Join Date: Aug 2007
Posts: 8643
User-Rating:
|
Kategorie: Counter-Strike: Source
Entwickler: keybode
Beschreibung:
Features:
- BunnyHop
- Auto-updating offsets
Credits:
- Forza (FindPattern)
CPP Code: #include <Windows.h> #include <iostream> #include <TlHelp32.h> #define FL_ONGROUND (1<<0) using namespace std; HWND css; int iFlags; DWORD dwBasePointer; HANDLE hProcess; DWORD m_hClient; DWORD pID; DWORD GetModuleSize(char* module) { HANDLE hSnap; MODULEENTRY32 xModule; hSnap = CreateToolhelp32Snapshot(TH32CS_SNAPMODULE, pID); xModule.dwSize = sizeof(MODULEENTRY32); if (Module32First(hSnap, &xModule)) { while (Module32Next(hSnap, &xModule)) { if (!strncmp((char*)xModule.szModule, module, 8)) { CloseHandle(hSnap); return (DWORD)xModule.modBaseSize; } } } CloseHandle(hSnap); return 0; } DWORD GetModuleBase(LPSTR lpModuleName, DWORD dwProcessId) { MODULEENTRY32 lpModuleEntry = {0}; HANDLE hSnapShot = CreateToolhelp32Snapshot( TH32CS_SNAPMODULE, dwProcessId); if(!hSnapShot) return NULL; lpModuleEntry.dwSize = sizeof(lpModuleEntry); BOOL bModule = Module32First( hSnapShot, &lpModuleEntry ); while(bModule) { if(!strcmp(lpModuleEntry.szModule, lpModuleName ) ) { CloseHandle( hSnapShot ); return (DWORD)lpModuleEntry.modBaseAddr; } bModule = Module32Next( hSnapShot, &lpModuleEntry ); } CloseHandle( hSnapShot ); return NULL; } void SetDebugPrivilege() { HANDLE hProcess=GetCurrentProcess(), hToken; TOKEN_PRIVILEGES priv; LUID luid; OpenProcessToken(hProcess, TOKEN_ADJUST_PRIVILEGES, &hToken); LookupPrivilegeValue(0, "seDebugPrivilege", &luid); priv.PrivilegeCount = 1; priv.Privileges[0].Luid = luid; priv.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED; AdjustTokenPrivileges(hToken, false, &priv, 0, 0, 0); CloseHandle(hToken); CloseHandle(hProcess); } bool bDataCompare(const BYTE* pData, const BYTE* bMask, const char* szMask) { for(;*szMask;++szMask,++pData,++bMask) if(*szMask=='x' && *pData!=*bMask ) return false; return (*szMask) == NULL; } DWORD dwFindPattern( BYTE* pData, DWORD dwSize, BYTE* bMask, char* szMask ) { for ( int i = 0; i < dwSize; i ++ ) if ( bDataCompare( (BYTE*)( pData + i ), bMask, szMask ) ) return i; return NULL; } DWORD FindPattern( DWORD dwAddress, DWORD dwSize, PBYTE pbSignature, char* pszSignature ) { DWORD dwTemp = dwAddress; BYTE pBuf[ 2048 ] = { 0 }; do { if ( ReadProcessMemory( hProcess, ( PVOID )dwTemp, pBuf, 2048, NULL ) == FALSE ) { printf("External FindPattern RPM : Error!\n"); return NULL; } else { DWORD dwDelta = dwFindPattern( pBuf, 2048, pbSignature, pszSignature ); if ( dwDelta ) return dwTemp + dwDelta; dwTemp += 2048 - strlen(pszSignature); } } while ( true ); return NULL; } DWORD dwBaseEntity; DWORD dwFlags; DWORD dwJump; void offset() { DWORD client_size = GetModuleSize("client.dll"); PBYTE LocalBase_sig = (PBYTE)"\x39\x35\x00\x00\x00\x00\x8B\xCF\x0F\x94\xC2"; char *LocalBase = "xx????xxxxx"; DWORD LocalBase_temp = FindPattern(m_hClient, client_size, LocalBase_sig, LocalBase) + 0x2; ReadProcessMemory(hProcess, (PBYTE*)LocalBase_temp, &dwBaseEntity, sizeof(DWORD), NULL); PBYTE m_fFlags_sig = (PBYTE)"\x68\x00\x00\x00\x00\x68\x00\x00\x00\x00\x68\x00\x00\x00\x00\xE8\x00\x00\x00\x00\x83\xC4\x30\x68\x00\x00\x00\x00\x6A\x07"; char *m_fFlags = "x????x????x????x????xxxx????xx"; DWORD m_fFlags_temp = 0x0; m_fFlags_temp = FindPattern(m_hClient, client_size, m_fFlags_sig, m_fFlags) + 0x1; ReadProcessMemory(hProcess, (PBYTE*)m_fFlags_temp, &dwFlags, 2, NULL); PBYTE jump_sig = (PBYTE)"\x74\x06\x21\x05\x00\x00\x00\x00\xF6\x05\x4C\x13\x31\x51\x03\x74\x03"; char *jump = "xxxx????xxxxxxxxx"; DWORD jump_temp = FindPattern(m_hClient, client_size, jump_sig, jump) + 0x4; ReadProcessMemory(hProcess, (PBYTE*)jump_temp, &dwJump, sizeof(DWORD), NULL); } void Read() { while(true) { Sleep(1); ReadProcessMemory(hProcess, (PBYTE*)dwBaseEntity, &dwBasePointer, sizeof(DWORD), NULL); ReadProcessMemory(hProcess, (PBYTE*)(dwBasePointer + dwFlags), &iFlags, sizeof(int), NULL); } } int five = 5; int four = 4; void BunnyHop(void) { while(true) { Sleep(1); if(!GetAsyncKeyState(32)) { Sleep(10); continue; } WriteProcessMemory(hProcess, (PBYTE*)dwJump, &four, sizeof(int), NULL); if(iFlags & FL_ONGROUND) { WriteProcessMemory(hProcess, (PBYTE*)dwJump, &five, sizeof(int), NULL); Sleep(10); } } } DWORD GetProcId(const char* ProcName) { PROCESSENTRY32 pe32; HANDLE hSnapshot = NULL; pe32.dwSize = sizeof( PROCESSENTRY32 ); hSnapshot = CreateToolhelp32Snapshot( TH32CS_SNAPPROCESS, 0 ); if( Process32First( hSnapshot, &pe32 ) ) { do{ if( strcmp(pe32.szExeFile, ProcName) == 0 ) break; }while( Process32Next( hSnapshot, &pe32 ) ); } if( hSnapshot != INVALID_HANDLE_VALUE ) CloseHandle( hSnapshot ); return pe32.th32ProcessID; } int main(HINSTANCE hInstance) { SetConsoleTitle("External BunnyHop"); while(!FindWindow(NULL, "Counter-Strike Source")) Sleep(10); while(!pID) { pID = GetProcId("hl2.exe");Sleep(100); } while(!hProcess) { hProcess = OpenProcess(PROCESS_ALL_ACCESS, false, pID);Sleep(100); } while(!m_hClient) { m_hClient = GetModuleBase("client.dll", pID);Sleep(100); } offset(); printf("Scan result:\n"); printf(" [+] LocalBaseEntity: [0x%X]\n", dwBaseEntity - m_hClient); printf(" [+] m_fFlags: [0x%X]\n", dwFlags); printf(" [+] Jump State: [0x%X]\n", dwJump - m_hClient); CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)Read, NULL, NULL, NULL); CreateThread(NULL, NULL, (LPTHREAD_START_ROUTINE)BunnyHop, NULL, NULL, NULL); while(FindWindow(NULL, "Counter-Strike Source")) Sleep(10); return 1337; }
Download:
[CSS] External BunnyHop [Auto-Update] Fixed
|
Deutsch
