Soldier Front Hack Tutorial

[gcflames12]

Well this sections been looking a bit dull lately.

So i have decided to write you guys a tutorial on how to code a simple * yes * simple hack!

You will need Microsoft Visual C++ 2008 or 2010 too compile this!! Add this code into this already hooked D3D8 Enviroment.

Code:

//=====================================================================================

// Roverturbo | www.uc-forum.com

#include <windows.h>

#include <d3d8.h>
#pragma comment(lib, "d3d8.lib")

//=====================================================================================

typedef HRESULT (WINAPI* CreateDevice_Prototype)        (LPDIRECT3D8, UINT, D3DDEVTYPE, HWND, DWORD, D3DPRESENT_PARAMETERS*, LPDIRECT3DDEVICE8*);
typedef HRESULT (WINAPI* Reset_Prototype)               (LPDIRECT3DDEVICE8, D3DPRESENT_PARAMETERS*);
typedef HRESULT (WINAPI* EndScene_Prototype)            (LPDIRECT3DDEVICE8);
typedef HRESULT (WINAPI* DrawIndexedPrimitive_Prototype)(LPDIRECT3DDEVICE8, D3DPRIMITIVETYPE, UINT, UINT, UINT, UINT);

CreateDevice_Prototype         CreateDevice_Pointer         = NULL;
Reset_Prototype                Reset_Pointer                = NULL;
EndScene_Prototype             EndScene_Pointer             = NULL;
DrawIndexedPrimitive_Prototype DrawIndexedPrimitive_Pointer = NULL;

HRESULT WINAPI Direct3DCreate8_VMTable    (VOID);
HRESULT WINAPI CreateDevice_Detour        (LPDIRECT3D8, UINT, D3DDEVTYPE, HWND, DWORD, D3DPRESENT_PARAMETERS*, LPDIRECT3DDEVICE8*);
HRESULT WINAPI Reset_Detour               (LPDIRECT3DDEVICE8, D3DPRESENT_PARAMETERS*);
HRESULT WINAPI EndScene_Detour            (LPDIRECT3DDEVICE8);
HRESULT WINAPI DrawIndexedPrimitive_Detour(LPDIRECT3DDEVICE8, D3DPRIMITIVETYPE, UINT, UINT, UINT, UINT);

PDWORD Direct3D_VMTable = NULL; 

//=====================================================================================

BOOL WINAPI DllMain(HINSTANCE hinstModule, DWORD dwReason, LPVOID lpvReserved)
{
  if(dwReason == DLL_PROCESS_ATTACH)
  {
    DisableThreadLibraryCalls(hinstModule);

    if(Direct3DCreate8_VMTable() == D3D_OK)
    return TRUE;
  }

  return FALSE;
}

//=====================================================================================

HRESULT WINAPI Direct3DCreate8_VMTable(VOID)
{
  LPDIRECT3D8 Direct3D_Object = Direct3DCreate8(D3D_SDK_VERSION);

  if(Direct3D_Object == NULL)
  return D3DERR_INVALIDCALL;
  
  Direct3D_VMTable = (PDWORD)*(PDWORD)Direct3D_Object;
  Direct3D_Object->Release();

  DWORD dwProtect;

  if(VirtualProtect(&Direct3D_VMTable[15], sizeof(DWORD), PAGE_READWRITE, &dwProtect) != 0)
  {
    *(PDWORD)&CreateDevice_Pointer = Direct3D_VMTable[15];
    *(PDWORD)&Direct3D_VMTable[15] = (DWORD)CreateDevice_Detour;

    if(VirtualProtect(&Direct3D_VMTable[15], sizeof(DWORD), dwProtect, &dwProtect) == 0)
    return D3DERR_INVALIDCALL;
  }
  else
  return D3DERR_INVALIDCALL;

  return D3D_OK;
}

//=====================================================================================

HRESULT WINAPI CreateDevice_Detour(LPDIRECT3D8 Direct3D_Object, UINT Adapter, D3DDEVTYPE DeviceType, HWND FocusWindow, 
					DWORD BehaviorFlags, D3DPRESENT_PARAMETERS* PresentationParameters, 
					LPDIRECT3DDEVICE8* Returned_Device_Interface)
{
  HRESULT Returned_Result = CreateDevice_Pointer(Direct3D_Object, Adapter, DeviceType, FocusWindow, BehaviorFlags, 
	                                          PresentationParameters, Returned_Device_Interface);

  DWORD dwProtect;

  if(VirtualProtect(&Direct3D_VMTable[15], sizeof(DWORD), PAGE_READWRITE, &dwProtect) != 0)
  {
    *(PDWORD)&Direct3D_VMTable[15] = *(PDWORD)&CreateDevice_Pointer;
    CreateDevice_Pointer           = NULL;

    if(VirtualProtect(&Direct3D_VMTable[15], sizeof(DWORD), dwProtect, &dwProtect) == 0)
    return D3DERR_INVALIDCALL;
  }
  else
  return D3DERR_INVALIDCALL;

  if(Returned_Result == D3D_OK)
  {
    Direct3D_VMTable = (PDWORD)*(PDWORD)*Returned_Device_Interface;

    *(PDWORD)&Reset_Pointer                = (DWORD)Direct3D_VMTable[14];
    *(PDWORD)&EndScene_Pointer             = (DWORD)Direct3D_VMTable[35];
    *(PDWORD)&DrawIndexedPrimitive_Pointer = (DWORD)Direct3D_VMTable[71];

    *(PDWORD)&Direct3D_VMTable[14] = (DWORD)Reset_Detour;
    *(PDWORD)&Direct3D_VMTable[35] = (DWORD)EndScene_Detour;
    *(PDWORD)&Direct3D_VMTable[71] = (DWORD)DrawIndexedPrimitive_Detour;
  }
    
  return Returned_Result;
}

//=====================================================================================

HRESULT WINAPI Reset_Detour(LPDIRECT3DDEVICE8 Device_Interface, D3DPRESENT_PARAMETERS* PresentationParameters)
{
  return Reset_Pointer(Device_Interface, PresentationParameters);
}

//=====================================================================================

HRESULT WINAPI EndScene_Detour(LPDIRECT3DDEVICE8 Device_Interface)
{
  return EndScene_Pointer(Device_Interface);
}

//=====================================================================================

HRESULT WINAPI DrawIndexedPrimitive_Detour(LPDIRECT3DDEVICE8 Device_Interface, D3DPRIMITIVETYPE Type, 
                                           UINT MinIndex, UINT NumVertices, UINT StartIndex, UINT PrimitiveCount)
{
  LPDIRECT3DVERTEXBUFFER8 Stream_Data;
  UINT Stride = 0;

  if(Device_Interface->GetStreamSource(0, &Stream_Data, &Stride) == D3D_OK)
  Stream_Data->Release();

  if(Stride == 0)
  {
  }

  return DrawIndexedPrimitive_Pointer(Device_Interface, Type, MinIndex, NumVertices, StartIndex, PrimitiveCount);
}

//=====================================================================================

Credits to roverturbo!


I like D3D best so im going to be using D3D_Noping . because soldier front detects readwritememory/ Virtual Protect.

Im not going to be giving addies you can find those yourself.

We will start off declaring our hack.

First off in globals ( top of your hack right under your includes)your gonna want it to be a on or off hack.

Iif you want auto on you return the value true soo..

Code:

Bool recoil = True;

Now if we want it to be on/ off we would return false.

Code:

Bool recoil = False;

Now Declare your integer recoil

Code:

int recoil;

Now say we have 4 address for recoil.

We have 0x000001 , 0x000002 , 0x000003 and 0x000004 (these are not correct)

We would wanna NOP ( no operation ) them! to do this if we have a D3D hack we would write.

Too do this you can add this too dip ( draw indexed primitive ) but ur gonna want to hook it or codecave it. do that by jumping the bytes of gameguard to get pass the scans!

Code:

void D3D_NOP( void* pxAddress, int size )
{ 
unsigned long Protection;
BYTE IWriteNoFunctions[ ] = {0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90, 0x90};
VirtualProtect((void*)pxAddress, size, PAGE_READWRITE, &Protection);
memcpy((void*)pxAddress, (const void*)IWriteNoFunctions, size);
VirtualProtect((void*)pxAddress, size, Protection, 0);
}

Now we can use D3d nop and return no errors.

So now we have those 4 addies we can simply add a hotkey and begin our Nop.

First off your going to wanna make a seperate space for this. i just label mine in a comment as Memory.

Code:

//-------------------------------------Memory-------------------//

if(GetAsyncKeyState(VK_NUMPAD3)<0){ 
			if(Recoil){
			D3D_NOP((VOID*)(0x000001), "\xD8\x66\x54", 3);
			D3D_NOP((VOID*)(0x000002), "\xD9\x46\x54", 3);
			D3D_NOP((VOID*)(0x000003), "\xD9\x5E\x54", 3);
			D3D_NOP((VOID*)(0x000004), "\xD9\x46\x48", 3);
				Recoil = false;
			} else {
			D3D_NOP((VOID*)(0x000001), "\x90\x90\x90", 3);
			D3D_NOP((VOID*)(0x000002), "\x90\x90\x90", 3);
			D3D_NOP((VOID*)(0x000003), "\x90\x90\x90", 3);
			D3D_NOP((VOID*)(0x000004), "\x90\x90\x90", 3);
				Recoil = true;
			}
		}

You now have made a no recoil hack!

This was just a simple tutorial i will have more to come!

[Match*Star.]

`Please make your instructions clear.
`Because it is incomplete.
`Although I know how to do it, other members can't understand how to do it.

[gcflames12]

Well if they dont know that why would they even be here?

[Match*Star.]

Quote:

Originally Posted by gcflames12

Well if they dont know that why would they even be here?

`Because some of members here only know how to use hack.

[tati123]

pano va yan wall send me plzz

[Zhina_Shines]

Quote:

Originally Posted by gcflames12

Well if they dont know that why would they even be here?

so you will not give 'em instructure?

btw, tahnks for the code but is this for NA or PH?

umm,,, we need a houk with this to maeke it undetected

[Match*Star.]

`Tati123 don't know how to do with this because of your incomplete instructions.
`Make your instructions clear to avoid this from being reported.

[Zhina_Shines]

doun't repourt it MtS ...

this is useful for couders ...

becuase i know you doun't know much how to maek one xD

EDIT---
I'll make for video with this

[gcflames12]

Edited* added fully hooked d3d8 source and comments on where too put the memory hacks.

[Match*Star.]

Quote:

Originally Posted by Icht Shot!

doun't repourt it MtS ...

this is useful for couders ...

becuase i know you doun't know much how to maek one xD

EDIT---
I'll make for video with this

`I will not report it because this is a good one.
`Well, I know how to make one but I'm not a pro coder like spencer.

[Zhina_Shines]

Well, i can't maek one video becuase im busy posting a new status of psf hacks xD

[sthan20]

im not a procoder. how can i do it with my c++? can i save it to sf file? what name can i use for it? and how can i do that?

[Match*Star.]

Quote:

Originally Posted by sthan20

im not a procoder. how can i do it with my c++? can i save it to sf file? what name can i use for it? and how can i do that?

`It can't be save into a sf file.
`It must be compiled into a dll form.

[Zhina_Shines]

 Spoiler

Original Account owner has back (OVEnran) sorry my cousin use my account in this week because im busy in school

GTFO man, you can't save it with notepad...

This is for Normal Coders and Advanced Coders

[firefox800]

its no recoil instead but patched already,,anyway thanks for nice tut..