Looks like some more People now know how to work with the Public Sources.
Here a little "Base"
DllMain.cpp
Main.h
Mainc.pp
Send.cpp
Send.h
Recv.cpp
Function.cpp
Function.h
PHP Code:
#include "Main.h"
HANDLE main_HackThread = 0;
unsigned int main_HackThread_ID = 0;
BOOL __stdcall DllMain(HMODULE hModule, unsigned long ulCallReason, LPVOID lpReserved)
{
switch(ulCallReason)
{
case DLL_PROCESS_ATTACH:
main_HackThread = reinterpret_cast <HANDLE> (_beginthreadex(NULL , 0, &CMain::Main_HackThread_, NULL, NULL, &main_HackThread_ID));
break;
case DLL_PROCESS_DETACH:
break;
}
return 1;
}
PHP Code:
#ifndef MAIN_H
#define MAIN_H
#include <WinSock2.h>
#include <detours.h>
#include <Windows.h>
#include <iostream>
#include <io.h>
#include <fcntl.h>
#include <process.h>
#include <math.h>
#include <stdio.h>
#include <fstream>
#include <vector>
#include <iterator>
#include <algorithm>
#include <string>
#include <stdint.h>
#pragma comment(lib, "detours.lib")
#pragma comment(lib, "ws2_32.lib")
class CMain
{
public:
static unsigned int __stdcall Main_HackThread_( LPVOID lpParam );
};
#endif MAIN_H
PHP Code:
#include "Main.h"
#include "Send.h"
#include "Function.h"
extern HANDLE main_HackThread;
extern int (__stdcall *DetourRecv)(SOCKET Socket, char *Buffer, int Length, int Flags);
extern int __stdcall FilterRecv(SOCKET Socket, char* Buffer,int iLenght, int iFlags);
extern unsigned long Chat_add;
extern unsigned long MiniChat_add;
unsigned int __stdcall CMain::Main_HackThread_( LPVOID lpParam )
{
//Initialize AhnLab HackShield Kill
BYTE Replacer;
DWORD Virutal_add = 0x00504DBF - 0x00104DBF;
Replacer = 0x85;
CFunction::MemcpyEx(Virutal_add + 0x00104DBF, reinterpret_cast<DWORD>(&Replacer),1);
Replacer = 0x75;
CFunction::MemcpyEx(Virutal_add + 0x00104F66, reinterpret_cast<DWORD>(&Replacer),1);
CFunction::MemcpyEx(Virutal_add + 0x0010DB66, reinterpret_cast<DWORD>(&Replacer),1);
Replacer = 0x61;
CFunction::MemcpyEx(Virutal_add + 0x002A2A6D, reinterpret_cast<DWORD>(&Replacer),1);
BYTE pChat[] = {0x55,0x8B,0xEC,0x83,0x3D,0x48,0x2B,0x86,0x00,0x00,0x74,0x17,0x8B,0x45,0x10,0x50};
char * mChat = "xxx????????xxxx";
BYTE pKChatLog[] = {0x55,0x8B,0xEC,0x83,0x3D,0x00,0x00,0x00,0x00,0x00,0x74,0x17,0x8B,0x45,0x10,0x50};
char * cKChatLog = "xxxxx?????xxxxxx";
Chat_add = CFunction::dwFindPattern( 0x00400000,0x00700000,pChat,mChat);
MiniChat_add = CFunction::dwFindPattern( Chat_add+1,0x00700000,pKChatLog,cKChatLog);
DetourRecv = (int (__stdcall *)(SOCKET, char *, int, int))DetourFunction(reinterpret_cast<PBYTE>(0x0052F060),reinterpret_cast<PBYTE>(FilterRecv));
CloseHandle(main_HackThread);
_endthreadex(0);
return 0;
}
PHP Code:
#include "Main.h"
#include "Send.h"
DWORD SendKoemBack = ((*reinterpret_cast<DWORD*>(0x004921F4 + 1)) + (0x004921F4 + 1) + 4);
__declspec (naked) int __cdecl CSend::SendKoemV2(BYTE type, char* format, ...)
{
__asm jmp SendKoemBack
}
PHP Code:
#ifndef SEND_H
#define SEND_H
class CSend
{
public:
static int __cdecl SendKoemV2(BYTE type , char* format, ...);
};
#endif SEND_H
PHP Code:
#include "Main.h"
#include "Function.h"
#include "Send.h"
#include "Recv.h"
enum RecvHeader
{
Item = 0x36,
PlayeyApear = 0x32
};
void MyRecv(char* szBuffer,int iLenght)
{
switch (szBuffer[2])
{
case Item:
{
WORD Itemindex = *reinterpret_cast<WORD*>(&szBuffer[3]);
DWORD dwItemID = *reinterpret_cast<DWORD*>(&szBuffer[5]);
DWORD AchseX = *reinterpret_cast<DWORD*>(&szBuffer[5 + 4]);
DWORD AchseY = *reinterpret_cast<DWORD*>(&szBuffer[5 + 4 + 4]);
DWORD Amount = *reinterpret_cast<DWORD*>(&szBuffer[17]);
CSend::SendKoemV2(0x20,"ddd",dwItemID,AchseX / 32,AchseY / 32);
CFunction::IngameMiniChat(violett,"Picked->[ItemUID _ %d][Index _ %d][Amount _ %d]",dwItemID, Itemindex, Amount);
}
break;
case PlayeyApear:
{
DWORD PlayerUniqueID = *reinterpret_cast<DWORD*>(&szBuffer[3]);
char szPlayerName[255];
memcpy(reinterpret_cast<char*>(szPlayerName),reinterpret_cast<void*>((reinterpret_cast<DWORD>(szBuffer) + 7)),16);
BYTE PlayerReserved = strlen(szPlayerName);
DWORD PlayerCoordinateX = *reinterpret_cast<DWORD*>(&szBuffer[7 + PlayerReserved + 2]);
DWORD PlayerCoordinateY = *reinterpret_cast<DWORD*>(&szBuffer[7 + PlayerReserved + 6]);
DWORD PlayerCoordinateZ = *reinterpret_cast<DWORD*>(&szBuffer[7 + PlayerReserved + 10]);
CFunction::IngameChat(blue,"Player->[Name _ %s][UID _ %d][X,Y,Z [%d,%d,%d] ]",
szPlayerName,PlayerUniqueID,PlayerCoordinateX,PlayerCoordinateY,PlayerCoordinateZ);
}
break;
}
}
int (__stdcall *DetourRecv)(SOCKET Socket, char *Buffer, int Length, int Flags);
int ASyncPos = 0;
int FinalSize = 0;
int __stdcall FilterRecv(SOCKET Socket,char *Buffer, int iLength, int iFlags)
{
if (ASyncPos == FinalSize && FinalSize > 0)
{
MyRecv(Buffer, ASyncPos);
ASyncPos = 0;
}
int RecvRET = DetourRecv(Socket, Buffer, iLength, iFlags);
if (RecvRET < 0)
{
return RecvRET;
}
if (ASyncPos == 0)
FinalSize = *((short int*) Buffer);
ASyncPos += RecvRET;
return RecvRET;
}
PHP Code:
unsigned long Chat_add;
typedef int (__cdecl * Chat_org)(char, char*, int);
unsigned long MiniChat_add;
typedef int (__cdecl * MiniChat_org)(char*, int, int);
void CFunction::IngameChat(int color,char* mFormat,...){
char* mText = new char[255];
va_list args;
va_start(args, mFormat);
vsprintf_s(mText,255,mFormat,args);
va_end(args);
((Chat_org)Chat_add)(0,mText,color);
}
void CFunction::IngameMiniChat(int color,char* msg, ...){
char* mText = new char[255];
va_list args;
va_start(args, msg);
vsprintf_s(mText,255,msg,args);
va_end(args);
((MiniChat_org)MiniChat_add)(mText,color,1);
}
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD CFunction::dwFindPattern(DWORD dwAddress,DWORD dwLen, BYTE *bMask, char * szMask) {
for(DWORD i=0;i<dwLen;i++)
if( bDataCompare( reinterpret_cast<BYTE*>( dwAddress+i ),bMask,szMask) )
return static_cast<DWORD>(dwAddress+i);
return NULL;
}
LPVOID CFunction::MemcpyEx(DWORD lpDest, DWORD lpSource, int len)
{
DWORD oldSourceProt, oldDestProt = 0;
VirtualProtect(reinterpret_cast<LPVOID>(lpSource),len,PAGE_EXECUTE_READWRITE,&oldSourceProt);
VirtualProtect(reinterpret_cast<LPVOID>(lpDest),len,PAGE_EXECUTE_READWRITE,&oldDestProt);
memcpy(reinterpret_cast<void*>(lpDest),reinterpret_cast<void*>(lpSource),len);
VirtualProtect(reinterpret_cast<LPVOID>(lpDest),len,oldDestProt,&oldDestProt);
VirtualProtect(reinterpret_cast<LPVOID>(lpSource),len,oldSourceProt,&oldSourceProt);
return reinterpret_cast<LPVOID>(lpDest);
};
DWORD realtarget;
DWORD CFunction::Intercept(int instruction, DWORD lpSource, DWORD lpDest, int len)
{
LPBYTE buffer = new BYTE[len];
memset(buffer,0x90,len);
if (instruction != INST_NOP && len >= 5)
{
buffer[(len - 5)] = instruction;
DWORD dwJMP = static_cast<DWORD>(lpDest) - (lpSource + 5 + (len - 5));
memcpy(&realtarget,reinterpret_cast<void*>(lpSource + 1),4);
realtarget = realtarget + lpSource + 5;
memcpy(buffer + 1 + (len - 5),&dwJMP,4);
}
if (instruction == SHORT_JZ)
{
buffer[0] = instruction;
buffer[1] = static_cast<BYTE>(lpDest);
}
if (instruction == INST_BYTE)
{
buffer[0] = static_cast<BYTE>(lpDest);
}
CFunction::MemcpyEx(lpSource, reinterpret_cast<DWORD>(buffer), len);
delete[] buffer;
return realtarget;
}
PHP Code:
#ifndef FUNCTION_H
#define FUNCTION_H
#define orange 16594
#define lightblue 15073034
#define violett 12615808
#define green 32768
#define pink 16751615
#define blue 15453831
#define red 255
#define INST_NOP 0x90
#define INST_CALL 0xe8
#define INST_JMP 0xe9
#define INST_BYTE 0x00
#define SHORT_JZ 0x74
class CFunction
{
public:
static DWORD Intercept(int instruction, DWORD lpSource, DWORD lpDest, int len);
static LPVOID MemcpyEx(DWORD lpDest, DWORD lpSource, int len);
static DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen, BYTE *bMask, char * szMask);
static void IngameChat(int color,char* mFormat,...);
static void IngameMiniChat(int color,char* msg,...);
};
#endif FUNCTION_H