OldSchoolHack

Register / Login English

WarZ v1.0 simple hack

Download (9.00 KB)

VirusTotal Result: 1/46

virustotal

Description

Full Source Hack for WarZ v1.0. Please keep in mind use it on your own risk.

Credits: Zooom and s0beit

TEXT Code:
  1. #include <Windows.h>
  2. #include <stdio.h>
  3. #include <conio.h>
  4. #include <d3d9.h>
  5. #include <d3dx9.h>
  6. #pragma comment(lib, "d3d9.lib")
  7. #pragma comment(lib, "d3dx9.lib")
  8.  
  9. #define PI 3.141
  10. #define Yellow  D3DCOLOR_ARGB( 255, 255, 255, 000 )
  11.  
  12. typedef HRESULT ( WINAPI * DrawIPrim )( LPDIRECT3DDEVICE9, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT );
  13.  
  14. VOID Jump( DWORD Address, DWORD Your_Detour );
  15.  
  16. DWORD Old = NULL;
  17.  
  18. LPDIRECT3DDEVICE9 pDev;
  19. LPDIRECT3D9 pD3D;
  20.  
  21. D3DVIEWPORT9 Viewport;
  22. DrawIPrim pDrawIPrim = NULL;
  23.  
  24. DWORD dwEndscene_hook = NULL;
  25. DWORD dwEndscene_ret = NULL;
  26. DWORD dwDIP_hook = NULL;
  27. DWORD dwDIP_ret = NULL;
  28. DWORD dwReset_hook = NULL;
  29. DWORD dwReset_ret = NULL;
  30. DWORD bJump = NULL;
  31.  
  32. LPD3DXFONT pFont=NULL;
  33. LPD3DXLINE pLine=NULL;
  34.  
  35. HMODULE D3D9 = NULL;
  36.  
  37.  
  38. VOID RenderString(LPDIRECT3DDEVICE9 pDev, int x, int y, DWORD color, LPD3DXFONT g_pFont, const char *fmt, ...)
  39. {
  40. if( !pFont )
  41.     D3DXCreateFontA( pDev,13,0,FW_BOLD,1,0,DEFAULT_CHARSET,OUT_DEFAULT_PRECIS,DEFAULT_QUALITY,DEFAULT_PITCH | FF_DONTCARE,"Arial", &pFont );
  42.  
  43. if(!g_pFont)
  44. return;
  45.  
  46. RECT FontPos = { x, y, x + 50, y + 50};
  47. char buf[1024] = {'\0'};
  48. va_list va_alist;
  49.  
  50. va_start(va_alist, fmt);
  51. vsprintf_s(buf, fmt, va_alist);
  52. va_end(va_alist);
  53.  
  54. pDev->SetRenderState( D3DRS_ZENABLE,false );
  55. pDev->SetRenderState( D3DRS_FILLMODE,D3DFILL_SOLID );
  56. g_pFont->DrawTextA(NULL, buf, -1, &FontPos, DT_NOCLIP, color);
  57. pDev->SetRenderState( D3DRS_ZENABLE, true );
  58. pDev->SetRenderState( D3DRS_FILLMODE,D3DFILL_SOLID );
  59. }
  60. VOID FillRGB(LPDIRECT3DDEVICE9 pDev,int x, int y, int w, int h, DWORD color )
  61. {
  62. D3DRECT rec = { x, y, x + w, y + h };
  63. pDev->Clear( 1, &rec, D3DCLEAR_TARGET, color, 0, 0 );
  64. }
  65. VOID RenderBox(LPDIRECT3DDEVICE9 pDev, int x, int y, int w, int h, int px, DWORD color, DWORD color2)
  66. {
  67. //box
  68. FillRGB(pDev, x, y, w, h, color);
  69. //border
  70. FillRGB(pDev,  x, (y + h - px), w, px,color2);
  71. FillRGB(pDev,  x, y, px, h,color2 );
  72. FillRGB(pDev,  x, y, w, px,color2);
  73. FillRGB(pDev,  x + w - px), y, px, h,color2);
  74. }
  75.  
  76. VOID RenderCircle(LPDIRECT3DDEVICE9 pDev,int X, int Y, int radius, int numSides, DWORD Color)
  77. {
  78.  
  79. if (!pLine)
  80. D3DXCreateLine(pDev, &pLine);
  81.  
  82. D3DXVECTOR2 Line[128];
  83. float Step = (float)(PI * 2.0 / numSides);
  84. int Count = 0;
  85. for (float a=0; a < PI*2.0; a += Step)
  86. {
  87. float X1 = radius * cos(a) + X;
  88. float Y1 = radius * sin(a) + Y;
  89. float X2 = radius * cos(a+Step) + X;
  90. float Y2 = radius * sin(a+Step) + Y;
  91. Line[Count].x = X1;
  92. Line[Count].y = Y1;
  93. Line[Count+1].x = X2;
  94. Line[Count+1].y = Y2;
  95. Count += 2;
  96. }
  97.  
  98. pLine->Begin();
  99. pLine->Draw(Line,Count,Color);
  100. pLine->End();
  101. pLine->Release();
  102. }
  103. VOID RenderCross(LPDIRECT3DDEVICE9 pDev, DWORD color, int i)
  104. {
  105. pDev->GetViewport( &Viewport );
  106. DWORD ScreenCenterX = (Viewport.Width / 2);
  107. DWORD ScreenCenterY = (Viewport.Height / 2);
  108. D3DRECT rec1 = {ScreenCenterX-i, ScreenCenterY, ScreenCenterX+ i, ScreenCenterY+1};
  109. D3DRECT rec2 = {ScreenCenterX, ScreenCenterY-i, ScreenCenterX+ 1,ScreenCenterY+i};
  110.  
  111. pDev->Clear( 1, &rec1, D3DCLEAR_TARGET, color, 0, 0 );
  112. pDev->Clear( 1, &rec2, D3DCLEAR_TARGET, color, 0, 0 );
  113.  
  114. //RenderCircle(pDev, ScreenCenterX, ScreenCenterY, i+3,i+3, color);
  115. }
  116. bool IsMenuOn =false;
  117. VOID WINAPI hkEndScene(LPDIRECT3DDEVICE9 pDev )
  118. {
  119. __asm nop
  120.  
  121. if((GetAsyncKeyState(VK_DELETE) & 0x1))
  122. IsMenuOn = !IsMenuOn;
  123.  
  124. RenderString(pDev, 5, 5, Yellow, pFont, "[BugZ v1.0] Press Delete to turn Chams On/Off ");
  125.  
  126. if (IsMenuOn){
  127. RenderCross(pDev, Yellow, 15);
  128. }
  129.  
  130.  
  131.  
  132. }
  133. __declspec(naked) void MyEndscene( )
  134. {
  135.   __asm
  136.   {
  137.      MOV DWORD PTR SS:[EBP-0x10],ESP
  138.      MOV ESI,DWORD PTR SS:[EBP+0x8]
  139.      XOR EBX,EBX                  //replace patched code
  140.      PUSHFD
  141.      PUSHAD
  142.      PUSH [EBP+0x8]
  143.      CALL hkEndScene;
  144.      POPAD
  145.      POPFD
  146.      CMP ESI,EBX                  //replace patched code
  147.      jmp dwEndscene_ret;            //jump back to normal endscene
  148.   }
  149. }
  150.  
  151. VOID SetModelColor(LPDIRECT3DDEVICE9 pDev, float r, float g, float b, float a, float glowr, float glowg, float glowb, float glowa)
  152. {
  153.    float lightValues[4] = {r, g, b, a};
  154.    float glowValues[4] = {glowr, glowg, glowb, glowa};
  155.  
  156.    pDev->SetPixelShaderConstantF(1, lightValues, 1);
  157.    pDev->SetPixelShaderConstantF(3, glowValues, 1);
  158. }
  159.  
  160. VOID WINAPI hkDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDev, D3DPRIMITIVETYPE Type, INT BIndex, UINT MIndex, UINT NVertices, UINT SIndex, UINT PCount )
  161. {
  162.  
  163.   bJump = TRUE;
  164.   LPDIRECT3DVERTEXBUFFER9 Stream_Data;
  165.   UINT Offset = 0;
  166.   UINT Stride = 0;
  167.   if( pDev->GetStreamSource( 0, &Stream_Data, &Offset, &Stride ) == S_OK )Stream_Data->Release();
  168.  
  169.   if (IsMenuOn)
  170. {
  171. // Disable fog
  172. pDev->SetRenderState(D3DRS_FOGENABLE, false);
  173. // Fullbright
  174. pDev->SetRenderState(D3DRS_LIGHTING, FALSE);
  175. pDev->SetRenderState(D3DRS_AMBIENT,D3DCOLOR_ARGB(255,255,255,255));
  176.  
  177. switch (Stride)
  178. {
  179. case 20: // Buildings
  180. //pDev->SetRenderState(D3DRS_ALPHABLENDENABLE,TRUE);
  181. pDev->SetRenderState(D3DRS_DESTBLEND,D3DBLEND_INVSRCALPHA); // Transparency
  182. break;
  183. case 32: // Players and Zombies
  184. //PlayerChams
  185. pDev->SetRenderState(D3DRS_LIGHTING, FALSE); // Wallhack
  186.                pDev->SetRenderState(D3DRS_ZENABLE, FALSE);
  187.                SetModelColor(pDev, 1.0f, 0.0f, 0.0f, 0.50f, 1.5f, 1.5f, 1.5f, 1.5f);  
  188. pDrawIPrim( pDev, Type, BIndex, MIndex, NVertices, SIndex, PCount );
  189.                pDev->SetRenderState(D3DRS_ZENABLE, TRUE);
  190. break;
  191. default:
  192. break;
  193. }
  194. }
  195. bJump = FALSE;
  196. }
  197. __declspec(naked) void MyDIP( )
  198. {
  199.   __asm
  200.   {
  201.      MOV EDI,DWORD PTR SS:[EBP+0x8]
  202.      XOR EBX,EBX                  
  203.      CMP EDI,EBX                  // replace patched code
  204.      PUSHFD
  205.      PUSHAD
  206.      MOV EDX,[bJump]
  207.      CMP EDX,0x0
  208.      JG DONE
  209.      PUSH [EBP+0x20]               // Push arguments of DIP
  210.      PUSH [EBP+0x1C]      
  211.      PUSH [EBP+0x18]      
  212.      PUSH [EBP+0x14]      
  213.      PUSH [EBP+0x10]      
  214.      PUSH [EBP+0x0C]      
  215.      PUSH [EBP+0x08]      
  216.      CALL hkDrawIndexedPrimitive
  217.      DONE: POPAD
  218.      POPFD
  219.      jmp dwDIP_ret;               // jump back to normal DIP
  220.   }
  221. }
  222.  
  223. VOID WINAPI hkReset( )
  224. {
  225.   if( pFont != NULL )
  226.      if( pFont->Release( ) == S_OK )
  227.  pFont = NULL;
  228.  
  229. }
  230. __declspec(naked) void MyReset( )
  231. {
  232.   __asm
  233.   {
  234.      PUSHAD
  235.      PUSHFD
  236.      CALL hkReset
  237.      POPFD
  238.      POPAD
  239.      MOV ESI,DWORD PTR SS:[EBP-0x08]
  240.      MOV EDI,DWORD PTR SS:[EBP-0x04]
  241.      POP EBX
  242.      JMP dwReset_ret
  243.   }
  244. }
  245.  
  246. VOID WINAPI GETD3D( VOID )
  247. {
  248.  
  249. HWND ConsoleWindow = GetConsoleWindow( );
  250.    ShowWindow( ConsoleWindow, SW_HIDE ); // hide ConsoleWindow...
  251.  
  252.  
  253.   while( D3D9 == NULL )
  254.   {
  255.      D3D9 = GetModuleHandleA( "d3d9.dll" );
  256.      Sleep( 100 );
  257.   }
  258.  
  259.    D3DPRESENT_PARAMETERS D3D_PP = {0};
  260.    IDirect3D9 * (WINAPI *oDirect3DCreate9)(UINT SDKVersion);
  261.  
  262.  
  263.   *(PDWORD)&oDirect3DCreate9 = (DWORD)GetProcAddress( D3D9, "Direct3DCreate9" );
  264.  
  265.   _cprintf( "Direct3DCreate9\n" );
  266.   pD3D = oDirect3DCreate9( D3D_SDK_VERSION );
  267.  
  268.   D3D_PP.Windowed = TRUE;
  269.   D3D_PP.SwapEffect = D3DSWAPEFFECT_DISCARD;
  270.   D3D_PP.BackBufferFormat = D3DFMT_UNKNOWN;
  271.  
  272.   _cprintf( "CreateDevice\n" );
  273.   pD3D->CreateDevice( D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL,ConsoleWindow, D3DCREATE_SOFTWARE_VERTEXPROCESSING, &D3D_PP, &pDev );
  274.  
  275.   PDWORD VTABLE = *(DWORD**)pDev;
  276.  
  277.   dwEndscene_hook = VTABLE[42] + 0x2A;
  278.   dwEndscene_ret = dwEndscene_hook + 0x0A;
  279.   dwDIP_hook = VTABLE[82] + 0x2D;
  280.   dwDIP_ret = dwDIP_hook + 0x7;
  281.   dwReset_hook = VTABLE[16] + 165;
  282.   dwReset_ret = dwReset_hook + 0x7;
  283.  
  284.   *(PDWORD)&pDrawIPrim = (DWORD)VTABLE[82];
  285.  
  286.   _cprintf( "Jump\n" );
  287.   Jump( (DWORD)dwEndscene_hook, (DWORD)MyEndscene );
  288.   Jump( (DWORD)dwDIP_hook, (DWORD)MyDIP );
  289.   Jump( (DWORD)dwReset_hook, (DWORD)MyReset );
  290.  
  291.   _cprintf( "Done\n" );
  292.   Sleep( 400 );
  293.   pDev->Release( );
  294.   pD3D->Release( );
  295.   FreeConsole( );
  296. }
  297.  
  298. VOID Jump( DWORD Address, DWORD Your_Detour )
  299. {
  300.   VirtualProtect( (LPVOID)Address, 5, PAGE_EXECUTE_READWRITE, &Old );
  301.  
  302.   *(PBYTE)Address = (BYTE)0xE9;
  303.   *(PDWORD)(Address + 1) = ( Your_Detour - Address - 5) ;
  304.   VirtualProtect( (LPVOID)Address, 5, Old, &Old );
  305. }
  306.  
  307. BOOL WINAPI DllMain( HINSTANCE hModule, DWORD dwReason, LPVOID lpvReserved )
  308. {
  309.   if( dwReason == DLL_PROCESS_ATTACH )
  310.   {
  311.      DisableThreadLibraryCalls( hModule );
  312.      AllocConsole( );
  313.      _cprintf( "Ready\n" );
  314.      CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)
  315.         GETD3D, NULL, NULL, NULL);
  316.   }
  317.   return TRUE;
  318. }

Download WarZ v1.0 simple hack
There are no posts in this thread.