Ваш ключ: необходима авторизация | MyProxy - бесплатный обменник валидных прокси между пользователями форума.

BunnyHop [Source Code]

Тема в разделе CS GO Исходники, создана пользователем WALLBANGERPRO, 8 июн 2016.

Войдите для ответа
  1. WALLBANGERPRO Звукорежиссер

    WALLBANGERPRO
    Статус:
    Вне сети
    Сообщения:
    1.140
    Симпатии:
    330
    Регистрация:
    24.02.16
    #ifndef PROCMEM_H //If Not Defined#define PROCMEM_H //Define Now
    
    
    #define WIN32_LEAN_AND_MEAN //Excludes Headers We Wont Use (Increase Compile Time)
    
    
    #include <windows.h> //Standard Windows Functions/Data Types
    #include <iostream> //Constains Input/Output Functions (cin/cout etc..)
    #include <TlHelp32.h> //Contains Read/Write Functions
    #include <string> //Support For Strings
    #include <sstream> //Supports Data Conversion
    
    
    class ProcMem {
    protected:
    
    
        //STORAGE
        HANDLE hProcess;
        DWORD dwPID, dwProtection, dwCaveAddress;
    
    
        //MISC
        BOOL bPOn, bIOn, bProt;
    
    
    public:
    
    
        //MISC FUNCTIONS
        ProcMem();
        ~ProcMem();
        int chSizeOfArray(char *chArray); //Return Size Of External Char Array
        int iSizeOfArray(int *iArray); //Return Size Of External Int Array
        bool iFind(int *iAry, int iVal); //Return Boolean Value To Find A Value Inside An Int Array
    
    
    #pragma region TEMPLATE MEMORY FUNCTIONS
    
    
                                         //REMOVE READ/WRITE PROTECTION
        template <class cData>
        void Protection(DWORD dwAddress)
        {
            if (!bProt)
                VirtualProtectEx(hProcess, (LPVOID)dwAddress, sizeof(cData), PAGE_EXECUTE_READWRITE, &dwProtection); //Remove Read/Write Protection By Giving It New Permissions
            else
                VirtualProtectEx(hProcess, (LPVOID)dwAddress, sizeof(cData), dwProtection, &dwProtection); //Restore The Old Permissions After You Have Red The dwAddress
    
    
            bProt = !bProt;
        }
    
    
        //READ MEMORY
        template <class cData>
        cData Read(DWORD dwAddress)
        {
            cData cRead; //Generic Variable To Store Data
            ReadProcessMemory(hProcess, (LPVOID)dwAddress, &cRead, sizeof(cData), NULL); //Win API - Reads Data At Specified Location
            return cRead; //Returns Value At Specified dwAddress
        }
    
    
        //READ MEMORY - Pointer
        template <class cData>
        cData Read(DWORD dwAddress, char *Offset, BOOL Type)
        {
            //Variables
            int iSize = iSizeOfArray(Offset) - 1; //Size Of *Array Of Offsets
            dwAddress = Read<DWORD>(dwAddress); //HEX VAL
    
    
                                                //Loop Through Each Offset & Store Hex Value (Address)
            for (int i = 0; i < iSize; i++)
                dwAddress = Read<DWORD>(dwAddress + Offset[i]);
    
    
            if (!Type)
                return dwAddress + Offset[iSize]; //FALSE - Return Address
            else
                return Read<cData>(dwAddress + Offset[iSize]); //TRUE - Return Value
        }
    
    
        //WRITE MEMORY
        template <class cData>
        void Write(DWORD dwAddress, cData Value)
        {
            WriteProcessMemory(hProcess, (LPVOID)dwAddress, &Value, sizeof(cData), NULL);
        }
    
    
        //WRITE MEMORY - Pointer
        template <class cData>
        void Write(DWORD dwAddress, char *Offset, cData Value)
        {
            Write<cData>(Read<cData>(dwAddress, Offset, false), Value);
        }
    
    
        //MEMORY FUNCTION PROTOTYPES
        virtual void Process(char* ProcessName); //Return Handle To The Process
        virtual void Patch(DWORD dwAddress, char *chPatch_Bts, char *chDefault_Bts); //Write Bytes To Specified Address
        virtual void Inject(DWORD dwAddress, char *chInj_Bts, char *chDef_Bts, BOOL Type); //Jump To A Codecave And Write Memory
        virtual DWORD AOB_Scan(DWORD dwAddress, DWORD dwEnd, char *chPattern); //Find A Byte Pattern
        virtual DWORD Module(LPSTR ModuleName); //Return Module Base Address
        DWORD FindPattern(DWORD start, DWORD size, LPCSTR sig, LPCSTR mask);
        DWORD FindPatternArray(DWORD start, DWORD size, LPCSTR mask, int count, ...);
        bool DataCompare(const BYTE* pData, const BYTE* pMask, LPCSTR pszMask);
    #pragma endregion 
    
    
    };
    #endif
    
    
    
    
    #pragma once
    #pragma once
    #pragma once
    
    


    #include "ProcMem.h"
    
    using namespace std;
    
    
    #pragma region Misc Functions
    
    
    ProcMem::ProcMem() {
    //Constructor For Class, Do Not Remove!
    }
    
    
    ProcMem::~ProcMem() {
    //De-Constructor
    //Clean Up! (Close Handle - Not Needed Anymore)
    CloseHandle(hProcess);
    }
    
    
    /* This Function Returns The Length Of External Char Arrays, SizeOf(Array) Fails For External Arrays. */
    int ProcMem::chSizeOfArray(char *chArray) {
    
    
    //Loop Through *chArray To Get Amount Of Bytes
    for (int iLength = 1; iLength < MAX_PATH; iLength++)
    if (chArray[iLength] == '*')
    return iLength;
    setlocale(LC_ALL, "Russian");
    cout << "\nОШИБКА:Не удалось прочитать длину массива\n";
    return 0;
    }
    
    
    /* This Function Returns The Length Of External Int Arrays, SizeOf(Array) Fails For External Arrays. */
    int ProcMem::iSizeOfArray(int *iArray) {
    
    
    //Loop Through *chArray To Get Amount Of Bytes
    for (int iLength = 1; iLength < MAX_PATH; iLength++)
    if (iArray[iLength] == '*')
    return iLength;
    setlocale(LC_ALL, "Russian");
    cout << "\nОШИБКА:Не удалось прочитать длину массива\n";
    return 0;
    }
    
    
    /* This Function Finds The Specified Value Inside Of Arrays And Returns A Boolean Value,
    /* Used For Triggerbot To Find The Current Crosshair Entity i_NearEntity Inside The Enemy Array. */
    bool ProcMem::iFind(int *iAry, int iVal) {
    
    
    for (int i = 0; i < 64; i++)
    if (iVal == iAry[i] && iVal != 0)
    return true;
    
    
    return false;
    }
    
    
    #pragma endregion
    
    
    #pragma region Memory Functions
    
    
    /* This Function Will Return A Handle To The Process So We Can Write & Read Memeory From The Process. */
    void ProcMem::Process(char* ProcessName) {
    
    
    //Variables
    HANDLE hPID = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS, NULL); //Snapshot To View All Active Processes
    PROCESSENTRY32 ProcEntry;
    ProcEntry.dwSize = sizeof(ProcEntry); //Declare Structure Size And Populate It
    
    
    //Loop Through All Running Processes To Find Process
    do
    if (!strcmp(ProcEntry.szExeFile, ProcessName))
    {
    //Store Process ID
    dwPID = ProcEntry.th32ProcessID;
    CloseHandle(hPID);
    
    
    //Give Our Handle All Access Rights
    hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, dwPID);
    return;
    }
    while (Process32Next(hPID, &ProcEntry));
    setlocale(LC_ALL, "Russian");
    cout << "\n Игра не запущена\n\n\n";
    system("PAUSE");
    exit(0);
    }
    
    
    /* This Function Will Write Specified Bytes To The Address, And Can Also Be Reverted Back To Normal
    /* Just Call It Again As It Works On A Boolean. */
    void ProcMem::Patch(DWORD dwAddress, char *Patch_Bts, char *Default_Bts) {
    
    
    //Variables
    int iSize = chSizeOfArray(Default_Bts);
    
    
    //Loop Through Addresses Writing Bytes
    if (!bPOn)
    for (int i = 0; i < iSize; i++)
    Write<BYTE>(dwAddress + i, Patch_Bts[i]);
    else
    for (int i = 0; i < iSize; i++)
    Write<BYTE>(dwAddress + i, Default_Bts[i]);
    
    
    bPOn = !bPOn;
    }
    
    
    /* This Function Is Similiar To Cheat Engine's Code Injection Function, It's Able To Create JMP's
    /* To A Codecave And Write New Memory. Untested CALL Command */
    void ProcMem::Inject(DWORD dwAddress, char *Inj_Bts, char *Def_Bts, BOOL Type) {
    
    
    //Variables
    int i_ISize = chSizeOfArray(Inj_Bts);
    int i_DSize = chSizeOfArray(Def_Bts);
    
    
    if (!bIOn)
    {
    //NOP All Bytes In The Array Past The 5th Byte
    if (i_DSize > 5)
    for (int i = 6; i < i_DSize; i++)
    Write<BYTE>(dwAddress + i, 0x90);
    else { setlocale(LC_ALL, "Russian"); cout << "\nИНЖЕКТ: По умолчанию байтов не должно быть больше 5"; return; }
    
    
    //Create Codecave
    dwCaveAddress = (DWORD)VirtualAllocEx(hProcess, NULL, i_ISize + 5, MEM_COMMIT | MEM_RESERVE, PAGE_EXECUTE_READWRITE);
    
    
    //Calculate Jmp/Return Distances In Bytes To Write
    DWORD dwRetJmp = (dwAddress + i_DSize) - dwCaveAddress - 5; //(NextInstruction - CaveAddress - 5) - is correct equation.
    DWORD dwBaseJmp = dwCaveAddress - dwAddress - 5; //Base Jmp
    
    
    //Loop Through Each Address Writing Inj_Bts Inside The Codecave
    for (int i = 0; i <= i_ISize; i++)
    Write<BYTE>(dwCaveAddress + i, Inj_Bts[i]);
    
    
    //Write The Return Distance In Bytes (E9 = Jmp | E8 = Call) To The Original Address
    Write<BYTE>(dwCaveAddress + i_ISize, Type ? 0xE9 : 0xE8);
    Write<DWORD>(dwCaveAddress + i_ISize + 1, dwRetJmp);
    
    
    //Write The Jump From The Original Address To The Codecave
    Write<BYTE>(dwAddress, Type ? 0xE9 : 0xE8);
    Write<DWORD>(dwAddress + 1, dwBaseJmp);
    
    
    }
    else {
    //Restore Original Bytes
    for (int i = 0; i < i_DSize; i++)
    Write<BYTE>(dwAddress + i, Def_Bts[i]);
    
    
    //Clean Up! (DeAllocate CodeCave)
    VirtualFreeEx(hProcess, (LPVOID)dwCaveAddress, i_ISize + 5, MEM_DECOMMIT);
    }
    bIOn = !bIOn;
    }
    
    
    /* Basic Byte Scanner, Will Return The Start Address Of The Specififed Byte Pattern.
    /* To-Do: Re-Write Using Memory_Page Functions To Grab Blocks Of Memory And Scan
    /* It Inside This Console, Maybe Study Multi-Threading For Faster Scanning. */
    DWORD ProcMem::AOB_Scan(DWORD dwAddress, DWORD dwEnd, char *Bytes) {
    
    
    //VARIABLES
    int iBytesToRead = 0, iTmp = 0;
    int length = chSizeOfArray(Bytes);
    bool bTmp = false;
    
    
    //Check If The Start Of The Array Has Wildcards, So We Can Change The Count
    if (Bytes[0] == '?')
    {
    for (; iBytesToRead < MAX_PATH; iBytesToRead++)
    if (Bytes[iBytesToRead] != '?')
    {
    iTmp = (iBytesToRead + 1);
    break;
    }
    }
    
    
    //Increase Start Address Till It Reaches The End Address While Reading Bytes
    for (; dwAddress < dwEnd; dwAddress++)
    {
    if (iBytesToRead == length)
    return dwAddress - iBytesToRead;
    
    
    if (Read<BYTE>(dwAddress) == Bytes[iBytesToRead] || (bTmp && Bytes[iBytesToRead] == '?'))
    {
    iBytesToRead++;
    bTmp = true;
    }
    else
    {
    iBytesToRead = iTmp;
    bTmp = false;
    }
    }
    setlocale(LC_ALL, "Russian");
    cout << "\nAOB_SCAN: Не удалось найти byte pattern\n";
    return 0;
    }
    
    
    /* Returns The Base Address Of The Specified Module Inside The Target Process
    /* e.g.[ Module("client.dll"); ]. */
    DWORD ProcMem::Module(LPSTR ModuleName) {
    
    
    //Variables
    HANDLE hModule = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, dwPID); //Take A Module Snapshot Of The Process (Grab All Loaded Modules)
    MODULEENTRY32 mEntry; //Declare Module Entry Structure
    mEntry.dwSize = sizeof(mEntry); //Declare Structure Size And Populate It With Loaded Modules
    
    
    //Scan For Module By Name
    do
    if (!strcmp(mEntry.szModule, ModuleName))
    {
    CloseHandle(hModule);
    return (DWORD)mEntry.modBaseAddr;
    }
    while (Module32Next(hModule, &mEntry));
    setlocale(LC_ALL, "Russian");
    cout << "\nНе найден client.dll..\n";
    return 0;
    
    
    }
    
    
    #pragma endregion
    
    


    #include <iostream>#include "ProcMem.h"
    
    
    #define FL_ONGROUND ( 1 << 0 )
    
    
    using std::cout;
    ProcMem Mem;
    
    
    DWORD Client;
    DWORD Base;
    DWORD dwLocal = 0xA834DC;
    DWORD dwFlags = 0x100;
    DWORD dwJump = 0x4F33AA8;
    
    
    bool bBunnyHop = true;
    
    
    void Toggle() {
    if (GetAsyncKeyState(VK_DELETE)) {
    bBunnyHop = !bBunnyHop;
    if (bBunnyHop)
    cout << "\n > Bunny Hop Enabled";
    else
    cout << "\n > Bunny Hop Disabled";
    Sleep(300);
    }
    }
    
    
    struct Data {
    DWORD Base() {
    return Mem.Read<DWORD>(Client + dwLocal);
    }
    int Jump() {
    return Mem.Read<int>(Client + dwJump);
    }
    int Flags() {
    return Mem.Read<int>(Base() + dwFlags);
    }
    }Data;
    
    
    void BunnyHop() {
    if (bBunnyHop) {
    if (Data.Jump() == 5)
    while (GetAsyncKeyState(VK_SPACE) & 0x8000) {
    if (Data.Flags() & FL_ONGROUND)
    Mem.Write<int>(Client + dwJump, 5);
    else
    Mem.Write<int>(Client + dwJump, 4);
    }
    }
    }
    
    
    int main()
    {
    Mem.Process("csgo.exe");
    Client = Mem.Module("client.dll");
    SetConsoleTitle("Simple BunnyHop for CS:GO");
    cout << "\n\n Simple BunnyHop for CS:GO\n Delete - On/Off BunnyHop\n cod3d by SP1K3\n";
    while (true) {
    Toggle();
    BunnyHop();
    Sleep(1);
    }
    }
    



    :download:
     
    8 июн 2016 #1
  2. GOVARD Заблокирован

    GOVARD
    Статус:
    Вне сети
    Сообщения:
    30
    Симпатии:
    6
    Регистрация:
    01.06.15
    Автор - SP1K3.
    Приятного просмотра.
     
    19 июл 2016 #2
  3. averyhugemen Новорег

    averyhugemen
    Статус:
    Вне сети
    Сообщения:
    1
    Симпатии:
    0
    Регистрация:
    15.08.16
    ещё бы его найти на ютубе :D
     
    15 авг 2016 #3
Top