Author Topic: [TUT] Combat arms hotkey Hack  (Read 1014 times)

0 Members and 1 Guest are viewing this topic.

jihad11

  • Online Villain
  • ***
  • Posts: 106
  • Im a bot DING DONG
    • View Profile
[TUT] Combat arms hotkey Hack
« on: March 22, 2011, 03:48:16 am »
Its from the vip section from ghbsys i just wanted to share it with ya guys ;) would be nice if u can give me +Rep for it.. then i will may upload more tutorials..
Its made by Karzil



Hey guys my friend Shehwaz posted this on Gsys so I decided to share it with you guys O.o (With his permission of course)


Ok assuming you already know how to code a auto on hack from codernevers tutorial this should be a walk in the park.

1.To start things off.You should already have visual C++ installed and the latest frameworks.I myself love to use Visual Express C++ 2010 because it points out more errors than 2008.

2.Ok so if your making your hack from codernevers base you need to know what to update after every patch for it to work.

First of all change this:
Code: [Select]
#include <windows.h>
bool IsGameReadyForHook()
{
if( GetModuleHandleA( "d3d9.dll" ) != NULL
&& GetModuleHandleA( "ClientFX.fxd" ) != NULL
&& GetModuleHandleA( "CShell.dll"   ) != NULL )
return true;
return false;
}
void __cdecl PushToConsole( const char* szCommand )
{
DWORD *LTClient = ( DWORD* )( 0x3778BFB0 );
void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x208 );
__asm
{
push szCommand;
call CONoff;
add esp, 4;
}
}
To This:
Code: [Select]
#include <windows.h>

bool IsGameReadyForHook()
{
if( GetModuleHandleA( "d3d9.dll" ) != NULL
&& GetModuleHandleA( "ClientFX.fxd" ) != NULL
&& GetModuleHandleA( "CShell.dll"   ) != NULL )
return true;
return false;
}
void __cdecl PushToConsole( const char* szCommand )
{
DWORD *LTClient = ( DWORD* )( 0x377E7810 );
DWORD CNADDIE = 0x46F670;
void* Send = ( void* )*( DWORD* )(CNADDIE);
void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x208 );
__asm
{
push szCommand;
call CONoff;
add esp,4;
}
}
That will make your hotkey base undetected.I updated the ltc and Alt ptc addie for you .

3.Ok so now for the hotkeys.Go to this site and look at the virtual key codes.Virtual Key Codes.

Hotkey Example:
Code: [Select]
if(GetAsyncKeyState(VK_NUMPAD1)&1){//This is what a regular PTC command should look like.
chams = !chams;
}
if(chams){
PushToConsole("SkelModelStencil 1");
} else {
PushToConsole("SkelModelStencil 0");
}
No Recoil Example:
Code: [Select]
if(GetAsyncKeyState(VK_NUMPAD6)&1){//Just like No Spread.No Recoil is the same way except it has addresses/Bytes unlike No Spread.
recoil = !recoil;
}
if(recoil){//
memcpy((LPVOID)0x3741B550, "\x90\x90\x90", 3);//You will have to update these your self.Drake has a thread posted.Thank him for his hardwork and thank me :D.
memcpy((LPVOID)0x3740BAA9, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B564, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B567, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B570, "\x90\x90\x90", 3);
} else {
memcpy((LPVOID)0x3741B550, "\xD8\x66\x54", 3);
memcpy((LPVOID)0x3740BAA9, "\xD9\x46\x54", 3);
memcpy((LPVOID)0x3741B564, "\xD9\x5E\x54", 3);
memcpy((LPVOID)0x3741B567, "\xD9\x46\x48", 3);
memcpy((LPVOID)0x3741B570, "\xD9\x5E\x48", 3);

}
Any PTC Command that has many codes:
Code: [Select]
if(GetAsyncKeyState(VK_NUMPAD5)&1){//This is a no spread command.It has many codes and this is what it looks like.
spread = !spread;
}
if(spread){//
PushToConsole("PerturbRotationEffect  0.000000");
PushToConsole("PerturbIncreaseSpeed 0.000000");
PushToConsole("PerturbWalkPercent 0.000000");
PushToConsole("PerturbFiringIncreaseSpeed 0.000000");
} else {
PushToConsole("PerturbRotationEffect 3.000000");
PushToConsole("PerturbIncreaseSpeed 3.000000");
PushToConsole("PerturbDecreaseSpeed 9.000000");
PushToConsole("PerturbWalkPercent 0.500000");
}
4.Adding the NOP Function
Nop Function:
Code: [Select]
bool Memoria( void * pDest, char * szPatch, size_t sSize )//NOP Function
{
DWORD dwOrgProtect = NULL;
if ( !VirtualProtect ( pDest, sSize, PAGE_EXECUTE_READWRITE, &dwOrgProtect ))
return FALSE;

memcpy( pDest, szPatch, sSize );
VirtualProtect( pDest, sSize, dwOrgProtect, NULL );
return TRUE;
}
Put that all the way at the bottom of your whole code.

5.Compile and have fun.This is what your whole source should look like.

Code: [Select]
#include <windows.h>

bool IsGameReadyForHook()
{
if( GetModuleHandleA( "d3d9.dll" ) != NULL
&& GetModuleHandleA( "ClientFX.fxd" ) != NULL
&& GetModuleHandleA( "CShell.dll"   ) != NULL )
return true;
return false;
}
void __cdecl PushToConsole( const char* szCommand )
{
DWORD *LTClient = ( DWORD* )( 0x377E7810 );
DWORD CNADDIE = 0x46F670;
void* Send = ( void* )*( DWORD* )(CNADDIE);
void* CONoff = ( void* )*( DWORD* )( *LTClient + 0x208 );
__asm
{
push szCommand;
call CONoff;
add esp,4;
}
}
void main()
{

while(!IsGameReadyForHook()){ Sleep(200); }

bool chams = false;
bool spread = false;
bool recoil = false;
while(true)
{

//
if(GetAsyncKeyState(VK_NUMPAD1)&1){//This is what a regular PTC command should look like.
chams = !chams;
}
if(chams){
PushToConsole("SkelModelStencil 1");
} else {
PushToConsole("SkelModelStencil 0");
}

if(GetAsyncKeyState(VK_NUMPAD5)&1){//This is a no spread command.It has many codes and this is what it looks like.
spread = !spread;
}
if(spread){//
PushToConsole("PerturbRotationEffect  0.000000");
PushToConsole("PerturbIncreaseSpeed 0.000000");
PushToConsole("PerturbWalkPercent 0.000000");
PushToConsole("PerturbFiringIncreaseSpeed 0.000000");
} else {
PushToConsole("PerturbRotationEffect 3.000000");
PushToConsole("PerturbIncreaseSpeed 3.000000");
PushToConsole("PerturbDecreaseSpeed 9.000000");
PushToConsole("PerturbWalkPercent 0.500000");
}

if(GetAsyncKeyState(VK_NUMPAD6)&1){//Just like No Spread.No Recoil is the same way except it has addresses/Bytes unlike No Spread.
recoil = !recoil;
}
if(recoil){//
memcpy((LPVOID)0x3741B550, "\x90\x90\x90", 3);//You will have to update these your self.Drake has a thread posted.Thank him for his hardwork and thank me :D.
memcpy((LPVOID)0x3740BAA9, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B564, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B567, "\x90\x90\x90", 3);
memcpy((LPVOID)0x3741B570, "\x90\x90\x90", 3);
} else {
memcpy((LPVOID)0x3741B550, "\xD8\x66\x54", 3);
memcpy((LPVOID)0x3740BAA9, "\xD9\x46\x54", 3);
memcpy((LPVOID)0x3741B564, "\xD9\x5E\x54", 3);
memcpy((LPVOID)0x3741B567, "\xD9\x46\x48", 3);
memcpy((LPVOID)0x3741B570, "\xD9\x5E\x48", 3);

}


Sleep(50);
}
}
DWORD WINAPI dwHackThread(LPVOID)
{
while( !IsGameReadyForHook() )
Sleep(100);
main();
return 0;
}
BOOL WINAPI DllMain ( HMODULE hDll, DWORD dwReason, LPVOID lpReserved )
{
DisableThreadLibraryCalls(hDll);
if ( dwReason == DLL_PROCESS_ATTACH )
{
system("start http://forum.gordonsys.net/index.php");
}
{CreateThread(NULL, NULL, dwHackThread, NULL, NULL, NULL);
}
return TRUE;
}
bool Memoria( void * pDest, char * szPatch, size_t sSize )//NOP Function
{
DWORD dwOrgProtect = NULL;
if ( !VirtualProtect ( pDest, sSize, PAGE_EXECUTE_READWRITE, &dwOrgProtect ))
return FALSE;

memcpy( pDest, szPatch, sSize );
VirtualProtect( pDest, sSize, dwOrgProtect, NULL );
return TRUE;
}

//IF YOU USE THIS CODE IT WAS MY SHEHWAZ FROM GSYS


MrMedic

  • MasstKer
  • ********
  • Posts: 8900
  • programmer/dev/software engineer
    • View Profile
Re: [TUT] Combat arms hotkey Hack
« Reply #1 on: March 22, 2011, 03:09:03 pm »
good work thanks for shareing +1
« Last Edit: March 22, 2011, 03:15:18 pm by MrMedic »
EnCoded Message: i3iy9yl8kr2xf3g2Txs3pr6ye3ya7jg5ty2z

https://www.youtube.com/watch?v=62_7-AYfdkQ
you need a paypal account for the private versions.

Website:
http://bit.ly/medic101

Teamspeak 3: 85.236.101.5:10157

jihad11

  • Online Villain
  • ***
  • Posts: 106
  • Im a bot DING DONG
    • View Profile
Re: [TUT] Combat arms hotkey Hack
« Reply #2 on: March 22, 2011, 06:30:36 pm »
Np i'll share some more tuts with the TKC community..