English
|
Thema: MemHack Frage | |
|
Anmeldungsdatum: Nov 2008 Beiträge: 24 |
Ich habe einen NameTag Source Code gefunden. Ich glaube nicht dass er hier detouring verwendet hat, oder? main.cpp: #include <windows.h> #include "main.h" bool Nametags=true; // used to see if nametags is on or not. int __stdcall DllMain(void* Module, unsigned long Reason, void* Reserved) { if(Reason == 1) // if injected do code below.. { Modification(1); // turn on memory modifications return 1; } return 1; } void __stdcall Modification(unsigned int arg){ if(arg == 1){ DWORD Protection; // nametags VirtualProtect((void*)lpteamc, 6, PAGE_READWRITE, &Protection); memcpy((void*)lpteamc, (const void*)Six, 6); // nop it VirtualProtect((void*)lpteamc, 6, Protection, 0); //distance (visibility) VirtualProtect((void*)lpdist, 2, PAGE_READWRITE, &Protection); memcpy((void*)lpdist, (const void*)Two, 2); // nop it VirtualProtect((void*)lpdist, 2, Protection, 0); } } main.h: #define teams 0x42E090 // Where the function starts int lpteamc = teams + 0xDC; // Team Check (disable to draw both) int lpdist = teams + 0xFE; // Distance check, if drawn through walls etc // Nop'd values kekeke unsigned char Two[2] = { 0x90, 0x90 }; unsigned char Six[6] = { 0x90, 0x90, 0x90, 0x90, 0x90, 0x90 }; // Original values (if you want to make an on/off toggle etc unsigned char NameTags[6] = { 0x0F, 0x85, 0xCE, 0x00, 0x00, 0x00 }; unsigned char Distance[2] = { 0x74, 0x25 }; // memory init func proto void __stdcall Modification(unsigned int); //proto // This is the ollydbg info: (this is 1.0 INFO) /* 0042E19C |. 0F85 CE000000 |JNZ iw3mp.0042E270 0042DE94 |. 0F85 09020000 JNZ iw3mp.0042E0A3 0042E19C 0F84 CE000000 JE iw3mp.0042E270 0042DE94 0F84 09020000 JE iw3mp.0042E0A3 */ __________________  |
|
| BeneCrack ist offline | ||
