after then i debugged my source codes.But theres an errorlog in my game.
Its :
PHP Code:
Module Name: C:\Users\Canberk\Desktop\Finish Client für Cl2-Revolution\CL2-Revolution.exe.exe
Time Stamp: 0x7375705f - Tue May 20 23:45:19 2031
Exception Type: 0x80000003
eax: 0x00000000 ebx: 0x0012ef10
ecx: 0x7599e0c5 edx: 0x00000001
esi: 0x0012ef1c edi: 0x0012ef14
ebp: 0x0012eeb4 esp: 0x0012eeb0
0x759b381b C:\Windows\system32\KERNELBASE.dll
0x44680f4e C:\Users\Canberk\Desktop\Finish Client für Cl2-Revolution\python22_d.dll
0x445ff5a0 C:\Users\Canberk\Desktop\Finish Client für Cl2-Revolution\python22_d.dll
0x445ff580 C:\Users\Canberk\Desktop\Finish Client für Cl2-Revolution\python22_d.dll
0x4464aeaa C:\Users\Canberk\Desktop\Finish Client für Cl2-Revolution\python22_d.dll
0x446484ee C:\Users\Canberk\Desktop\Finish Client für Cl2-Revolution\python22_d.dll
0x56ff3f85 C:\Users\Canberk\Desktop\test.dll
0x56ff5d83 C:\Users\Canberk\Desktop\test.dll
0x56ff36e4 C:\Users\Canberk\Desktop\test.dll
0x00492640 C:\Users\Canberk\Desktop\Finish Client für Cl2-Revolution\CL2-Revolution.exe
0x01d0e768
0xe8000037
0x000dbec4
0x8689c72b
0x000130f4
0x0dbeb7e8
0x740d8b00
0x3b007d2c
0x2b4a76c1
0x01f43dc1
0x147d0000
0x30f48e39
0x0c770001
0x2c7005c7
0x0001007d
0x33eb0000
0xf5f7d233
0xaf0ff88b
0x57cf03fd
0x73eba868
0x740d8900
0xe8007d2c
0x001adf99
0x0a6c0d8b
0xc483007d
0x55e85708
0xeb000dbf
0x701d8906
0x8a007d2c
0x01320d86
0x74c08400
0x701d8908
0xeb007d2c
0x701d390c
0x0f007d2c
0x0003ff85
0x6805dd00
0x53007a4f
0x14245cd9
0x1424448b
0xc9e85050
0x8300115f
0x21e80cc4
0x89000dbe
0x8a102444
0x01323086
0xb3c08400
0x8d327501
0x000920be
0xe8cf8b00
0x00091b44
0x2374c085
0xe0102d8b
0xcd8b007c
0xf9b353e8
0xe8cf8bff
0x00093b1c
0x0974c085
0x21e8cd8b
0xebfff9b3
0x8bdb3202
0x5b26e8ce
0xc084000b
0x568b0e75
0x204e8d20
0x000bb868
0x1052ff00
0x1375db84
0x8d20468b
0xb868204e
0xff00000b
0x47e91050
0x8b000003
0x7d0a740d
0x6e52e800
0xbe8d000b
And of course my dll didnt work the game closed itself.
Any idea about the error ?
My Source :
PHP Code:
#include "stdafx.h"
#include <windows.h>
#include <Python.h>
#include "detours.h"
#include <string>
#include <sstream>
#include <iostream>
#include <fcntl.h>
#pragma comment(lib, "detours.lib")
using namespace std;
void (__stdcall* MainFunc)();
bool ScanForOffsets();
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask);
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask);
void* GetCallDest(void* addr);
void Main();
void SendPacket(const unsigned char* packetdata, unsigned long len);
void Hook_MainFunc();
DWORD Offset1 = 0; //mainstream
DWORD Offset2 = 0; //AddPacketData Function
DWORD Offset3 = 0; //AddSignatureByte Function
DWORD Offset4 = 0; //Update Function (MainFunc)
DWORD Offset5 = 0; //RegisterVid Function
void AutoAttack();
BOOL APIENTRY DllMain(HANDLE hModule, DWORD ul_reason_for_call, LPVOID lpReserved)
{
switch (ul_reason_for_call)
{
case DLL_PROCESS_ATTACH:
ScanForOffsets();
MainFunc = (void (__stdcall*)())DetourFunction((PBYTE)Offset4, (PBYTE)Hook_MainFunc); //0x00471F50
CreateThread(NULL, 0, (LPTHREAD_START_ROUTINE)Main, hModule, 0, NULL);
break;
case DLL_THREAD_ATTACH:
break;
case DLL_THREAD_DETACH:
break;
case DLL_PROCESS_DETACH:
break;
}
return TRUE;
}
bool ScanForOffsets()
{
DWORD Base = 0x00400000;
DWORD SizeOfCode;
DWORD i = Base;
while ((memcmp((void *)i, "PE\0\0", 4)) && (i <= Base + 0x1000))
i++;
if (i <= Base + 0x1000)
SizeOfCode = *(DWORD *)(i + 0x1C);
BYTE Signature1[] = { 0x8B, 0x0D, 0xF4, 0x1C, 0x5F, 0x00, 0x52, 0x50, 0xE8, 0x67,
0x60, 0x00, 0x00, 0xE8, 0x12, 0x7B, 0x12, 0x00, 0x5E};
BYTE Signature2[] = { 0x8B, 0xC1, 0x8B, 0x50, 0x38, 0x8B, 0x48, 0x34, 0x53, 0x8B,
0x5C, 0x24, 0x08, 0x2B, 0xCA, 0x3B, 0xD9};
BYTE Signature3[] = { 0xC2, 0x04, 0x00, 0x8B, 0xCE, 0xE8, 0xB2, 0xCE, 0x0D, 0x00,
0x5E};
BYTE Signature4[] = { 0x83, 0xEC, 0x08, 0x56, 0x8B, 0xF1, 0x8D, 0x44, 0x24, 0x04,
0x50, 0x8D, 0x4C, 0x24, 0x0C, 0x51};
BYTE Signature5[] = { 0x8B, 0x44, 0x24, 0x04, 0x89, 0x81, 0x9C, 0x04, 0x00, 0x00,
0xC2, 0x04, 0x00};
Offset1 = *(DWORD *)(dwFindPattern(Base + 0x1000, SizeOfCode, Signature1, "xx????xxx????x????x") + 2);
Offset2 = dwFindPattern(Base + 0x1000, SizeOfCode, Signature2, "xxxxxxxxxxxxxxxxx");
DWORD Offset3_Address = (dwFindPattern(Base + 0x1000, SizeOfCode, Signature3, "xxxxxx????x") + 6);
Offset3 = reinterpret_cast<DWORD>(GetCallDest((DWORD *)(Offset3_Address - 1)));
Offset4 = dwFindPattern(Base + 0x1000, SizeOfCode, Signature4, "xxxxxxxxxxxxxxxx");
Offset5 = dwFindPattern(Base + 0x1000, SizeOfCode, Signature5, "xxxxxxxxxxxxx") + 4;
if ((Offset1))
return true;
else
return false;
}
void* GetCallDest(void* addr)
{
unsigned char* callDestAddr = reinterpret_cast<unsigned char*>(addr) + 1;
uintptr_t relativeDest = *reinterpret_cast<uintptr_t *>(callDestAddr);
return reinterpret_cast<void*>(uintptr_t(addr) + relativeDest + 5);
}
bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask)
{
for(;*szMask;++szMask,++pData,++bMask)
if(*szMask=='x' && *pData!=*bMask )
return false;
return (*szMask) == NULL;
}
DWORD dwFindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
{
for(DWORD i=0; i < dwLen; i++)
if( bDataCompare( (BYTE*)( dwAddress+i ),bMask,szMask) )
return (DWORD)(dwAddress+i);
return 0;
}
void SendPacket(const unsigned char* packetdata, unsigned long len)
{
DWORD dwSendFunc = Offset2;
DWORD dwAddSignatureByte = Offset3;
__asm
{
PUSH packetdata
PUSH len
MOV EAX, Offset1
MOV ECX, DWORD PTR DS:[EAX]
CALL dwSendFunc
MOV EAX, Offset1
MOV ECX, DWORD PTR DS:[EAX]
CALL dwAddSignatureByte
}
}
void Hook_MainFunc()
{
_asm pushad
AutoAttack();
__asm popad
return (*MainFunc)();
}
void Main()
{
AutoAttack();
}
void StartAutoAttack(){
PyObject* args = PyTuple_New(1);
Py_INCREF(Py_True);
PyTuple_SetItem(args, 0, Py_True);
PyObject* ret = PyObject_Call(PyObject_GetAttrString(PyImport_ImportModule("player"), "SetAttackKeyState"), args, NULL);
Py_XDECREF(ret);
Py_XDECREF(args);
}
void AutoAttack()
{
StartAutoAttack();
}
