Warrock - Code Snippets

Raz9r · 04/12/2013, 18:43

Weil du für die Umleitung in den geschützten Speicher die Adresse der Kopie setzen müsstest.

Es gibt aber viele andere Methoden, wie man das leisten kann. Hier die, mit der ich das schon einmal gemacht habe: Die ZwVirtual* funktionen in ntdll.dll hooken und einen Mutex setzen, der HackShield verbietet, die Page-Protection zu ändern, während ihr den geschützten Speicher beschreibt. Fertig ist's. Offensichtlicher Nachteil dieser Methode: Solange man den Speicher beschreibt, hängt HackShield. Das kann zu Lag führen. Offensichtlicher Vorteil: Das funktioniert seit Jahren.

Cyno™ · 04/12/2013, 18:56

Nice die Idee hört sich interessant an

aerrow107 · 04/14/2013, 14:44

Anyone can help me find what's wrong with my WarRock Powerleveling bot??It's crashing WarRock after 1 minute or less even before pressing the button to start the bot...
Any help is appreciated.
Thanks Aerrow107.

//Coded by Aerrow107
//Welcome to a WarRock PowerLeveling Bot

#include <windows.h>
#include <stdio.h>

#define ADR_PlayerPointer 0xA5348C
#define ADR_ServerPointer 0xA5341C
#define ADR_PlantAnywhere 0x00A5317B
#define ADR_DefuseAnywhere 0x009F92E4
#define ADR_NoSpawnWait 0xB9D21C

#pragma message("Credits : -[---------------------------]-")
#pragma message("Credits : -[By-------(Aerrow107)--------]-")
#pragma message("Credits : -[---------------------------]-")

/* Hotkeys */
/*F9 = On */
/*F10 = Off */
// End of Hotkeys

//-----------------------------------------------------------------------------
// Name: Defines()
//-----------------------------------------------------------------------------

int RL_DefuseAnyWhere = 0; // 1 = AutoOn / 0 = Off
int RL_PlantAnyWhere = 0; // 1 = AutoOn / 0 = Off
int RL_NoSpawnWait = 0; // 1 = AutoOn / 0 = Off
//~~~~~~~~~~~~~~~~Hack Start~~~~~~~~~~~~~~~~

void PlayerAndServer() // My Thread that i will add hacks on
{

DWORD dwPlayerPointer = *(DWORD*) ADR_PlayerPointer ; // Define DwPlayerPointer = Bla bla bla
DWORD dwServerPointer = *(DWORD*) ADR_ServerPointer ; // Definde dwServerPoint = Bla bla bla

if(dwPlayerPointer && dwServerPointer !=0)
{

if(GetAsyncKeyState(VK_F9)&1) //On Hotkey
{

RL_PlantAnyWhere = 1;
RL_DefuseAnyWhere = 1;
RL_NoSpawnWait = 1;

}

if(GetAsyncKeyState(VK_F10)&1) //Off Hotkey
{
RL_PlantAnyWhere = 0;
RL_DefuseAnyWhere = 0;
RL_NoSpawnWait = 0;
}

if(RL_PlantAnyWhere == 1) //Plant Anywhere
{

*(BYTE*)(ADR_PlantAnywhere) = 0x1;

}

if(RL_DefuseAnyWhere == 1) //Defuse Anywhere
{

*(WORD*)(ADR_DefuseAnywhere) = 1;

}

if(RL_NoSpawnWait == 1) //No Spawn
{

*(int*)(ADR_NoSpawnWait) = 0;

}

}
}
//~~~~~~~~~~~~~~~~~~~~~~~~~Hack Ends~~~~~~~~~~~~~~~~~~~~~~~~~~~//

//-------------------------HackThread--------------------------//

DWORD __stdcall HacksLoading(LPVOID param)
{
while (1)
{

PlayerAndServer();
Sleep(100);

}
}

//--------------------------End HackThread---------------------//

//--------------------------End-------------------------------//

BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved)
{
DisableThreadLibraryCalls(hDll);
if (dwReason == DLL_PROCESS_ATTACH)
{

CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HacksLoading , NULL, NULL, NULL);

}
return TRUE;
}

//--------------------------End------------------------------//

Cyno™ · 04/14/2013, 15:40

Quote:

Originally Posted by aerrow107

Anyone can help me find what's wrong with my WarRock Powerleveling bot??It's crashing WarRock after 1 minute or less even before pressing the button to start the bot...
Any help is appreciated.
Thanks Aerrow107.

//Coded by Aerrow107
//Welcome to a WarRock PowerLeveling Bot

#include <windows.h>
#include <stdio.h>

#define ADR_PlayerPointer 0xA5348C
#define ADR_ServerPointer 0xA5341C
#define ADR_PlantAnywhere 0x00A5317B
#define ADR_DefuseAnywhere 0x009F92E4
#define ADR_NoSpawnWait 0xB9D21C

#pragma message("Credits : -[---------------------------]-")
#pragma message("Credits : -[By-------(Aerrow107)--------]-")
#pragma message("Credits : -[---------------------------]-")

/* Hotkeys */
/*F9 = On */
/*F10 = Off */
// End of Hotkeys

//-----------------------------------------------------------------------------
// Name: Defines()
//-----------------------------------------------------------------------------

int RL_DefuseAnyWhere = 0; // 1 = AutoOn / 0 = Off
int RL_PlantAnyWhere = 0; // 1 = AutoOn / 0 = Off
int RL_NoSpawnWait = 0; // 1 = AutoOn / 0 = Off
//~~~~~~~~~~~~~~~~Hack Start~~~~~~~~~~~~~~~~

void PlayerAndServer() // My Thread that i will add hacks on
{

DWORD dwPlayerPointer = *(DWORD*) ADR_PlayerPointer ; // Define DwPlayerPointer = Bla bla bla
DWORD dwServerPointer = *(DWORD*) ADR_ServerPointer ; // Definde dwServerPoint = Bla bla bla

if(dwPlayerPointer && dwServerPointer !=0)
{

if(GetAsyncKeyState(VK_F9)&1) //On Hotkey
{

RL_PlantAnyWhere = 1;
RL_DefuseAnyWhere = 1;
RL_NoSpawnWait = 1;

}

if(GetAsyncKeyState(VK_F10)&1) //Off Hotkey
{
RL_PlantAnyWhere = 0;
RL_DefuseAnyWhere = 0;
RL_NoSpawnWait = 0;
}

if(RL_PlantAnyWhere == 1) //Plant Anywhere
{

*(BYTE*)(ADR_PlantAnywhere) = 0x1;

}

if(RL_DefuseAnyWhere == 1) //Defuse Anywhere
{

*(WORD*)(ADR_DefuseAnywhere) = 1;

}

if(RL_NoSpawnWait == 1) //No Spawn
{

*(int*)(ADR_NoSpawnWait) = 0;

}

}
}
//~~~~~~~~~~~~~~~~~~~~~~~~~Hack Ends~~~~~~~~~~~~~~~~~~~~~~~~~~~//

//-------------------------HackThread--------------------------//

DWORD __stdcall HacksLoading(LPVOID param)
{
while (1)
{

PlayerAndServer();
Sleep(100);

}
}

//--------------------------End HackThread---------------------//

//--------------------------End-------------------------------//

BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved)
{
DisableThreadLibraryCalls(hDll);
if (dwReason == DLL_PROCESS_ATTACH)
{

CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HacksLoading , NULL, NULL, NULL);

}
return TRUE;
}

//--------------------------End------------------------------//

You should unlink your DLL from the Process Environment Block.
Just try it on google with "Unlink Module from PEB", because Hackshield is scanning it do detect mapped modules.

aerrow107 · 04/14/2013, 17:30

Quote:

Originally Posted by Cyno™

You should unlink your DLL from the Process Environment Block.
Just try it on google with "Unlink Module from PEB", because Hackshield is scanning it do detect mapped modules.

Hey thanks for your help but I still don't get exactly what you said.I mean that,you said that you need to (like hide the code) to be undetected by the hackshield but I don't know how to do that or what to add to the code that I already did.Any help is appreciated.On google I found information which is unrelated with a warrock hack...

Thanks
Aerrow107.

UPDATE but still the same...Found this PEB on the net:

//Coded by Aerrow107
//Welcome to a WarRock PowerLeveling Bot

//~~~~~~~~~~Functions~~~~~~~~~~//
//~~~Auto Start/Rdy [32 + 64]~~~// Ready
//~~~Auto Enter [32 + 64]~~~// Ready
//~~~Auto C4/Nipper~~~// Ready
//~~~Plant/Defuse Anywhere~~~// Ready
//~~~Quick Plant/Defuse~~~// Ready
//~~~Auto Plant/Defuse~~~// Ready
//~~~No Spawn Wait~~~// Ready
//~~~Gm Warning~~~// Ready

//~~~~~~~End of Functions~~~~~~//

#include <windows.h>
#include <stdio.h>

#define ADR_PlayerPointer 0xA5348C
#define ADR_ServerPointer 0xA5341C
#define ADR_PlantAnywhere 0xA5302E
#define ADR_DefuseAnywhere 0x91BDA4
#define ADR_NoSpawnWait 0xB9D220

#pragma message("Credits : -[---------------------------]-")
#pragma message("Credits : -[By-------(Aerrow107)--------]-")
#pragma message("Credits : -[---------------------------]-")

/* Hotkeys */
/*F9 = On */
/*F10 = Off */
// End of Hotkeys

void HideDLL(HINSTANCE hModule)
{
DWORD dwPEB_LDR_DATA = 0;
_asm
{
pushad;
pushfd;
mov eax, fs:[30h]
mov eax, [eax+0Ch]
mov dwPEB_LDR_DATA, eax

InLoadOrderModuleList:
mov esi, [eax+0Ch]
mov edx, [eax+10h]

LoopInLoadOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+18h]
cmp ecx, hModule
jne SkipA
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp InMemoryOrderModuleList

SkipA:
cmp edx, esi
jne LoopInLoadOrderModuleList

InMemoryOrderModuleList:
mov eax, dwPEB_LDR_DATA
mov esi, [eax+14h]
mov edx, [eax+18h]

LoopInMemoryOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+10h]
cmp ecx, hModule
jne SkipB
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp InInitializationOrderModuleList

SkipB:
cmp edx, esi
jne LoopInMemoryOrderModuleList

InInitializationOrderModuleList:
mov eax, dwPEB_LDR_DATA
mov esi, [eax+1Ch]
mov edx, [eax+20h]

LoopInInitializationOrderModuleList:
lodsd
mov esi, eax
mov ecx, [eax+08h]
cmp ecx, hModule
jne SkipC
mov ebx, [eax]
mov ecx, [eax+4]
mov [ecx], ebx
mov [ebx+4], ecx
jmp Finished

SkipC:
cmp edx, esi
jne LoopInInitializationOrderModuleList

Finished:
popfd;
popad;
}
}

//-----------------------------------------------------------------------------
// Name: Defines()
//-----------------------------------------------------------------------------

int RL_DefuseAnyWhere = 0; // 1 = AutoOn / 0 = Off
int RL_PlantAnyWhere = 0; // 1 = AutoOn / 0 = Off
int RL_NoSpawnWait = 0; // 1 = AutoOn / 0 = Off

//~~~~~~~~~~~~~~~~Hack Start~~~~~~~~~~~~~~~~

void PlayerAndServer() // My Thread that i will add hacks on
{

DWORD dwPlayerPointer = *(DWORD*) ADR_PlayerPointer ; // Define DwPlayerPointer = Bla bla bla
DWORD dwServerPointer = *(DWORD*) ADR_ServerPointer ; // Definde dwServerPoint = Bla bla bla

if(dwPlayerPointer && dwServerPointer !=0)
{

if(GetAsyncKeyState(VK_F9)&1) //On Hotkey
{

RL_PlantAnyWhere = 1;
RL_DefuseAnyWhere = 1;
RL_NoSpawnWait = 1;

}

if(GetAsyncKeyState(VK_F10)&1) //Off Hotkey
{
RL_PlantAnyWhere = 0;
RL_DefuseAnyWhere = 0;
RL_NoSpawnWait = 0;

}

if(RL_PlantAnyWhere == 1) //Plant Anywhere
{

*(BYTE*)(ADR_PlantAnywhere) = 0x1;

}

if(RL_DefuseAnyWhere == 1) //Defuse Anywhere
{

*(WORD*)(ADR_DefuseAnywhere) = 1;

}

if(RL_NoSpawnWait == 1) //No Spawn
{

*(int*)(ADR_NoSpawnWait) = 0;

}
}
}
//~~~~~~~~~~~~~~~~~~~~~~~~~Hack Ends~~~~~~~~~~~~~~~~~~~~~~~~~~~//

//-------------------------HackThread--------------------------//

DWORD __stdcall HacksLoading(LPVOID param)
{
while (1)
{

PlayerAndServer();
Sleep(100);

}
}

//--------------------------End HackThread---------------------//

//--------------------------End-------------------------------//

BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved)
{
DisableThreadLibraryCalls(hDll);
if (dwReason == DLL_PROCESS_ATTACH)
{

CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HacksLoading , NULL, NULL, NULL);

}
return TRUE;
}

//--------------------------End------------------------------//

Cyno™ · 04/15/2013, 07:09

Yes That Funktion Works Nice

Put HideDLL(hDll) into your DllMain

aerrow107 · 04/15/2013, 13:40

Quote:

Originally Posted by Cyno™

Yes That Funktion Works Nice
Put HideDLL(hDll) into your DllMain

Well I tried my best to put it in the DllMain and came up with this final result:
It's still crashing like before...It's crashing at the time when you enter the game.Even before powering it on.

BOOL WINAPI DllMain(HMODULE hDll, DWORD dwReason, LPVOID lpReserved)
{
HideDLL(hDll);
DisableThreadLibraryCalls(hDll);
if (dwReason == DLL_PROCESS_ATTACH)
{

CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)HacksLoading , NULL, NULL, NULL);

}
return TRUE;
}

Lazl07 · 04/18/2013, 08:09

Code:

cTools->WriteMemory((PVOID)0x408311,(LPVOID)"\xC3",1);

Its ****'s up the whole game.
Not crash but aint work totally.
Its OPK.

Kazbah__ · 04/18/2013, 16:47

Do it with 3 addys

Lazl07 · 04/19/2013, 05:24

#Req
New ASM code for EventNews
Thanks.

cheatslaw · 04/19/2013, 16:32

Quote:

Originally Posted by Lazl07

#Req
New ASM code for EventNews
Thanks.

Nothing ever changed?
IT should still be like this:

Code:

void EventNews(char * text)
{
DWORD dwEvent = ADR_EventNews;
{
__asm
{
push text
call dwEvent
pop ecx
}
}

//Credits to me for finding this function + source, etc

Spe@ker · 04/19/2013, 18:39

Quote:
Originally Posted by cheatslaw
Nothing ever changed?
IT should still be like this:
Code:
void EventNews(char * text)
{
DWORD dwEvent = ADR_EventNews;
{
__asm
{
push text
call dwEvent
pop ecx
}
}
//Credits to me for finding this function + source, etc

No work

cheatslaw · 04/19/2013, 19:16

Quote:

Originally Posted by Spe@ker

No work

If you would use the right adress it might work.. xD

xSolidzz · 04/21/2013, 14:59

request: WarRock Positions Logger

~~xRoute66x~~ · 04/21/2013, 17:56

Quote:

Originally Posted by xSolidzz

request: WarRock Positions Logger

Habe sie aus'm Kopf geschrieben , weiß nicht ob's so richtig ist.
Benutze das für meine Konsolenanwendungen

Code:

  
#include <iostream>
#include <fstream>
if (GetAsyncKeyState(...)&1)
{
std::ofstream position;
  position.open("position.txt");
  position << Position_x <<"\n" <<Position_y <<"\n" <<Position_z << std::endl;
  position.close();
}

€:
Oh, besser wäre :

Code:

  
#include <iostream>
#include <fstream>
Position_x = *(float*)(PlayerPointer+OFS_X);
Position_y = *(float*)(PlayerPointer+OFS_Y);
Position_z = *(float*)(PlayerPointer+OFS_Z);
if (GetAsyncKeyState(...)&1)
{
std::ofstream position;
  position.open("position.txt");
  position << Position_x <<"\n" <<Position_y <<"\n" <<Position_z << std::endl;
  position.close();
}