OldSchoolHack

Registrieren / Anmelden Deutsch

WarZ v1.0 simple hack

icon Thema: [Release] WarZ v1.0 simple hack

Anmeldungsdatum: Aug 2007

Beiträge: 8643

Benutzer-Bewertung:

199 positiv
33 negativ
Full Source Hack for WarZ v1.0. Please keep in mind use it on your own risk.

Credits: Zooom and s0beit

CPP Code:
  1. #include <Windows.h>
  2. #include <stdio.h>
  3. #include <conio.h>
  4. #include <d3d9.h>
  5. #include <d3dx9.h>
  6. #pragma comment(lib, "d3d9.lib")
  7. #pragma comment(lib, "d3dx9.lib")
  8.  
  9. #define PI 3.141
  10. #define Yellow D3DCOLOR_ARGB( 255, 255, 255, 000 )
  11.  
  12. typedef HRESULT ( WINAPI * DrawIPrim )( LPDIRECT3DDEVICE9, D3DPRIMITIVETYPE, INT, UINT, UINT, UINT, UINT );
  13.  
  14. VOID Jump( DWORD Address, DWORD Your_Detour );
  15.  
  16. DWORD Old = NULL;
  17.  
  18. LPDIRECT3DDEVICE9 pDev;
  19. LPDIRECT3D9 pD3D;
  20.  
  21. D3DVIEWPORT9 Viewport;
  22. DrawIPrim pDrawIPrim = NULL;
  23.  
  24. DWORD dwEndscene_hook = NULL;
  25. DWORD dwEndscene_ret = NULL;
  26. DWORD dwDIP_hook = NULL;
  27. DWORD dwDIP_ret = NULL;
  28. DWORD dwReset_hook = NULL;
  29. DWORD dwReset_ret = NULL;
  30. DWORD bJump = NULL;
  31.  
  32. LPD3DXFONT pFont=NULL;
  33. LPD3DXLINE pLine=NULL;
  34.  
  35. HMODULE D3D9 = NULL;
  36.  
  37.  
  38. VOID RenderString(LPDIRECT3DDEVICE9 pDev, int x, int y, DWORD color, LPD3DXFONT g_pFont, const char *fmt, ...)
  39. {
  40. if( !pFont )
  41. D3DXCreateFontA( pDev,13,0,FW_BOLD,1,0,DEFAULT_CHARSET,OUT_DEFAULT_PRECIS,DEFAULT_QUALITY,DEFAULT_PITCH | FF_DONTCARE,"Arial", &pFont );
  42.  
  43. if(!g_pFont)
  44. return;
  45.  
  46. RECT FontPos = { x, y, x + 50, y + 50};
  47. char buf[1024] = {'\0'};
  48. va_list va_alist;
  49.  
  50. va_start(va_alist, fmt);
  51. vsprintf_s(buf, fmt, va_alist);
  52. va_end(va_alist);
  53.  
  54. pDev->SetRenderState( D3DRS_ZENABLE,false );
  55. pDev->SetRenderState( D3DRS_FILLMODE,D3DFILL_SOLID );
  56. g_pFont->DrawTextA(NULL, buf, -1, &FontPos, DT_NOCLIP, color);
  57. pDev->SetRenderState( D3DRS_ZENABLE, true );
  58. pDev->SetRenderState( D3DRS_FILLMODE,D3DFILL_SOLID );
  59. }
  60. VOID FillRGB(LPDIRECT3DDEVICE9 pDev,int x, int y, int w, int h, DWORD color )
  61. {
  62. D3DRECT rec = { x, y, x + w, y + h };
  63. pDev->Clear( 1, &rec, D3DCLEAR_TARGET, color, 0, 0 );
  64. }
  65. VOID RenderBox(LPDIRECT3DDEVICE9 pDev, int x, int y, int w, int h, int px, DWORD color, DWORD color2)
  66. {
  67. //box
  68. FillRGB(pDev, x, y, w, h, color);
  69. //border
  70. FillRGB(pDev, x, (y + h - px), w, px,color2);
  71. FillRGB(pDev, x, y, px, h,color2 );
  72. FillRGB(pDev, x, y, w, px,color2);
  73. FillRGB(pDev, (x + w - px), y, px, h,color2);
  74. }
  75.  
  76. VOID RenderCircle(LPDIRECT3DDEVICE9 pDev,int X, int Y, int radius, int numSides, DWORD Color)
  77. {
  78.  
  79. if (!pLine)
  80. D3DXCreateLine(pDev, &pLine);
  81.  
  82. D3DXVECTOR2 Line[128];
  83. float Step = (float)(PI * 2.0 / numSides);
  84. int Count = 0;
  85. for (float a=0; a < PI*2.0; a += Step)
  86. {
  87. float X1 = radius * cos(a) + X;
  88. float Y1 = radius * sin(a) + Y;
  89. float X2 = radius * cos(a+Step) + X;
  90. float Y2 = radius * sin(a+Step) + Y;
  91. Line[Count].x = X1;
  92. Line[Count].y = Y1;
  93. Line[Count+1].x = X2;
  94. Line[Count+1].y = Y2;
  95. Count += 2;
  96. }
  97.  
  98. pLine->Begin();
  99. pLine->Draw(Line,Count,Color);
  100. pLine->End();
  101. pLine->Release();
  102. }
  103. VOID RenderCross(LPDIRECT3DDEVICE9 pDev, DWORD color, int i)
  104. {
  105. pDev->GetViewport( &Viewport );
  106. DWORD ScreenCenterX = (Viewport.Width / 2);
  107. DWORD ScreenCenterY = (Viewport.Height / 2);
  108. D3DRECT rec1 = {ScreenCenterX-i, ScreenCenterY, ScreenCenterX+ i, ScreenCenterY+1};
  109. D3DRECT rec2 = {ScreenCenterX, ScreenCenterY-i, ScreenCenterX+ 1,ScreenCenterY+i};
  110.  
  111. pDev->Clear( 1, &rec1, D3DCLEAR_TARGET, color, 0, 0 );
  112. pDev->Clear( 1, &rec2, D3DCLEAR_TARGET, color, 0, 0 );
  113.  
  114. //RenderCircle(pDev, ScreenCenterX, ScreenCenterY, i+3,i+3, color);
  115. }
  116. bool IsMenuOn =false;
  117. VOID WINAPI hkEndScene(LPDIRECT3DDEVICE9 pDev )
  118. {
  119. __asm nop
  120.  
  121. if((GetAsyncKeyState(VK_DELETE) & 0x1))
  122. IsMenuOn = !IsMenuOn;
  123.  
  124. RenderString(pDev, 5, 5, Yellow, pFont, "[BugZ v1.0] Press Delete to turn Chams On/Off ");
  125.  
  126. if (IsMenuOn){
  127. RenderCross(pDev, Yellow, 15);
  128. }
  129.  
  130.  
  131.  
  132. }
  133. __declspec(naked) void MyEndscene( )
  134. {
  135. __asm
  136. {
  137. MOV DWORD PTR SS:[EBP-0x10],ESP
  138. MOV ESI,DWORD PTR SS:[EBP+0x8]
  139. XOR EBX,EBX //replace patched code
  140. PUSHFD
  141. PUSHAD
  142. PUSH [EBP+0x8]
  143. CALL hkEndScene;
  144. POPAD
  145. POPFD
  146. CMP ESI,EBX //replace patched code
  147. jmp dwEndscene_ret; //jump back to normal endscene
  148. }
  149. }
  150.  
  151. VOID SetModelColor(LPDIRECT3DDEVICE9 pDev, float r, float g, float b, float a, float glowr, float glowg, float glowb, float glowa)
  152. {
  153. float lightValues[4] = {r, g, b, a};
  154. float glowValues[4] = {glowr, glowg, glowb, glowa};
  155.  
  156. pDev->SetPixelShaderConstantF(1, lightValues, 1);
  157. pDev->SetPixelShaderConstantF(3, glowValues, 1);
  158. }
  159.  
  160. VOID WINAPI hkDrawIndexedPrimitive(LPDIRECT3DDEVICE9 pDev, D3DPRIMITIVETYPE Type, INT BIndex, UINT MIndex, UINT NVertices, UINT SIndex, UINT PCount )
  161. {
  162.  
  163. bJump = TRUE;
  164. LPDIRECT3DVERTEXBUFFER9 Stream_Data;
  165. UINT Offset = 0;
  166. UINT Stride = 0;
  167. if( pDev->GetStreamSource( 0, &Stream_Data, &Offset, &Stride ) == S_OK )Stream_Data->Release();
  168.  
  169. if (IsMenuOn)
  170. {
  171. // Disable fog
  172. pDev->SetRenderState(D3DRS_FOGENABLE, false);
  173. // Fullbright
  174. pDev->SetRenderState(D3DRS_LIGHTING, FALSE);
  175. pDev->SetRenderState(D3DRS_AMBIENT,D3DCOLOR_ARGB(255,255,255,255));
  176.  
  177. switch (Stride)
  178. {
  179. case 20: // Buildings
  180. //pDev->SetRenderState(D3DRS_ALPHABLENDENABLE,TRUE);
  181. pDev->SetRenderState(D3DRS_DESTBLEND,D3DBLEND_INVSRCALPHA); // Transparency
  182. break;
  183. case 32: // Players and Zombies
  184. //PlayerChams
  185. pDev->SetRenderState(D3DRS_LIGHTING, FALSE); // Wallhack
  186. pDev->SetRenderState(D3DRS_ZENABLE, FALSE);
  187. SetModelColor(pDev, 1.0f, 0.0f, 0.0f, 0.50f, 1.5f, 1.5f, 1.5f, 1.5f);
  188. pDrawIPrim( pDev, Type, BIndex, MIndex, NVertices, SIndex, PCount );
  189. pDev->SetRenderState(D3DRS_ZENABLE, TRUE);
  190. break;
  191. default:
  192. break;
  193. }
  194. }
  195. bJump = FALSE;
  196. }
  197. __declspec(naked) void MyDIP( )
  198. {
  199. __asm
  200. {
  201. MOV EDI,DWORD PTR SS:[EBP+0x8]
  202. XOR EBX,EBX
  203. CMP EDI,EBX // replace patched code
  204. PUSHFD
  205. PUSHAD
  206. MOV EDX,[bJump]
  207. CMP EDX,0x0
  208. JG DONE
  209. PUSH [EBP+0x20] // Push arguments of DIP
  210. PUSH [EBP+0x1C]
  211. PUSH [EBP+0x18]
  212. PUSH [EBP+0x14]
  213. PUSH [EBP+0x10]
  214. PUSH [EBP+0x0C]
  215. PUSH [EBP+0x08]
  216. CALL hkDrawIndexedPrimitive
  217. DONE: POPAD
  218. POPFD
  219. jmp dwDIP_ret; // jump back to normal DIP
  220. }
  221. }
  222.  
  223. VOID WINAPI hkReset( )
  224. {
  225. if( pFont != NULL )
  226. if( pFont->Release( ) == S_OK )
  227. pFont = NULL;
  228.  
  229. }
  230. __declspec(naked) void MyReset( )
  231. {
  232. __asm
  233. {
  234. PUSHAD
  235. PUSHFD
  236. CALL hkReset
  237. POPFD
  238. POPAD
  239. MOV ESI,DWORD PTR SS:[EBP-0x08]
  240. MOV EDI,DWORD PTR SS:[EBP-0x04]
  241. POP EBX
  242. JMP dwReset_ret
  243. }
  244. }
  245.  
  246. VOID WINAPI GETD3D( VOID )
  247. {
  248.  
  249. HWND ConsoleWindow = GetConsoleWindow( );
  250. ShowWindow( ConsoleWindow, SW_HIDE ); // hide ConsoleWindow...
  251.  
  252.  
  253. while( D3D9 == NULL )
  254. {
  255. D3D9 = GetModuleHandleA( "d3d9.dll" );
  256. Sleep( 100 );
  257. }
  258.  
  259. D3DPRESENT_PARAMETERS D3D_PP = {0};
  260. IDirect3D9 * (WINAPI *oDirect3DCreate9)(UINT SDKVersion);
  261.  
  262.  
  263. *(PDWORD)&oDirect3DCreate9 = (DWORD)GetProcAddress( D3D9, "Direct3DCreate9" );
  264.  
  265. _cprintf( "Direct3DCreate9\n" );
  266. pD3D = oDirect3DCreate9( D3D_SDK_VERSION );
  267.  
  268. D3D_PP.Windowed = TRUE;
  269. D3D_PP.SwapEffect = D3DSWAPEFFECT_DISCARD;
  270. D3D_PP.BackBufferFormat = D3DFMT_UNKNOWN;
  271.  
  272. _cprintf( "CreateDevice\n" );
  273. pD3D->CreateDevice( D3DADAPTER_DEFAULT, D3DDEVTYPE_HAL,ConsoleWindow, D3DCREATE_SOFTWARE_VERTEXPROCESSING, &D3D_PP, &pDev );
  274.  
  275. PDWORD VTABLE = *(DWORD**)pDev;
  276.  
  277. dwEndscene_hook = VTABLE[42] + 0x2A;
  278. dwEndscene_ret = dwEndscene_hook + 0x0A;
  279. dwDIP_hook = VTABLE[82] + 0x2D;
  280. dwDIP_ret = dwDIP_hook + 0x7;
  281. dwReset_hook = VTABLE[16] + 165;
  282. dwReset_ret = dwReset_hook + 0x7;
  283.  
  284. *(PDWORD)&pDrawIPrim = (DWORD)VTABLE[82];
  285.  
  286. _cprintf( "Jump\n" );
  287. Jump( (DWORD)dwEndscene_hook, (DWORD)MyEndscene );
  288. Jump( (DWORD)dwDIP_hook, (DWORD)MyDIP );
  289. Jump( (DWORD)dwReset_hook, (DWORD)MyReset );
  290.  
  291. _cprintf( "Done\n" );
  292. Sleep( 400 );
  293. pDev->Release( );
  294. pD3D->Release( );
  295. FreeConsole( );
  296. }
  297.  
  298. VOID Jump( DWORD Address, DWORD Your_Detour )
  299. {
  300. VirtualProtect( (LPVOID)Address, 5, PAGE_EXECUTE_READWRITE, &Old );
  301.  
  302. *(PBYTE)Address = (BYTE)0xE9;
  303. *(PDWORD)(Address + 1) = ( Your_Detour - Address - 5) ;
  304. VirtualProtect( (LPVOID)Address, 5, Old, &Old );
  305. }
  306.  
  307. BOOL WINAPI DllMain( HINSTANCE hModule, DWORD dwReason, LPVOID lpvReserved )
  308. {
  309. if( dwReason == DLL_PROCESS_ATTACH )
  310. {
  311. DisableThreadLibraryCalls( hModule );
  312. AllocConsole( );
  313. _cprintf( "Ready\n" );
  314. CreateThread( NULL, NULL, (LPTHREAD_START_ROUTINE)
  315. GETD3D, NULL, NULL, NULL);
  316. }
  317. return TRUE;
  318. }
Um Links zu sehen, musst du dich registrieren

Download WarZ v1.0 simple hack

__________________

Hallo