Soldier Front Hack Tutorial

Well this sections been looking a bit dull lately.

So i have decided to write you guys a tutorial on how to code a simple * yes * simple hack!

You will need Microsoft Visual C++ 2008 or 2010 too compile this!! Add this code into this already hooked D3D8 Enviroment.

Code:

//=====================================================================================

// Roverturbo | www.uc-forum.com

#include <windows.h>

#include <d3d8.h>
#pragma comment(lib, "d3d8.lib")

//=====================================================================================

typedef HRESULT (WINAPI* CreateDevice_Prototype)        (LPDIRECT3D8, UINT, D3DDEVTYPE, HWND, DWORD, D3DPRESENT_PARAMETERS*, LPDIRECT3DDEVICE8*);
typedef HRESULT (WINAPI* Reset_Prototype)               (LPDIRECT3DDEVICE8, D3DPRESENT_PARAMETERS*);
typedef HRESULT (WINAPI* EndScene_Prototype)            (LPDIRECT3DDEVICE8);
typedef HRESULT (WINAPI* DrawIndexedPrimitive_Prototype)(LPDIRECT3DDEVICE8, D3DPRIMITIVETYPE, UINT, UINT, UINT, UINT);

CreateDevice_Prototype         CreateDevice_Pointer         = NULL;
Reset_Prototype                Reset_Pointer                = NULL;
EndScene_Prototype             EndScene_Pointer             = NULL;
DrawIndexedPrimitive_Prototype DrawIndexedPrimitive_Pointer = NULL;

HRESULT WINAPI Direct3DCreate8_VMTable    (VOID);
HRESULT WINAPI CreateDevice_Detour        (LPDIRECT3D8, UINT, D3DDEVTYPE, HWND, DWORD, D3DPRESENT_PARAMETERS*, LPDIRECT3DDEVICE8*);
HRESULT WINAPI Reset_Detour               (LPDIRECT3DDEVICE8, D3DPRESENT_PARAMETERS*);
HRESULT WINAPI EndScene_Detour            (LPDIRECT3DDEVICE8);
HRESULT WINAPI DrawIndexedPrimitive_Detour(LPDIRECT3DDEVICE8, D3DPRIMITIVETYPE, UINT, UINT, UINT, UINT);

PDWORD Direct3D_VMTable = NULL; 

//=====================================================================================

BOOL WINAPI DllMain(HINSTANCE hinstModule, DWORD dwReason, LPVOID lpvReserved)
{
  if(dwReason == DLL_PROCESS_ATTACH)
  {
    DisableThreadLibraryCalls(hinstModule);

    if(Direct3DCreate8_VMTable() == D3D_OK)
    return TRUE;
  }

  return FALSE;
}

//=====================================================================================

HRESULT WINAPI Direct3DCreate8_VMTable(VOID)
{
  LPDIRECT3D8 Direct3D_Object = Direct3DCreate8(D3D_SDK_VERSION);

  if(Direct3D_Object == NULL)
  return D3DERR_INVALIDCALL;
  
  Direct3D_VMTable = (PDWORD)*(PDWORD)Direct3D_Object;
  Direct3D_Object->Release();

  DWORD dwProtect;

  if(VirtualProtect(&Direct3D_VMTable[15], sizeof(DWORD), PAGE_READWRITE, &dwProtect) != 0)
  {
    *(PDWORD)&CreateDevice_Pointer = Direct3D_VMTable[15];
    *(PDWORD)&Direct3D_VMTable[15] = (DWORD)CreateDevice_Detour;

    if(VirtualProtect(&Direct3D_VMTable[15], sizeof(DWORD), dwProtect, &dwProtect) == 0)
    return D3DERR_INVALIDCALL;
  }
  else
  return D3DERR_INVALIDCALL;

  return D3D_OK;
}

//=====================================================================================

HRESULT WINAPI CreateDevice_Detour(LPDIRECT3D8 Direct3D_Object, UINT Adapter, D3DDEVTYPE DeviceType, HWND FocusWindow, 
					DWORD BehaviorFlags, D3DPRESENT_PARAMETERS* PresentationParameters, 
					LPDIRECT3DDEVICE8* Returned_Device_Interface)
{
  HRESULT Returned_Result = CreateDevice_Pointer(Direct3D_Object, Adapter, DeviceType, FocusWindow, BehaviorFlags, 
	                                          PresentationParameters, Returned_Device_Interface);

  DWORD dwProtect;

  if(VirtualProtect(&Direct3D_VMTable[15], sizeof(DWORD), PAGE_READWRITE, &dwProtect) != 0)
  {
    *(PDWORD)&Direct3D_VMTable[15] = *(PDWORD)&CreateDevice_Pointer;
    CreateDevice_Pointer           = NULL;

    if(VirtualProtect(&Direct3D_VMTable[15], sizeof(DWORD), dwProtect, &dwProtect) == 0)
    return D3DERR_INVALIDCALL;
  }
  else
  return D3DERR_INVALIDCALL;

  if(Returned_Result == D3D_OK)
  {
    Direct3D_VMTable = (PDWORD)*(PDWORD)*Returned_Device_Interface;

    *(PDWORD)&Reset_Pointer                = (DWORD)Direct3D_VMTable[14];
    *(PDWORD)&EndScene_Pointer             = (DWORD)Direct3D_VMTable[35];
    *(PDWORD)&DrawIndexedPrimitive_Pointer = (DWORD)Direct3D_VMTable[71];

    *(PDWORD)&Direct3D_VMTable[14] = (DWORD)Reset_Detour;
    *(PDWORD)&Direct3D_VMTable[35] = (DWORD)EndScene_Detour;
    *(PDWORD)&Direct3D_VMTable[71] = (DWORD)DrawIndexedPrimitive_Detour;
  }
    
  return Returned_Result;
}

//=====================================================================================

HRESULT WINAPI Reset_Detour(LPDIRECT3DDEVICE8 Device_Interface, D3DPRESENT_PARAMETERS* PresentationParameters)
{
  return Reset_Pointer(Device_Interface, PresentationParameters);
}

//=====================================================================================

HRESULT WINAPI EndScene_Detour(LPDIRECT3DDEVICE8 Device_Interface)
{
  return EndScene_Pointer(Device_Interface);
}

//=====================================================================================

HRESULT WINAPI DrawIndexedPrimitive_Detour(LPDIRECT3DDEVICE8 Device_Interface, D3DPRIMITIVETYPE Type, 
                                           UINT MinIndex, UINT NumVertices, UINT StartIndex, UINT PrimitiveCount)
{
  LPDIRECT3DVERTEXBUFFER8 Stream_Data;
  UINT Stride = 0;

  if(Device_Interface->GetStreamSource(0, &Stream_Data, &Stride) == D3D_OK)
  Stream_Data->Release();

  if(Stride == 0)
  {
  }

  return DrawIndexedPrimitive_Pointer(Device_Interface, Type, MinIndex, NumVertices, StartIndex, PrimitiveCount);
}

//=====================================================================================

Credits to roverturbo!

I like D3D best so im going to be using D3D_Noping . because soldier front detects readwritememory/ Virtual Protect.

Im not going to be giving addies you can find those yourself.

We will start off declaring our hack.

First off in globals ( top of your hack right under your includes)your gonna want it to be a on or off hack.

Iif you want auto on you return the value true soo..

Code:

Bool recoil = True;

Now if we want it to be on/ off we would return false.

Code:

Bool recoil = False;

Now Declare your integer recoil

Code:

int recoil;

Now say we have 4 address for recoil.

We have 0x000001 , 0x000002 , 0x000003 and 0x000004 (these are not correct)

We would wanna NOP ( no operation ) them! to do this if we have a D3D hack we would write.

Too do this you can add this too dip ( draw indexed primitive ) but ur gonna want to hook it or codecave it. do that by jumping the bytes of gameguard to get pass the scans!

Code:

void D3D_NOP( void* pxAddress, int size )
{ 
unsigned long Protection;
BYTE IWriteNoFunctions[ ] = {0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
VirtualProtect((void*)pxAddress, size, PAGE_READWRITE, &Protection);
memcpy((void*)pxAddress, (const void*)IWriteNoFunctions, size);
VirtualProtect((void*)pxAddress, size, Protection, 0);
}

Now we can use D3d nop and return no errors.

So now we have those 4 addies we can simply add a hotkey and begin our Nop.

First off your going to wanna make a seperate space for this. i just label mine in a comment as Memory.

Code:

//-------------------------------------Memory-------------------//

if(GetAsyncKeyState(VK_NUMPAD3)<0){ 
			if(Recoil){
			D3D_NOP((VOID*)(0x000001), "\xD8\x66\x54", 3);
			D3D_NOP((VOID*)(0x000002), "\xD9\x46\x54", 3);
			D3D_NOP((VOID*)(0x000003), "\xD9\x5E\x54", 3);
			D3D_NOP((VOID*)(0x000004), "\xD9\x46\x48", 3);
				Recoil = false;
			} else {
			D3D_NOP((VOID*)(0x000001), "\x90\x90\x90", 3);
			D3D_NOP((VOID*)(0x000002), "\x90\x90\x90", 3);
			D3D_NOP((VOID*)(0x000003), "\x90\x90\x90", 3);
			D3D_NOP((VOID*)(0x000004), "\x90\x90\x90", 3);
				Recoil = true;
			}
		}

You now have made a no recoil hack!

This was just a simple tutorial i will have more to come!