Full Undetected DIP Base

Тема в разделе Crossfire Исходники, создана пользователем ERROR404, 19 янв 2014.

Войдите для ответа
  1. ERROR404 Администратор

    ERROR404
    Статус:
    Вне сети
    Тестировалось на Windows 7


    XOR.h



    #ifndef _XOR_H
    #define _XOR_H
    template <int XORSTART, int BUFLEN, int XREFKILLER>
    
    class XorStr
    {
    private: 
    	XorStr();
    public: 
    	char s[BUFLEN];
    
    	XorStr(const char * xs);
    
    	~XorStr()
    	{
    		for (int i = 0; i<BUFLEN; i++) s[i] = 0; 
    	}
    };
    
    template <int XORSTART, int BUFLEN, int XREFKILLER>
    XorStr<XORSTART,BUFLEN,XREFKILLER>::XorStr (const char * xs)
    {
    	int xvalue = XORSTART;
    	int i = 0;
    
    	for (; i < (BUFLEN - 1); i++) 
    	{
    		s[i] = xs[i - XREFKILLER] ^ xvalue;
    		xvalue += 1;
    		xvalue %= 256;
    	}
    
    	s[BUFLEN - 1] = 0;
    }
    
    
    #define eCShell		XorStr<0xBB,11,0xEC676C84>("\xF8\xEF\xD5\xDB\xD3\xAC\xEF\xA6\xAF\xA8"+0xEC676C84).s
    #define eClient		XorStr<0x19,13,0x4464E51F>("\x5A\x76\x72\x79\x73\x6A\x59\x78\x0F\x44\x5B\x40"+0x4464E51F).s
    #define ed3d9		/*d3d9.dll*/XorStr<0xB9,9,0x64C42EE0>("\xDD\x89\xDF\x85\x93\xDA\xD3\xAC"+0x64C42EE0).s
    #define eCF			/*crossfire.exe*/XorStr<0x52,14,0x2F5C6EF5>("\x31\x21\x3B\x26\x25\x31\x31\x2B\x3F\x75\x39\x25\x3B"+0x2F5C6EF5).s
    
    #endif






    main.h





    bool Match(const BYTE* pData, const BYTE* bMask, const char* szMask)
    {
        for(;*szMask;++szMask,++pData,++bMask)
            if(*szMask=='x' && *pData!=*bMask ) 
                return false;
        return (*szMask) == NULL;
    }
    
    DWORD FindPattern(DWORD dwAddress,DWORD dwLen,BYTE *bMask,char * szMask)
    {
        for(DWORD i=0; i<dwLen; i++)
            if(Match((BYTE*)(dwAddress + i), bMask, szMask))
                return (DWORD)(dwAddress+i);
        return 0;
    }
    
    void MakeJMP(BYTE *pAddress, DWORD dwJumpTo, DWORD dwLen)
    {
        DWORD dwOldProtect, dwBkup, dwRelAddr;
        VirtualProtect(pAddress, dwLen, PAGE_EXECUTE_READWRITE, &dwOldProtect);
        dwRelAddr = (DWORD) (dwJumpTo - (DWORD) pAddress) - 5;
        *pAddress = 0xE9;
        *((DWORD *)(pAddress + 0x1)) = dwRelAddr;
        for(DWORD x = 0x5; x < dwLen; x++) *(pAddress + x) = 0x90;
    	VirtualProtect(pAddress, dwLen, dwOldProtect, &dwBkup);
        return;
    }









    main.cpp





    #include <Windows.h>
    #include <d3d9.h>
    #include "XOR.h"
    #include "main.h"
    
    DWORD retMyDIP;
    
    #define sWeapon 36
    #define sMap 24
    #define sSkyWalls 28
    #define sBody 44
    #define sHead 40
    
    void D3Dfunktionen (LPDIRECT3DDEVICE9 pDevice)
    {
    	IDirect3DVertexBuffer9* pStreamData = NULL; 
    	UINT iOffsetInBytes,iStride;  
    	pDevice->GetStreamSource(0,&pStreamData,&iOffsetInBytes,&iStride); 
    
    	if(iStride == sBody || iStride == sHead || iStride == sWeapon)
    	{
    		pDevice->SetRenderState(D3DRS_ZENABLE, D3DZB_FALSE);//WallHack
    	}
    }
    
    __declspec(naked) HRESULT WINAPI MyDIP()
    {
    	static LPDIRECT3DDEVICE9 pDevice;
    
    	__asm
    	{
    		MOV EDI,EDI
    		PUSH EBP
    		MOV EBP,ESP
    		MOV EAX,DWORD PTR SS:[EBP + 0x8]
    		MOV pDevice,EAX
    	}
    	D3Dfunktionen(pDevice);
    	__asm
    	{
    		JMP retMyDIP
    	}
    }
    
    void Hook ()
    {
    	DWORD hD3D = (DWORD)LoadLibrary(ed3d9);
    	DWORD *vtbl;
    
    	DWORD adr = FindPattern(hD3D, 0x128000, (PBYTE)"\xC7\x06\x00\x00\x00\x00\x89\x86\x00\x00\x00\x00\x89\x86", "xx????xx????xx");
    	if(adr)
    	{
    		memcpy(&vtbl,(void*)(adr + 2),4);
    		retMyDIP = vtbl[147] + 0x5;
    		MakeJMP((PBYTE)vtbl[147],(DWORD)MyDIP,0x5);
    	}
    }
    
    extern "C" 
    {
        BOOL WINAPI DllMain (HINSTANCE hinstDLL, DWORD fdwReason, LPVOID lpvReserved)
        {
            switch (fdwReason)
            {
            case DLL_PROCESS_ATTACH:
    			CreateThread(0,0,(LPTHREAD_START_ROUTINE)Hook,0,0,0);
                break;
            }
            return true;
        }
    }
    [/CODE]
     
    19 янв 2014 #1
Загрузка...
Похожие темы
  1. ERROR404
    Ответов:
    3
    Просмотров:
    1.099
Top