof(PROCESSENTRY32);
//Start traversing
BOOL bNext = Process32First(hSnapShot,processInfo);
BOOL bFound = FALSE;
HANDLE hProcess = NULL;
BYTE byCheck1,byCheck2,byCheck3,byCheck4;
/*
00402f20 0x79
00402f3c 0x6b
00402f53 0x19
00402f5c 0x61
*/
SIZE_T sizeRet = 0;
while(bNext)
{
if(processInfo->th32ProcessID != dwCurrentPID)
{
hProcess = OpenProcess(PROCESS_VM_READ, FALSE, processInfo->th32ProcessID);
if (hProcess)
{
ReadProcessMemory(hProcess,(LPCVOID)0x00402f20,&byCheck1,1,&sizeRet);
ReadProcessMemory(hProcess,(LPCVOID)0x00402f3c,&byCheck2,1,&sizeRet);
ReadProcessMemory(hProcess,(LPCVOID)0x00402f53,&byCheck3,1,&sizeRet);
ReadProcessMemory(hProcess,(LPCVOID)0x00402f5c,&byCheck4,1,&sizeRet);
/*
Extracted from ASpeeder function in part of the code to generate a random dll name.
The reason why these four extraction constant, because the code should be updated infrequently,
so the address should not be changed. This can increase the success rate of judge
********************And these four values is cured specific values, such as the first 0x79
is set to generate a random dll name the first character is "y". So you can maximize avoid misjudgment!
*/
if(byCheck1 == 0x79 && byCheck2 == 0x6b && byCheck3 == 0x19 && byCheck4 == 0x61)
{
bFound = TRUE;
break;
}
CloseHandle(hProcess);
}
}
bNext = Process32Next(hSnapShot,processInfo);
}
CloseHandle(hSnapShot);
delete processInfo;
if(bFound)
{
ExitProcess(-1);
return;
}
m_timerCheckCheatTools.Reset();
}
}
But on windows 7 below it runs well.
thanks in advance