/**********************Battlefield Play4Free************************/
/*************************Working Base******************************/
/**************************12/14/2010*******************************/
/*Credits to: zoomgod, Strife, Winslow, GetModuleHandle, Freaky123**/
/***Patrick, R4z8r, learn_more, doobie, KozmoK, Sparten, smoochy,***/
/**********************Jugga, Vossy, freitag************************/
/****************Creator of this base: 5$andimyours*****************/
/* This is a UC-Forum-ONLY public release.
/* Please do not discuss or share this outside of the UnKnoWnCheaTs forum.
/* This information or any part of it may only be distributed outside of
/* UnKnoWnCheaTs forum in binary/compiled form.
/* Please credit all of the above UC-Forum members for this information.
/*
/* This information is distributed in the hope that it will be useful,
/* but WITHOUT ANY WARRANTY, without even the implied warranty of
/* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. */
#include "BFP4F_Classes.h"
#include "Functions.h"
#include <Tlhelp32.h>
bool lon = false;
HMODULE hmRendDx9Base = NULL;
DWORD dwInitDllBase = NULL;
#define IsPlayerValid(p) ( (p) && (p->Alive) && (p->Soldier) && (p->Soldier->soldier_ptr) /*&& (p->SoldierObj->soldier_ptr->Matrix)*/ )
bool Initialized = false;
LPDIRECT3DDEVICE9 pDevice;
D3DVIEWPORT9 Viewport;
bool Fire = false;
void SetMyCursorPos(FLOAT PosX, FLOAT PosY)
{
//Credits: Razor
FLOAT ScreenX = (float)Viewport.Width/2;
FLOAT ScreenY = (float)Viewport.Height/2;
//PosX -= ScreenX;
//PosY -= ScreenY;
mouse_event( 0x1, PosX, PosY, NULL, NULL );
}
ID3DXFont *pFont;
#define dWhite D3DCOLOR_RGBA(255, 255, 255, 255)
#define dRed D3DCOLOR_RGBA(255, 000, 000, 255)
#define dGreen D3DCOLOR_RGBA(000, 255, 000, 255)
#define dBlue D3DCOLOR_RGBA(000, 000, 255, 255)
#define dBlack D3DCOLOR_RGBA(128, 128, 128, 255)
#define dPurple D3DCOLOR_RGBA(125, 000, 255, 255)
#define dGrey D3DCOLOR_RGBA(128, 128, 128, 255)
#define dYellow D3DCOLOR_RGBA(255, 255, 000, 255)
#define dOrange D3DCOLOR_RGBA(255, 125, 000, 255)
CClassManager* pClassManager;
CRenderer* pRenderer;
CPlayerManager* pPlayerManager;
CPlayer* pLocalPlayer;
CInputManager* pInputManager;
CActionBuffer* pActionBuffer;
DWORD oActionBuffer = 0;
CObjectManager* pObjectManager;
CDebugTextWriter* pDebugTextWriter;
DWORD dwWorldToScreen;
#define PATT_CLASSMANAGER "\x89\x35\x99\x99\x99\x99\xFF\x15\x99\x99\x99\x99\x8B\x0D\x99\x99\x99\x99\x8B\x01"
#define MASK_CLASSMANAGER "xx????xx????xx????xx"
float actionBuffer[64] = {0};
void wtoc(CHAR*, const WCHAR*);
DWORD GetModuleSize(LPSTR strModuleName)
{
MODULEENTRY32 lpme= {0};
DWORD dwSize=0;
DWORD PID=GetCurrentProcessId();
BOOL isMod=0;
char chModName[256];
strcpy(chModName,strModuleName);
_strlwr(chModName);
HANDLE hSnapshotModule=CreateToolhelp32Snapshot(TH32CS_SNAPMODULE ,PID);
if (hSnapshotModule)
{
lpme.dwSize=sizeof(lpme);
isMod=Module32First(hSnapshotModule,&lpme);
while(isMod)
{
char wtocI[256] = {0};
wtoc(wtocI,lpme.szExePath);
if (strcmp(_strlwr(wtocI),chModName))
{
dwSize=(DWORD)lpme.modBaseSize;
CloseHandle(hSnapshotModule);
return dwSize;
}
isMod=Module32Next(hSnapshotModule,&lpme);
}
}
CloseHandle(hSnapshotModule);
return 0;
}
__declspec( naked ) bool WINAPI bWorldToScreen( D3DXVECTOR3* pVecInOut )
{
_asm mov ecx, pDebugTextWriter;
_asm jmp [ dwWorldToScreen ];
}
#define SmoPat "\x81\xEC\x00\x00\x00\x00\xD9\xEE\x8B\x0D\x00\x00\x00\x00\x8B\x01\xD9\x54\x24\x04\x8B\x50\x6C\xD9\x54\x24\x08\x56"
#define SmoMask "xx????xxxx????xxxxxxxxxxxxxx"
DWORD FindPattern(DWORD, DWORD, BYTE*, char*);
bool FindMyWorldToScreen()
{
DWORD dwRendererBase = (DWORD)GetModuleHandle( L"RendDx9.dll" );
//MessageBox(0,L"Before.",L"Victory",0);
DWORD dwRendererSize = GetModuleSize("RendDx9.dll");
//MessageBox(0,L"After.",L"Victory",0);
dwWorldToScreen = FindPattern( dwRendererBase,dwRendererSize,(PBYTE)SmoPat, SmoMask );
if(!dwWorldToScreen)
return false;
return true;
}
DWORD FindPattern(DWORD start_offset, DWORD size, BYTE* pattern, char mask[] )
{
DWORD pos = 0;
int searchLen = strlen(mask) - 1;
for( DWORD retAddress = start_offset; retAddress < start_offset + size; retAddress++ )
{
if( *(BYTE*)retAddress == pattern[pos] || mask[pos] == '?' ){
if( mask[pos+1] == '\0' )
return (retAddress - searchLen);
pos++;
}
else
pos = 0;
}
return NULL;
}
/*CActionBuffer* _stdcall hkActionBuffer()
{
//MessageBox(0,L"F***PB",0,0);
_asm call oActionBuffer;
_asm mov pActionBuffer, eax;
_asm pushad;
if( pActionBuffer )
{
for ( int i = 0; i < 64; i++ )
{
pActionBuffer->inputKeys[ i ] += actionBuffer[ i ];
//actionBuffer[ i ] = 0.0f;
if (GetAsyncKeyState(VK_UP) || (GetAsyncKeyState(VK_UP) && GetAsyncKeyState(0x41)) || (GetAsyncKeyState(VK_UP) && GetAsyncKeyState(0x53)))
{
pActionBuffer->inputKeys[3] = 99999.0f;
}
}
}
_asm popad;
return pActionBuffer;
}//*/
CActionBuffer* hkActionBuffer()
{
__asm call oActionBuffer;
__asm mov pActionBuffer, eax;
__asm pushad;
if(pActionBuffer)
{
for(int i = 0; i < 255; i ++)
{
pActionBuffer->inputKeys[i] += actionBuffer[i];
actionBuffer[i] = 0.0f;
}
}
__asm popad;
return pActionBuffer;
}
int zoomhack = 1;
void HackRoutine()
{
//if (GetAsyncKeyState(VK_NUMPAD1))
// lon = !lon;
//if (Fire)
///{
// mouse_event(MOUSEEVENTF_LEFTDOWN,0,0,0,0);
// Sleep(25);
// mouse_event(MOUSEEVENTF_LEFTUP,0,0,0,0);
// Fire = false;
//}
if (GetAsyncKeyState(VK_ADD)&1)
{
zoomhack += 1;
}
else if (GetAsyncKeyState(VK_SUBTRACT)&1)
{
zoomhack -= 1;
}
}
DWORD WINAPI HookFunctions(LPVOID)
{
while (hmRendDx9Base==NULL)
{
hmRendDx9Base = GetModuleHandle(L"RendDx9.dll");
if (hmRendDx9Base == NULL) Sleep(200);
}
while(dwInitDllBase == NULL)
{
dwInitDllBase = (DWORD)GetProcAddress(hmRendDx9Base, "initDll");
if (dwInitDllBase == NULL) Sleep(200);
}
CloseHandle(hmRendDx9Base);
DWORD dwPointerOffset = FindPattern(dwInitDllBase, dwInitDllBase + 512, (BYTE*)PATT_CLASSMANAGER, MASK_CLASSMANAGER);
DWORD* dwPointerOffset2 = (DWORD*)(dwPointerOffset + 2);
pClassManager = *((CClassManager**)((DWORD)*dwPointerOffset2));
while(pRenderer == NULL)
pRenderer = (CRenderer *)pClassManager->GetClassPointerByName(&string("Renderer"));
while(!pPlayerManager)
pPlayerManager = (CPlayerManager*)pClassManager->GetClassPointerByName( &string("PlayerManager") );
//MessageBoxW(0,L"Woot!",L"Victory",0);
while(!pInputManager)
pInputManager = (CInputManager*)pClassManager->GetClassPointerByName( &string("InputManager") );
while(!pObjectManager)
pObjectManager = (CObjectManager*)pClassManager->GetClassPointerByName( &string("ObjectManager") );
while(!pDebugTextWriter)
pDebugTextWriter = (CDebugTextWriter*) pClassManager->GetClassPointerByName( &string("DebugTextWriter") );
while(!FindMyWorldToScreen())
Sleep(100);
//MessageBoxW(0,L"Woot2!",L"Victory",0);
//oActionBuffer = (DWORD)HookVTableFunction((DWORD**)pInputManager,(PBYTE)&hkActionBuffer,13);
MessageBoxW(0,L"Woot!",L"Victory",0);
//MessageBoxW(0,L"Woot23!",L"Victory",0);
while(1)
{
HackRoutine();
Sleep(2);
}
return 0;
}
typedef HRESULT (WINAPI* tEndScene)(LPDIRECT3DDEVICE9 pDevice);
tEndScene oEndScene;
void Initialize(LPDIRECT3DDEVICE9 pDevice)
{
D3DXCreateFont( pDevice, 10, 0, FW_THIN, 1, 0, DEFAULT_CHARSET, OUT_DEFAULT_PRECIS, ANTIALIASED_QUALITY, DEFAULT_PITCH | FF_DONTCARE, L"Lucida Console", &pFont);
Initialized = true;
}
int GetTextLength ( char *szString, ... )
{
char szText[512];
memset(szText,0,512);
strcpy(szText,szString);
unsigned int i = 0, iStrLen = 0;
while (i < strlen(szText))
{
switch(szText[i])
{
case ' ':
iStrLen += 4;
break;
case 'e':
iStrLen += 6;
break;
case 'i':
iStrLen += 2;
break;
case 'j':
iStrLen += 3;
break;
case 'k':
iStrLen += 6;
break;
case 'l':
iStrLen += 2;
break;
case 'm':
iStrLen += 10;
break;
case 'r':
iStrLen += 4;
case 'v':
iStrLen += 7;
break;
case 'w':
iStrLen += 9;
break;
case 'y':
iStrLen += 7;
break;
case 'A':
iStrLen += 7;
break;
case 'C':
iStrLen += 7;
break;
case 'H':
iStrLen += 7;
break;
case 'I':
iStrLen += 2;
break;
case 'K':
iStrLen += 7;
break;
case 'M':
iStrLen += 9;
break;
case 'O':
iStrLen += 7;
break;
case 'P':
iStrLen += 7;
break;
case 'Q':
iStrLen += 7;
break;
case 'R':
iStrLen += 6;
break;
case 'V':
iStrLen += 7;
break;
case 'W':
iStrLen += 11;
break;
case 'X':
iStrLen += 8;
break;
case 'Y':
iStrLen += 7;
break;
default:
iStrLen += 5;
break;
}
i++;
}
return iStrLen;
}
void wtoc(CHAR* Dest, const WCHAR* Source)
{
int i = 0;
while(Source[i] != '\0')
{
Dest[i] = (CHAR)Source[i];
++i;
}
}
//=====================================================================================
/*
|| ::DESCRIPTION::
|| This function will convert a CHAR string to a WCHAR string.
||
|| Param 1 :: Pointer to a buffer that will contain the converted string. Ensure this
|| buffer is large enough; if not, buffer overrun errors will occur.
|| Param 2 :: Constant pointer to a source CHAR string to be converted to WCHAR
*/
void ctow(WCHAR* Dest, const CHAR* Source)
{
int i = 0;
while(Source[i] != '\0')
{
Dest[i] = (WCHAR)Source[i];
++i;
}
}
void fillrgba( int x, int y, int w, int h, int r, int g,int b,int a)
{
D3DRECT rec = { x, y, x + w, y + h };
pDevice->Clear( 1, &rec, D3DCLEAR_TARGET, D3DCOLOR_ARGB(a,r,g,b), 0, 0 );
}
void Drawopx(int x, int y, int width, int height, int r, int g, int b, int a, int line)
{
fillrgba(x,y+height,width,line,r,g,b,a);
fillrgba(x,y,line,height,r,g,b,a);
fillrgba(x,y,width,line,r,g,b,a);
fillrgba(x+width,y,line,height,r,g,b,a);
}
__inline float GetDistance( const D3DXVECTOR3& From, const D3DXVECTOR3& To )
{
float Angle[3] = {0,0,0};
Angle[0] = To.x-From.x;
Angle[1] = To.y-From.y;
Angle[2] = To.z-From.z;
return sqrtf( Angle[0] * Angle[0] + Angle[1] * Angle[1] + Angle[2] * Angle[2] );
}
CPlayer* GetClosestByCrosshair()
{
FLOAT ScreenX = (FLOAT)Viewport.Width / 2.0f;
FLOAT ScreenY = (FLOAT)Viewport.Height / 2.0f;
FLOAT Nearest = (FLOAT)INT_MAX;
FLOAT PosX = 0.0f, PosY = 0.0f;
CPlayer* saved_target = NULL;
bool AimingAtEnemy = false;
CPlayer* pRet = NULL;
if(!pLocalPlayer)
return 0;
CObject* pLocalInfo = pLocalPlayer->Soldier ? pLocalPlayer->Soldier->soldier_ptr : NULL;
if(!pLocalInfo)
return 0;
for(int i = 0; i < 255; i++)
{
CPlayer* pPlayer = pPlayerManager->GetPlayerByIndex(i);
if (!IsPlayerValid(pPlayer))
continue;
if (pPlayer == pLocalPlayer)
continue;
CObject* pInfo = pPlayer->SoldierObj ? pPlayer->Soldier->soldier_ptr : NULL;
CArmor* pHealth = pInfo->Health;
if(pHealth->fHealth <= 0.0f || !pPlayer->Alive)
continue;
D3DXVECTOR3 vOut;
GET_ORIGIN_FROMMATRIX( &vOut, &pInfo->Matrix );
if( bWorldToScreen(&vOut) )
continue;
PosX = vOut.x > ScreenX ? vOut.x - ScreenX : ScreenX - vOut.x;
PosY = vOut.y > ScreenY ? vOut.y - ScreenY : ScreenY - vOut.y;
FLOAT Temp = sqrt( PosX*PosX + PosY*PosY );
if(Temp > Nearest)
continue;
pRet = pPlayer;
Nearest = Temp;
}
return pRet;
}
float oldzoom;
inline void ZoomHack(float value)
{
pPlayerManager->LocalPlayer->zoom2 = value;
}
HRESULT WINAPI hkEndScene(LPDIRECT3DDEVICE9 pDevice)
{
pDevice->GetViewport(&Viewport);
if(!Initialized)Initialize(pDevice);
pDevice->SetRenderState(D3DRS_FOGENABLE,FALSE);
/*static bool done = false;
if (!done)
{
MessageBox(0,L"One Time On Endscene",0,0);
done = true;
}//*/
//if (IsBadReadPtr(pPlayerManager->LocalPlayer,4)) return oEndScene(pDevice);
if (IsPlayerValid(pPlayerManager->LocalPlayer))
{
//char pLocalInfo[33];
//char Buf1[33];
//itoa(pPlayerManager->LocalPlayer->Soldier->soldier_ptr->Health->fHealth,Buf1,10);
//sprintf(pLocalInfo,"%s [Health: %s]",pPlayerManager->LocalPlayer->Name,Buf1);
//pDebugTextWriter->OutlinedText(10,10,dWhite,&string(pLocalInfo));
for ( int i = 0; i < 255; i++ )
{
//if (IsBadReadPtr(pPlayerManager->GetPlayerByIndex( i ),4)) continue;
//if (!IsPlayerValid(pPlayerManager->GetPlayerByIndex( i ))) continue;
if (IsPlayerValid(pPlayerManager->GetPlayerByIndex( i )))
{
if( pPlayerManager->GetPlayerByIndex( i ) == pPlayerManager->LocalPlayer )
continue;
static float oldzoom = pPlayerManager->LocalPlayer->zoom2;
#ifdef __ZOOMHACK__
ZoomHack((float)zoomhack);
char zh[16];
sprintf(zh,"Zoomhack is %d",zoomhack);
pDebugTextWriter->OutlinedText(10,10,dWhite,&string(zh));
#endif
D3DXVECTOR3 lpOrigin, tpOrigin;
GET_ORIGIN_FROMMATRIX(&lpOrigin, &pPlayerManager->LocalPlayer->Soldier->soldier_ptr->Matrix);
GET_ORIGIN_FROMMATRIX(&tpOrigin, &pPlayerManager->GetPlayerByIndex( i )->Soldier->soldier_ptr->Matrix);
if(!tpOrigin || !lpOrigin || !pPlayerManager->GetPlayerByIndex( i )->Name || !pPlayerManager->GetPlayerByIndex( i )->Soldier->soldier_ptr->Health)
continue;
float flDistance = GetDistance(tpOrigin, lpOrigin);
char PlayerInfo[512];
char Buf[33];
itoa(pPlayerManager->GetPlayerByIndex( i )->Soldier->soldier_ptr->Health->fHealth,Buf,10);
sprintf( PlayerInfo, "[%.0f m] %s [Health: %s]", flDistance, pPlayerManager->GetPlayerByIndex( i )->Name,Buf);
if(pPlayerManager->GetPlayerByIndex( i )->Soldier->soldier_ptr->Health->fHealth <= 0.0f)
continue;
if( tpOrigin )
{
if(bWorldToScreen(&tpOrigin))
{
if(pPlayerManager->GetPlayerByIndex( i )->Team != pPlayerManager->LocalPlayer->Team)
{
pDebugTextWriter->OutlinedText( tpOrigin.x - ( GetTextLength(PlayerInfo) ) / 2, tpOrigin.y - 20, dRed, &string(PlayerInfo));
RECT rect;
rect.left = tpOrigin.x - ( GetTextLength(PlayerInfo) ) / 2;
rect.top = tpOrigin.y - 20;
Drawopx( tpOrigin.x - 250/flDistance, tpOrigin.y - (450/flDistance), 450/flDistance, 1050/flDistance,255 , 000,000, 255, 1);
}
/*if (GetAsyncKeyState(VK_RBUTTON)&1)
{
POINT vecc;
GetCursorPos(&vecc);
FLOAT PosX = 0.0f, PosY = 0.0f;
FLOAT GPosX = 0.0f, GPosY = 0.0f;
int modex = 0;
int modey = 0;
D3DXVECTOR3 tpOrigi;
for (int g = 0; g < 255; g++)
{
if (IsPlayerValid(pPlayerManager->GetPlayerByIndex(g)))
{
if (pPlayerManager->GetPlayerByIndex(g) != pPlayerManager->LocalPlayer)
{
if(( pPlayerManager->GetPlayerByIndex( i )->Name || pPlayerManager->GetPlayerByIndex( i )->Soldier->soldier_ptr->Health ) && (pPlayerManager->GetPlayerByIndex( i )->Soldier->soldier_ptr->Health->fHealth > 0.0f))
{
GET_ORIGIN_FROMMATRIX(&tpOrigi,&pPlayerManager->GetPlayerByIndex(g)->Soldier->soldier_ptr->Matrix);
FLOAT ScreenX = (FLOAT)Viewport.Width / 2.0f;
FLOAT ScreenY = (FLOAT)Viewport.Height / 2.0f;
FLOAT Nearest = (FLOAT)INT_MAX;
if (tpOrigi)
{
if ( bWorldToScreen(&tpOrigi))
{
PosX = tpOrigi.x > ScreenX ? tpOrigi.x - ScreenX : ScreenX - tpOrigi.x;
PosY = tpOrigi.y > ScreenY ? tpOrigi.y - ScreenY : ScreenY - tpOrigi.y;
modex = tpOrigi.x > ScreenX ? 2 : 1;
modey = tpOrigi.y > ScreenY ? 2 : 1;
FLOAT Temp = sqrt( PosX*PosX + PosY*PosY );
if (Temp <= Nearest)
{
Nearest = Temp;
GPosX = PosX;
GPosY = PosY;
}
}
}
}
}
}
}
if (PosX && PosY)
{
if (GPosX != 0 && GPosY != 0)
{
if (modex == 1)
{
GPosX += vecc.x;
}
if (modex == 2)
{
GPosX -= vecc.x;
}
if (modey == 1)
{
GPosY += vecc.y;
}
if (modey == 2)
{
GPosY -= vecc.y;
}
SetMyCursorPos(GPosX,GPosY);
}
}
}//*/
/*if (lon == true)
{
pDebugTextWriter->OutlinedText(10,10,dWhite,&string("Triggerbot = on"));
FLOAT vX, vY;
vX = Viewport.Width/2;
vY = Viewport.Height/2;
FLOAT PosX = tpOrigin.x > vX ? tpOrigin.x - vX : vX - tpOrigin.x;
FLOAT PosY = tpOrigin.y > vY ? tpOrigin.y - vY : vY - tpOrigin.y;
#ifdef __O__
if ((tpOrigin.x - 250/flDistance < PosX || tpOrigin.y + 450/flDistance > PosY) && (tpOrigin.x - (450/flDistance-1050/flDistance) < PosX || tpOrigin.y + (1050/flDistance-250/flDistance) > PosY))
#else
if ((tpOrigin.x - 250/flDistance < vX || tpOrigin.y + 450/flDistance > vY) && (tpOrigin.x - (450/flDistance-1050/flDistance) < vX || tpOrigin.y + (1050/flDistance-250/flDistance) > vY))
#endif
{
Fire = true;
}
}
else
{
pDebugTextWriter->OutlinedText(10,10,dWhite,&string("Triggerbot = off"));
}//*/
if(pPlayerManager->GetPlayerByIndex( i )->Team == pPlayerManager->LocalPlayer->Team)
{
pDebugTextWriter->OutlinedText( tpOrigin.x - ( GetTextLength(PlayerInfo) ) / 2, tpOrigin.y - 20, dBlue, &string(PlayerInfo));
RECT rect;
rect.left = tpOrigin.x - ( GetTextLength(PlayerInfo) ) / 2;
rect.top = tpOrigin.y - 20;
Drawopx( tpOrigin.x - 250/flDistance, tpOrigin.y - (450/flDistance), 450/flDistance, 1050/flDistance, 000, 000, 255,255, 1);
}
}
}
}
}
}
return oEndScene(pDevice);
}
DWORD WINAPI D3DHook(LPVOID)
{
while(hmRendDx9Base == NULL){hmRendDx9Base = GetModuleHandleA("RendDX9.dll");Sleep(250);}
CloseHandle(hmRendDx9Base);
while(pDevice == NULL)
pDevice = (LPDIRECT3DDEVICE9)pRenderer->pDirect3Ddev;
DWORD* GameDevice = (DWORD*)pDevice;
GameDevice = (DWORD*)GameDevice[0];
//MessageBox(0,L"Hooking Endscene",0,0);
while (!oEndScene)
oEndScene = (tEndScene) DetourFunction( (PBYTE)GameDevice[42], (PBYTE)&hkEndScene );
return 0;
}
BOOL APIENTRY DllMain( HMODULE hModule, DWORD ulReason, LPVOID lpReserved )
{
switch (ulReason)
{
case DLL_PROCESS_ATTACH:
{
CreateThread( 0, 0, D3DHook, 0, 0, 0 );
CreateThread( 0, 0, HookFunctions, 0, 0, 0 );
}
break;
case DLL_THREAD_DETACH:
break;
}
return TRUE;
}
English
