program TF2Wallhack;
uses
windows,
SysUtils,
Messages,
TlHelp32;
type
tagKBDLLHOOKSTRUCT = record
vkCode: DWORD;
scanCode: DWORD;
flags: DWORD;
time: DWORD;
dwExtraInfo: DWORD;
end;
TKbDllHookStruct = tagKBDLLHOOKSTRUCT;
PKbDllHookStruct = ^TKbDllHookStruct;
const
WH_KEYBOARD_LL = 13;
var
hkeyhook: HHOOK;
function KeyEvent(code: integer; wParam: word; lParam: longword): longword; stdcall; forward;
exports Keyevent;
function GetProcessID(strProcessName : string):DWORD;
var
dwRet : DWORD;
hSnapShot : THandle;
ProcessEntry : PROCESSENTRY32;
bFlag : BOOL;
begin
dwRet := 0;
hSnapshot := CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if(hSnapshot <> INVALID_HANDLE_VALUE) then
begin
FillChar(ProcessEntry,sizeof(PROCESSENTRY32),0);
ProcessEntry.dwSize := sizeof(PROCESSENTRY32);
bFlag := Process32First(hSnapshot,ProcessEntry);
while (bFlag) do
begin
if Pos(UpperCase(strProcessName), UpperCase(ProcessEntry.szExeFile)) <> 0 then
begin
dwRet := ProcessEntry.th32ProcessID;
break;
end;
ProcessEntry.dwSize := sizeof(PROCESSENTRY32);
bFlag := Process32Next(hSnapshot,ProcessEntry);
end;
CloseHandle(hSnapshot);
end;
result := dwRet;
end;
function IsShift(Ch: Char): Boolean;
begin
Result := False;
if Ord(Ch) in [33,34,36..42,47,58,59,61,63,65..90,96,167] then
Result := True;
end;
function GetModuleBase(hProcID: Cardinal; lpModName: PChar):Cardinal;
var
hSnap: Cardinal;
tm: TModuleEntry32;
begin
result := 0;
hSnap := CreateToolHelp32Snapshot(TH32CS_SNAPMODULE, hProcID);
if hSnap <> 0 then
begin
tm.dwSize := sizeof(TModuleEntry32);
if Module32First(hSnap, tm) = true then
begin
while Module32Next(hSnap, tm) = true do
begin
if lstrcmpi(tm.szModule, lpModName) = 0 then
begin
result := Cardinal(tm.modBaseAddr);
break;
end;
end;
end;
CloseHandle(hSnap);
end;
end;
function KeyEvent(code: integer; wParam: word; lParam: longword): longword; stdcall;
var
szKeyName: array[0..255] of Char;
hooked: TKbDllHookStruct;
dwMsg: DWORD;
i: integer;
Value, HandleWindow : Integer;
Read : cardinal;
begin
if (code = HC_ACTION) then
begin
CopyMemory(@hooked,Pointer(lParam),sizeof(TKbDllHookStruct));
dwMsg := 1;
dwMsg := dwMsg + (hooked.scanCode shl 16);
dwMsg := dwMsg + (hooked.flags shl 24);
ZeroMemory(@szKeyName,sizeof(szKeyName));
szKeyName[0]:='[';
i := GetKeyNameText(dwMsg, szKeyName+1, sizeof(szKeyName))+1;
szKeyName[i]:=']';
If (szKeyName='[Shift]') Then
Begin
If ((wParam = WM_SYSKEYDOWN) or (wParam = WM_KEYDOWN)) then
Begin
HandleWindow:=OpenProcess(PROCESS_ALL_ACCESS,False, GetProcessID('hl2.exe'));
If HandleWindow<>0 then
Begin
Value:=2;
WriteProcessMemory(HandleWindow,Ptr(GetModuleBase(GetProcessID('hl2.exe'),'client.dll')+$8A2D58),@Value,4,Read); // r_drawothermodels 2
CloseHandle(HandleWindow);
End;
End;
If ( (wParam = WM_SYSKEYUP) or (wParam = WM_KEYUP)) then
Begin
HandleWindow:=OpenProcess(PROCESS_ALL_ACCESS,False, GetProcessID('hl2.exe'));
If HandleWindow<>0 then
Begin
Value:=1;
WriteProcessMemory(HandleWindow,Ptr(GetModuleBase(GetProcessID('hl2.exe'),'client.dll')+$8A2D58),@Value,4,Read); // r_drawothermodels 1
CloseHandle(HandleWindow);
End;
End;
End;
end;
Result := CallNextHookEx(hkeyhook,code,wParam,lParam);
end;
procedure MsgLoop();
var
msg: tagMsg;
begin
while GetMessage(msg, 0, 0, 0) do
begin
TranslateMessage(msg);
DispatchMessage(msg);
end;
end;
function KeyLogger(lpParameter: Pointer): DWORD; stdcall;
var
hExe: HINST;
begin
Hexe := GetModuleHandle(nil);
if (hExe = 0) then
hExe := LoadLibrary(PChar(lpParameter));
if hExe = 0 then begin
result := 1;
exit;
end;
hkeyhook := SetWindowsHookEx(WH_KEYBOARD_LL, @Keyevent, hExe, 0);
MsgLoop();
UnhookWindowsHookEx(hKeyHook);
Result := 1;
end;
var
hThread: Hwnd;
dwThread: DWORD;
begin
hThread := CreateThread( nil, 0, @KeyLogger, nil, 0, dwThread);
if (hthread <> 0) then
begin
WaitForSingleObject(hThread,INFINITE);
end;
end.
Deutsch